Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trend Micro Hijackthis,Need help!


  • This topic is locked This topic is locked
48 replies to this topic

#1 jancisrrr

jancisrrr

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 05 April 2012 - 07:33 PM

Hi, I just have an error every time I am trying to search something my Google Chrome says this !

"Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?"

So I Ran scan on "HiJackThis" applications, and its says to post on this forum, so someone can help me.
Can someone help me please? :)
Thank you

This is what came out after scan


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:14:57 AM, on 4/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Tildes Birojs 2008\Pianists.exe
C:\Program Files\Tildes Birojs 2008\mdiction.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.122.22.162:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2008\IEjosla.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2008\IEjosla.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pianists] "C:\Program Files\Tildes Birojs 2008\Pianists.exe" /START
O4 - HKLM\..\Run: [mdiction] "C:\Program Files\Tildes Birojs 2008\mdiction.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\My Documents\FrostWire\Saved\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [svcdotnet] C:\WINDOWS\svcdotnet\svcdotnet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Media\vista_sound_register.inf (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - res://C:\Program Files\Tildes Birojs 2008\TDVLauncher.DLL /201
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2332F216-B287-44C9-9FAD-41687691EA6F}: NameServer = 85.255.64.2,85.255.65.2
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ?????? Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ?????? Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 11449 bytes

Edited by boopme, 05 April 2012 - 07:50 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 05 April 2012 - 11:29 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jancisrrr

jancisrrr
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 08 April 2012 - 03:56 PM

.
I hope this is the right place to post it. Thanks for your help!

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by askdkfnsdkl at 21:49:00 on 2012-04-08
Microsoft Windows XP Professional 5.1.2600.3.1257.371.1033.18.955.357 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Tildes Birojs 2008\Pianists.exe
C:\Program Files\Tildes Birojs 2008\mdiction.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 195.122.22.162:3128
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Tildes Birojs: {1e6700f0-0f85-40fd-8022-7eb60ab46f10} - c:\program files\tildes birojs 2008\IEjosla.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Tildes Birojs: {1e6700f0-0f85-40fd-8022-7eb60ab46f10} - c:\program files\tildes birojs 2008\IEjosla.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ClocX] c:\program files\clocx\ClocX.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Pianists] "c:\program files\tildes birojs 2008\Pianists.exe" /START
mRun: [mdiction] "c:\program files\tildes birojs 2008\mdiction.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [QuickTime Task] "c:\program files\qt lite\QTTask.exe" -atboottime
mRun: [svcdotnet] c:\windows\svcdotnet\svcdotnet.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [vista_sound_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 c:\windows\media\vista_sound_register.inf
dRunOnce: [aero_cursor_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 c:\windows\cursors\aero cursors\aero_cursor_register.inf
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Tulkot ar Tildes Datorvārdnīcu - c:\program files\tildes birojs 2008\TDVLauncher.DLL /201
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{07085F7D-A413-4ADD-B25B-3DE6A0BE8446} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2332F216-B287-44C9-9FAD-41687691EA6F} : NameServer = 85.255.64.2,85.255.65.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
IFEO: notepad.exe - "c:\program files\notepad2\Notepad2.exe" /z
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\askdkfnsdkl\application data\mozilla\firefox\profiles\2wdo1i63.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=8c0e9d6300000000000000234e168228
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&babsrc=adbartrp&mntrId=8c0e9d6300000000000000234e168228&q=
FF - prefs.js: network.proxy.ftp - 195.122.22.162
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 195.122.22.162
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 195.122.22.162
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 195.122.22.162
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 195.122.22.162
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\opera\program\plugins\NPDocBox.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: I Want This: crossriderapp2258@crossrider.com - %profile%\extensions\crossriderapp2258@crossrider.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 8c0e9d6300000000000000234e168228
FF - user.js: extensions.BabylonToolbar_i.hardId - 8c0e9d6300000000000000234e168228
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15408
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:24:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110004
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 iastor86;iastor86;c:\windows\system32\drivers\iastor86.sys [2009-4-1 327192]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-4 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-4 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-4 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-4 74640]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2010-3-15 9216]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-16 109568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253600]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-12-13 113280]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-12-13 100736]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2010-11-25 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2010-11-25 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2010-11-25 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2010-11-25 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2010-11-25 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2010-11-25 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2010-11-25 123504]
.
=============== Created Last 30 ================
.
2012-04-05 12:10:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-05 12:10:20 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-04-05 11:58:33 388096 ----a-r- c:\documents and settings\askdkfnsdkl\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-05 11:58:32 -------- d-----w- c:\program files\Trend Micro
2012-04-04 18:35:09 -------- d-----w- c:\documents and settings\askdkfnsdkl\application data\Avira
2012-04-04 17:32:24 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-04 17:29:33 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-04 17:29:33 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-04 17:29:28 -------- d-----w- c:\program files\Avira
2012-04-04 17:29:28 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-04-04 17:23:16 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 14:52:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-22 19:12:12 4435968 -c--a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-04-06 00:43:49 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2012-04-04 17:32:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 14:52:20 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2012-02-02 14:57:40 83448 ----a-w- c:\windows\system32\CddbLangJA.dll
2012-02-02 14:57:40 808440 ----a-w- c:\windows\system32\CDDBUI.dll
2012-02-02 14:57:40 796152 ----a-w- c:\windows\system32\CDDBControl.dll
2012-02-02 14:57:40 169464 ----a-w- c:\windows\system32\CddbLangRU.dll
2012-02-02 14:57:40 103928 ----a-w- c:\windows\system32\CddbLangFR.dll
2012-02-02 14:57:40 103928 ----a-w- c:\windows\system32\CddbLangES.dll
2012-02-02 14:57:40 103928 ----a-w- c:\windows\system32\CddbLangDE.dll
2009-05-15 20:56:52 7944992 ----a-w- c:\program files\Firefox Setup 3.0.10.exe
2009-05-08 14:20:40 3030204 -c--a-w- c:\program files\15504_DCPlusPlus-0.705.exe
.
============= FINISH: 21:49:40.96 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 12:30:05 PM
System Uptime: 4/8/2012 9:45:18 PM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Genuine Intel® CPU T1600 @ 1.66GHz | CPU | 1662/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 48 GiB total, 17.982 GiB free.
D: is FIXED (NTFS) - 101 GiB total, 34.429 GiB free.
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/21/2012 10:37:00 PM - Removed Samsung AllShare
RP2: 3/23/2012 2:12:18 PM - System Checkpoint
RP3: 3/24/2012 5:16:56 PM - System Checkpoint
RP4: 3/27/2012 4:46:57 PM - System Checkpoint
RP5: 3/28/2012 5:58:35 PM - System Checkpoint
RP6: 3/30/2012 1:21:37 AM - System Checkpoint
RP7: 3/31/2012 3:05:30 PM - System Checkpoint
RP8: 4/1/2012 8:14:21 PM - System Checkpoint
RP9: 4/3/2012 3:51:36 PM - Removed Java™ 6 Update 29
RP10: 4/4/2012 4:13:51 PM - System Checkpoint
RP11: 4/5/2012 12:58:32 PM - Installed HiJackThis
RP12: 4/6/2012 1:39:43 AM - Removed Apple Mobile Device Support
RP13: 4/6/2012 1:43:38 AM - Removed Ralink Wireless LAN
RP14: 4/7/2012 1:57:42 AM - System Checkpoint
RP15: 4/8/2012 2:39:16 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
7-Zip 4.65
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Ask Toolbar
µTorrent
Avira Free Antivirus
ClocX (1.5b2)
Compatibility Pack for the 2007 Office system
Complitly
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
DealPly
Google Chrome
Google Earth
Google SketchUp 8
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Update
I Want This
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 31
LightScribe 1.4.109.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.28)
MSVCRT Redists
Nero Suite
Notepad2 (modified)
PDF Settings
Picasa 3
PokerStars
PokerStars.net
QT Lite 2.7.0
QuickTime
Real Alternative 1.8.4
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sereby's Updatepack - IE8 Addon Version 1.0.2
Skype Click to Call
Skype™ 5.5
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
The Sims 2
Tildes Birojs 2008
Vegas Movie Studio HD Platinum 11.0
VLC media player 1.0.2
Vodafone Mobile Connect Lite
WebFldrs XP
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Movie Maker 2.0
Winferno Registry Power Cleaner
WinRAR 4.00 beta 4 (32-bit)
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
4/5/2012 8:15:25 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
4/1/2012 7:15:12 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.64 with the system having network hardware address 18:87:96:59:A2:70. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 08 April 2012 - 04:36 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jancisrrr

jancisrrr
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 09 April 2012 - 09:40 AM

Hi mate!
Its just doesnt work that way, it says. "It can take up 10 min .... bla bla bla bla " and then comes " T was unexpected at this time" and nothing interesting happens. I did wait for hour but nothing still happened. :(
Anything else i Should do?

#6 jancisrrr

jancisrrr
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 09 April 2012 - 10:33 AM

And I did Everything as you sad!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 09 April 2012 - 01:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jancisrrr

jancisrrr
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 09 April 2012 - 03:09 PM

Hey Gringo, I did everything as you sad, so here comes results

This is report from tdskiller


20:25:33.0203 1448 TDTCP - ok
20:25:34.0406 1448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:25:34.0421 1448 TermDD - ok
20:25:35.0593 1448 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:25:35.0609 1448 TermService - ok
20:25:36.0703 1448 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
20:25:36.0703 1448 Themes - ok
20:25:37.0812 1448 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:25:37.0843 1448 TlntSvr - ok
20:25:39.0015 1448 TosIde - ok
20:25:40.0125 1448 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:25:40.0156 1448 TrkWks - ok
20:25:41.0406 1448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:25:41.0421 1448 Udfs - ok
20:25:42.0671 1448 ultra - ok
20:25:43.0890 1448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:25:43.0921 1448 Update - ok
20:25:45.0046 1448 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:25:45.0093 1448 upnphost - ok
20:25:46.0156 1448 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:25:46.0171 1448 UPS - ok
20:25:47.0359 1448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:25:47.0390 1448 usbccgp - ok
20:25:48.0687 1448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:25:48.0718 1448 usbehci - ok
20:25:49.0921 1448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:25:49.0953 1448 usbhub - ok
20:25:51.0156 1448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:25:51.0171 1448 usbscan - ok
20:25:52.0390 1448 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:25:52.0406 1448 usbstor - ok
20:25:53.0640 1448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:25:53.0671 1448 usbuhci - ok
20:25:54.0906 1448 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:25:54.0921 1448 usbvideo - ok
20:25:56.0125 1448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:25:56.0140 1448 VgaSave - ok
20:25:57.0328 1448 ViaIde - ok
20:25:57.0515 1448 VMCService (ab71fdeafaa11fffd18378553d8ef8ad) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
20:25:57.0531 1448 VMCService - ok
20:25:58.0765 1448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:25:58.0796 1448 VolSnap - ok
20:25:59.0890 1448 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:25:59.0937 1448 VSS - ok
20:26:01.0015 1448 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:26:01.0046 1448 W32Time - ok
20:26:02.0250 1448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:26:02.0265 1448 Wanarp - ok
20:26:03.0484 1448 WDICA - ok
20:26:04.0687 1448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:26:04.0718 1448 wdmaud - ok
20:26:05.0781 1448 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:26:05.0812 1448 WebClient - ok
20:26:07.0015 1448 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:26:07.0093 1448 winachsf - ok
20:26:08.0296 1448 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:26:08.0328 1448 winmgmt - ok
20:26:09.0468 1448 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
20:26:09.0500 1448 WmdmPmSN - ok
20:26:10.0609 1448 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:26:10.0640 1448 Wmi - ok
20:26:11.0843 1448 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:26:11.0859 1448 WmiAcpi - ok
20:26:13.0093 1448 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:26:13.0125 1448 WmiApSrv - ok
20:26:13.0234 1448 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:26:13.0328 1448 WMPNetworkSvc - ok
20:26:14.0578 1448 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:26:14.0609 1448 WpdUsb - ok
20:26:15.0812 1448 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:26:15.0828 1448 WS2IFSL - ok
20:26:17.0015 1448 wscsvc - ok
20:26:18.0234 1448 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:26:18.0250 1448 WSTCODEC - ok
20:26:19.0421 1448 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll
20:26:19.0500 1448 wuauserv - ok
20:26:20.0750 1448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:26:20.0781 1448 WudfPf - ok
20:26:21.0968 1448 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:26:22.0000 1448 WudfRd - ok
20:26:23.0125 1448 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:26:23.0156 1448 WudfSvc - ok
20:26:24.0265 1448 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:26:24.0296 1448 WZCSVC - ok
20:26:25.0406 1448 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:26:25.0531 1448 xmlprov - ok
20:26:25.0593 1448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:26:25.0828 1448 \Device\Harddisk0\DR0 - ok
20:26:25.0828 1448 Boot (0x1200) (ade5aa85089394ffe76e875ac3782fe3) \Device\Harddisk0\DR0\Partition0
20:26:25.0828 1448 \Device\Harddisk0\DR0\Partition0 - ok
20:26:25.0843 1448 Boot (0x1200) (dd68e52c498ff8341d17f22ec0f3c1a6) \Device\Harddisk0\DR0\Partition1
20:26:25.0843 1448 \Device\Harddisk0\DR0\Partition1 - ok
20:26:25.0843 1448 ============================================================
20:26:25.0843 1448 Scan finished
20:26:25.0843 1448 ============================================================
20:26:25.0859 3800 Detected object count: 0
20:26:25.0859 3800 Actual detected object count: 0

and here is the other one....

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 20:27:55
-----------------------------
20:27:55.531 OS Version: Windows 5.1.2600 Service Pack 3
20:27:55.531 Number of processors: 2 586 0xF0D
20:27:55.531 ComputerName: HOME-HPG60 UserName:
20:27:56.031 Initialize success
20:33:03.203 AVAST engine defs: 12040901
20:43:26.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:43:26.750 Disk 0 Vendor: ST916031 HP07 Size: 152627MB BusType: 3
20:43:26.765 Disk 0 MBR read successfully
20:43:26.765 Disk 0 MBR scan
20:43:26.906 Disk 0 Windows XP default MBR code
20:43:26.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49630 MB offset 63
20:43:26.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102994 MB offset 101643255
20:43:27.031 Disk 0 scanning sectors +312576705
20:43:27.234 Disk 0 scanning C:\WINDOWS\system32\drivers
20:43:43.171 Service scanning
20:44:03.187 Modules scanning
20:44:12.062 Disk 0 trace - called modules:
20:44:12.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
20:44:12.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8616b9c0]
20:44:12.093 3 CLASSPNP.SYS[f7610fd7] -> nt!IofCallDriver -> \Device\00000066[0x8614b320]
20:44:12.093 5 ACPI.sys[f74a7620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86141028]
20:44:12.703 AVAST engine scan C:\WINDOWS
20:44:39.828 AVAST engine scan C:\WINDOWS\system32
20:49:08.218 AVAST engine scan C:\WINDOWS\system32\drivers
20:49:19.953 AVAST engine scan C:\Documents and Settings\askdkfnsdkl
20:53:50.468 AVAST engine scan C:\Documents and Settings\All Users
20:55:04.375 Scan finished successfully
21:03:18.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\askdkfnsdkl\Desktop\MBR.dat"
21:03:18.000 The log file has been saved successfully to "C:\Documents and Settings\askdkfnsdkl\Desktop\aswMBR.txt"


During the aswMBR san my Avira Antivirus software found something here is the report from that

Avira Free Antivirus
Report file date: 9 ?????? 2012 ?. 20:45

Scanning for 3601038 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-HPG60

Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 2012.01.31. 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 2012.01.31. 07:56:54
AVSCAN.DLL : 12.1.0.18 54224 Bytes 2012.01.31. 07:57:27
LUKE.DLL : 12.1.0.19 68304 Bytes 2012.01.31. 07:57:02
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 2012.01.31. 07:56:54
AVREG.DLL : 12.1.0.36 229128 Bytes 2012.04.07. 15:11:22
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009.11.06. 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010.12.14. 07:57:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 2011.12.20. 07:57:20
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2012.02.01. 15:10:38
VBASE004.VDF : 7.11.26.44 4329472 Bytes 2012.03.28. 15:10:52
VBASE005.VDF : 7.11.26.45 2048 Bytes 2012.03.28. 15:10:52
VBASE006.VDF : 7.11.26.46 2048 Bytes 2012.03.28. 15:10:52
VBASE007.VDF : 7.11.26.47 2048 Bytes 2012.03.28. 15:10:53
VBASE008.VDF : 7.11.26.48 2048 Bytes 2012.03.28. 15:10:53
VBASE009.VDF : 7.11.26.49 2048 Bytes 2012.03.28. 15:10:54
VBASE010.VDF : 7.11.26.50 2048 Bytes 2012.03.28. 15:10:54
VBASE011.VDF : 7.11.26.51 2048 Bytes 2012.03.28. 15:10:54
VBASE012.VDF : 7.11.26.52 2048 Bytes 2012.03.28. 15:10:55
VBASE013.VDF : 7.11.26.53 2048 Bytes 2012.03.28. 15:10:55
VBASE014.VDF : 7.11.26.107 221696 Bytes 2012.03.30. 15:10:56
VBASE015.VDF : 7.11.26.179 224768 Bytes 2012.04.02. 15:10:57
VBASE016.VDF : 7.11.26.241 142336 Bytes 2012.04.04. 15:10:58
VBASE017.VDF : 7.11.27.41 247808 Bytes 2012.04.08. 21:01:01
VBASE018.VDF : 7.11.27.42 2048 Bytes 2012.04.08. 21:01:01
VBASE019.VDF : 7.11.27.43 2048 Bytes 2012.04.08. 21:01:01
VBASE020.VDF : 7.11.27.44 2048 Bytes 2012.04.08. 21:01:02
VBASE021.VDF : 7.11.27.45 2048 Bytes 2012.04.08. 21:01:02
VBASE022.VDF : 7.11.27.46 2048 Bytes 2012.04.08. 21:01:02
VBASE023.VDF : 7.11.27.47 2048 Bytes 2012.04.08. 21:01:02
VBASE024.VDF : 7.11.27.48 2048 Bytes 2012.04.08. 21:01:03
VBASE025.VDF : 7.11.27.49 2048 Bytes 2012.04.08. 21:01:03
VBASE026.VDF : 7.11.27.50 2048 Bytes 2012.04.08. 21:01:03
VBASE027.VDF : 7.11.27.51 2048 Bytes 2012.04.08. 21:01:03
VBASE028.VDF : 7.11.27.52 2048 Bytes 2012.04.08. 21:01:04
VBASE029.VDF : 7.11.27.53 2048 Bytes 2012.04.08. 21:01:04
VBASE030.VDF : 7.11.27.54 2048 Bytes 2012.04.08. 21:01:04
VBASE031.VDF : 7.11.27.56 2048 Bytes 2012.04.08. 21:01:05
Engineversion : 8.2.10.38
AEVDF.DLL : 8.1.2.2 106868 Bytes 2012.01.31. 07:56:42
AESCRIPT.DLL : 8.1.4.16 446842 Bytes 2012.04.07. 15:11:19
AESCN.DLL : 8.1.8.2 131444 Bytes 2012.04.07. 15:11:18
AESBX.DLL : 8.2.5.5 606579 Bytes 2012.04.07. 15:11:20
AERDL.DLL : 8.1.9.15 639348 Bytes 2012.01.31. 07:56:42
AEPACK.DLL : 8.2.16.9 807287 Bytes 2012.04.07. 15:11:17
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 2012.04.07. 15:11:16
AEHEUR.DLL : 8.1.4.12 4604278 Bytes 2012.04.07. 15:11:15
AEHELP.DLL : 8.1.19.1 254327 Bytes 2012.04.07. 15:11:08
AEGEN.DLL : 8.1.5.23 409973 Bytes 2012.04.07. 15:11:07
AEEXP.DLL : 8.1.0.28 82292 Bytes 2012.04.07. 15:11:20
AEEMU.DLL : 8.1.3.0 393589 Bytes 2012.01.31. 07:56:38
AECORE.DLL : 8.1.25.6 201078 Bytes 2012.04.07. 15:11:06
AEBB.DLL : 8.1.1.0 53618 Bytes 2012.01.31. 07:56:38
AVWINLL.DLL : 12.1.0.17 27344 Bytes 2012.01.31. 07:56:55
AVPREF.DLL : 12.1.0.17 51920 Bytes 2012.01.31. 07:56:53
AVREP.DLL : 12.1.0.17 179408 Bytes 2012.01.31. 07:56:53
AVARKT.DLL : 12.1.0.23 209360 Bytes 2012.01.31. 07:56:49
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 2012.01.31. 07:56:50
SQLITE3.DLL : 3.7.0.0 398288 Bytes 2012.01.31. 07:57:08
AVSMTP.DLL : 12.1.0.17 62928 Bytes 2012.01.31. 07:56:54
NETNT.DLL : 12.1.0.17 17104 Bytes 2012.01.31. 07:57:04
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 2012.01.31. 07:57:30
RCTEXT.DLL : 12.1.1.16 96208 Bytes 2012.01.31. 07:57:30

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4f82cea1\guard_slideup.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: 9 ?????? 2012 ?. 20:45

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'aswMBR.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'mdiction.exe' - '1' Module(s) have been scanned
Scan process 'Pianists.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\askdkfnsdkl\Local Settings\Temp\_avast4_\unp61666022.tmp'
C:\Documents and Settings\askdkfnsdkl\Local Settings\Temp\_avast4_\unp61666022.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\askdkfnsdkl\Local Settings\Temp\_avast4_\unp61666022.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d2998a8.qua'.


End of the scan: 9 ?????? 2012 ?. 20:45
Used time: 00:08 Minute(s)

The scan has been done completely.

0 Scanned directories
47 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
46 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes

Just wanted to ask you, are we moving further or we are still at the beginning point?
Thanks,

Janlo

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 09 April 2012 - 06:18 PM

You gave me a scan from avast (which I did not ask for) I need the report from aswMBR


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jancisrrr

jancisrrr
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 09 April 2012 - 06:53 PM

Here you go! :)
Just have a closer look, its over there under the tdsskiller report


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 20:27:55
-----------------------------
20:27:55.531 OS Version: Windows 5.1.2600 Service Pack 3
20:27:55.531 Number of processors: 2 586 0xF0D
20:27:55.531 ComputerName: HOME-HPG60 UserName:
20:27:56.031 Initialize success
20:33:03.203 AVAST engine defs: 12040901
20:43:26.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:43:26.750 Disk 0 Vendor: ST916031 HP07 Size: 152627MB BusType: 3
20:43:26.765 Disk 0 MBR read successfully
20:43:26.765 Disk 0 MBR scan
20:43:26.906 Disk 0 Windows XP default MBR code
20:43:26.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49630 MB offset 63
20:43:26.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102994 MB offset 101643255
20:43:27.031 Disk 0 scanning sectors +312576705
20:43:27.234 Disk 0 scanning C:\WINDOWS\system32\drivers
20:43:43.171 Service scanning
20:44:03.187 Modules scanning
20:44:12.062 Disk 0 trace - called modules:
20:44:12.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
20:44:12.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8616b9c0]
20:44:12.093 3 CLASSPNP.SYS[f7610fd7] -> nt!IofCallDriver -> \Device\00000066[0x8614b320]
20:44:12.093 5 ACPI.sys[f74a7620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86141028]
20:44:12.703 AVAST engine scan C:\WINDOWS
20:44:39.828 AVAST engine scan C:\WINDOWS\system32
20:49:08.218 AVAST engine scan C:\WINDOWS\system32\drivers
20:49:19.953 AVAST engine scan C:\Documents and Settings\askdkfnsdkl
20:53:50.468 AVAST engine scan C:\Documents and Settings\All Users
20:55:04.375 Scan finished successfully
21:03:18.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\askdkfnsdkl\Desktop\MBR.dat"
21:03:18.000 The log file has been saved successfully to "C:\Documents and Settings\askdkfnsdkl\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 09 April 2012 - 07:23 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jancisrrr

jancisrrr
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 09 April 2012 - 07:54 PM

Hello Gringo once again!
Here you go!




OTL logfile created on: 4/10/2012 1:30:01 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\askdkfnsdkl\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

955.12 Mb Total Physical Memory | 742.96 Mb Available Physical Memory | 77.79% Memory free
2.24 Gb Paging File | 1.86 Gb Available in Paging File | 83.04% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.47 Gb Total Space | 17.70 Gb Free Space | 36.52% Space Free | Partition Type: NTFS
Drive D: | 100.58 Gb Total Space | 35.21 Gb Free Space | 35.00% Space Free | Partition Type: NTFS

Computer Name: HOME-HPG60 | User Name: askdkfnsdkl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\askdkfnsdkl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Tildes Birojs 2008\MDICTION.EXE (SIA Tilde)
PRC - C:\Program Files\Tildes Birojs 2008\Pianists.exe (SIA Tilde)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wscsvc) -- %SYSTEMROOT%\system32\wscsvc.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (rt2870) -- system32\DRIVERS\rt2870.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\ASKDKF~1\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\WINDOWS\system32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdm) -- C:\WINDOWS\system32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\WINDOWS\system32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\WINDOWS\system32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (iastor86) -- C:\WINDOWS\System32\drivers\iastor86.sys (Intel Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110004&babsrc=SP_ss&mntrId=8c0e9d6300000000000000234e168228
IE - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 195.122.22.162:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=8c0e9d6300000000000000234e168228"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: crossriderapp2258@crossrider.com:0.80.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=110004&babsrc=adbartrp&mntrId=8c0e9d6300000000000000234e168228&q="
FF - prefs.js..network.proxy.backup.ftp: "159.148.155.117"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "159.148.155.117"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "159.148.155.117"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "159.148.155.117"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "195.122.22.162"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "195.122.22.162"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "195.122.22.162"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "195.122.22.162"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "195.122.22.162"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/24 21:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/24 21:47:00 | 000,000,000 | ---D | M]

[2011/05/30 17:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\askdkfnsdkl\Application Data\Mozilla\Extensions
[2012/04/04 17:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\askdkfnsdkl\Application Data\Mozilla\Firefox\Profiles\2wdo1i63.default\extensions
[2012/02/17 01:34:35 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\askdkfnsdkl\Application Data\Mozilla\Firefox\Profiles\2wdo1i63.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/02/17 01:34:31 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\askdkfnsdkl\Application Data\Mozilla\Firefox\Profiles\2wdo1i63.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/03/09 03:25:17 | 000,000,000 | ---D | M] ("I Want This") -- C:\Documents and Settings\askdkfnsdkl\Application Data\Mozilla\Firefox\Profiles\2wdo1i63.default\extensions\crossriderapp2258@crossrider.com
[2012/04/06 01:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\askdkfnsdkl\Application Data\Mozilla\Firefox\Profiles\2wdo1i63.default\extensions\ffxtlbr@babylon.com
[2012/04/04 17:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/19 21:06:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/12/06 18:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/16 19:22:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/12 16:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/04/03 15:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/03 15:52:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/04/03 15:52:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/09 03:24:41 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/11 14:54:46 | 000,000,908 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dict-enlv.xml
[2011/10/11 14:54:46 | 000,005,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\salidzinilv.xml
[2011/10/11 14:54:46 | 000,000,894 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sslv.xml
[2011/10/11 14:54:46 | 000,001,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-lv.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.3.1_0\
CHR - Extension: Turn Off the Lights = C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.80_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: DealPly = C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: I Want This = C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.17.43_0\

O1 HOSTS File: ([2009/04/15 08:57:34 | 000,312,184 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10750 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Tildes Birojs) - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2008\IEjosla.dll (SIA Tilde)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Tildes Birojs) - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2008\IEjosla.dll (SIA Tilde)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [mdiction] C:\Program Files\Tildes Birojs 2008\mdiction.exe (SIA Tilde)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [Pianists] C:\Program Files\Tildes Birojs 2008\Pianists.exe (SIA Tilde)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [svcdotnet] C:\WINDOWS\svcdotnet\svcdotnet.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe (BonSoft)
O4 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1715567821-1177238915-1801674531-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - C:\Program Files\Tildes Birojs 2008\TDVLauncher.DLL ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07085F7D-A413-4ADD-B25B-3DE6A0BE8446}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2332F216-B287-44C9-9FAD-41687691EA6F}: NameServer = 85.255.64.2,85.255.65.2
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 12:23:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 01:25:56 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\askdkfnsdkl\Desktop\OTL.exe
[2012/04/09 20:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\askdkfnsdkl\Desktop\New Folder (2)
[2012/04/09 20:18:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\askdkfnsdkl\Desktop\aswMBR.exe
[2012/04/09 20:17:37 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\askdkfnsdkl\Desktop\tdsskiller.exe
[2012/04/09 15:26:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/09 14:52:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/09 14:49:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/09 14:49:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/09 14:49:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/09 14:49:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/09 14:49:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/09 14:49:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 14:48:19 | 004,453,212 | R--- | C] (Swearware) -- C:\Documents and Settings\askdkfnsdkl\Desktop\ComboFix.exe
[2012/04/09 00:24:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\askdkfnsdkl\Recent
[2012/04/08 21:49:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\askdkfnsdkl\Start Menu\Programs\Administrative Tools
[2012/04/07 16:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/07 16:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/04/05 13:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/05 13:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/04/05 12:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\askdkfnsdkl\Start Menu\Programs\HiJackThis
[2012/04/05 12:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/04 19:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\askdkfnsdkl\Application Data\Avira
[2012/04/04 18:32:24 | 004,125,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/04/04 18:29:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/04/04 18:29:33 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/04/04 18:29:33 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/04/04 18:29:33 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/04/04 18:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/04/04 18:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/04/04 18:23:16 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/03 15:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\askdkfnsdkl\Desktop\New Folder
[2012/04/03 15:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/03 15:52:44 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/03 15:52:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/03 15:52:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/03 15:52:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/22 20:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2012/03/21 23:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\EA Games
[2012/03/20 21:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\askdkfnsdkl\Desktop\Kanarijas
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 01:26:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\askdkfnsdkl\Desktop\OTL.exe
[2012/04/09 22:23:40 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/04/09 21:03:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\MBR.dat
[2012/04/09 20:19:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\askdkfnsdkl\Desktop\aswMBR.exe
[2012/04/09 20:17:43 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\askdkfnsdkl\Desktop\tdsskiller.exe
[2012/04/09 14:52:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/09 14:50:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C6B948A7-8704-4F4D-AA9D-76B6D37FF8C3}.job
[2012/04/09 14:46:42 | 004,453,212 | R--- | M] (Swearware) -- C:\Documents and Settings\askdkfnsdkl\Desktop\ComboFix.exe
[2012/04/09 14:32:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/09 14:27:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1177238915-1801674531-500UA.job
[2012/04/09 14:26:01 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 13:27:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1177238915-1801674531-500Core.job
[2012/04/09 13:01:41 | 000,441,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/09 13:01:41 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/09 12:57:41 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 12:57:41 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegPowerClean.job
[2012/04/09 12:57:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2012/04/09 12:56:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/08 21:44:12 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\askdkfnsdkl\defogger_reenable
[2012/04/08 20:44:59 | 000,049,412 | ---- | M] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\1230340601_905.jpg
[2012/04/08 18:09:06 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Tilde automatic update.job
[2012/04/08 00:34:31 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyUpdate.job
[2012/04/07 16:08:48 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/04/07 16:07:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/07 15:28:23 | 000,067,874 | ---- | M] () -- D:\Jancis\es un marta.JPG
[2012/04/07 15:24:19 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 02:42:28 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\HiJackThis.lnk
[2012/04/07 01:17:15 | 000,402,129 | ---- | M] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\boeing-747-8-intercontinental.jpg
[2012/04/06 13:22:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RPCReminder.job
[2012/04/06 02:04:51 | 000,107,062 | ---- | M] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\Boeing-747-B-18208.jpg
[2012/04/06 01:43:49 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/04/05 14:02:47 | 000,000,525 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/04/04 18:32:31 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/04 18:32:31 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/04 18:32:24 | 004,125,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/04/03 15:52:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/03 15:52:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/03 15:52:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/03 15:52:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/03 15:52:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/25 16:28:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/22 20:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 21:03:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\MBR.dat
[2012/04/09 14:52:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/09 14:52:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/09 14:49:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/09 14:49:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/09 14:49:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/09 14:49:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/09 14:49:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/08 21:43:54 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\askdkfnsdkl\defogger_reenable
[2012/04/08 20:44:58 | 000,049,412 | ---- | C] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\1230340601_905.jpg
[2012/04/07 15:27:32 | 000,067,874 | ---- | C] () -- D:\Jancis\es un marta.JPG
[2012/04/07 01:17:52 | 000,402,129 | ---- | C] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\boeing-747-8-intercontinental.jpg
[2012/04/06 02:04:55 | 000,107,062 | ---- | C] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\Boeing-747-B-18208.jpg
[2012/04/05 14:02:45 | 000,000,525 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/04/05 12:58:33 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\askdkfnsdkl\Desktop\HiJackThis.lnk
[2012/04/04 18:29:46 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/04/04 18:23:16 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/01/16 23:32:15 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/11/11 22:43:46 | 000,001,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\svcdotnet.inc
[2011/11/11 22:42:30 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\svcdotnet.cfg
[2011/06/13 18:39:56 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\askdkfnsdkl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 17:24:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/12 18:35:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fkl.dat
[2011/01/09 15:00:44 | 000,106,692 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.inc

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B85E5267
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 09 April 2012 - 08:19 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B85E5267
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1   
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [svcdotnet] C:\WINDOWS\svcdotnet\svcdotnet.exe File not found
    O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=8c0e9d6300000000000000234e168228"
    FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
    FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=110004&babsrc=adbartrp&mntrId=8c0e9d6300000000000000234e168228&q="
    [2012/04/06 01:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\askdkfnsdkl\Application Data\Mozilla\Firefox\Profiles\2wdo1i63.default\extensions\ffxtlbr@babylon.com
    [2012/03/09 03:24:41 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jancisrrr

jancisrrr
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 09 April 2012 - 08:28 PM

Heyo!
Here you go!
It did not ask to reboot!
Hopefully something interesting happened! ;)


========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B85E5267 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svcdotnet deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=8c0e9d6300000000000000234e168228" removed from browser.startup.homepage
Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems
Prefs.js: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1 removed from extensions.enabledItems
Prefs.js: "http://search.babylon.com/?AF=110004&babsrc=adbartrp&mntrId=8c0e9d6300000000000000234e168228&q=" removed from keyword.URL
C:\Documents and Settings\askdkfnsdkl\Application Data\Mozilla\Firefox\Profiles\2wdo1i63.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\askdkfnsdkl\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\askdkfnsdkl\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: askdkfnsdkl
->Java cache emptied: 44193409 bytes

User: Default User

User: Guest

User: LocalService

User: NetworkService

Total Java Files Cleaned = 42.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: askdkfnsdkl
->Flash cache emptied: 132655 bytes

User: Default User

User: Guest

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04102012_022636

#15 jancisrrr

jancisrrr
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 09 April 2012 - 08:35 PM

Sorry!
Computer is ok, you cant feel anything different, but when you go online, google.com and search for something its still says..And its anoying, everytime i search it asks me to enter the word.

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

IP address: 195.122.22.162
Time: 2012-04-10T01:29:37Z
URL: http://www.google.com/search?hl=en&output=search&sclient=psy-ab&q=manas&oq=manas&aq=f&aqi=g10&aql=&gs_l=hp.3..0l10.5602l6101l1l8005l5l5l0l0l0l0l344l1194l0j1j3j1l5l0.frgbld.&psj=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=1366&bih=681&ech=1&psi=74yDT9W6JqSL4gT1mezJCA.13340

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users