This topic is lockedEdited by pearce15, 21 October 2008 - 09:54 AM.
Unable to connect to internet after AVG removed trojans [RESOLVED]
Started by
pearce15
, Oct 16 2008 10:25 PM
#16
Posted 21 October 2008 - 09:54 AM
pearce15
- Topic Starter
-
- Member
-
- 65 posts
Member
#17
Posted 21 October 2008 - 11:44 AM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello pearce15,
Sorry about the delay.
Please try this:
Go to Start > Run and copy and past the contents of the code box below then click enter
Post the result back here.
Sorry about the delay.
Please try this:
Go to Start > Run and copy and past the contents of the code box below then click enter
%windir%\fixmbr \device\harddisk0
Post the result back here.
#18
Posted 22 October 2008 - 05:52 AM
pearce15
- Topic Starter
-
- Member
-
- 65 posts
Member
Hi emeraldnzl,
the error msg says that
"Windows cannot find 'E:WINDOWS\fixmbr'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."
what do I do now?
the error msg says that
"Windows cannot find 'E:WINDOWS\fixmbr'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."
what do I do now?
#19
Posted 22 October 2008 - 12:08 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello pearce15,
Something funny going on there.
Firstly, we would like to know what is happening with that OTMoveIt3 report.
See if you can post it again. If that doesn't work I wonder if you can upload the log here as an attachment.
To attach a file, do the following:
* Click Add Reply
* Under the reply panel is the Attachments Editor
* Browse to find the attachment file you want to upload, highlight the file by clicking once on it, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* On the left you will see a icon like a letter with a little green cross on it. Please click on that and it should upload to the thread.
Now
Lets try this.
Please go to Start > Run.
Copy and past the contents of the code box below and click enter.
After that
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Something funny going on there.
Firstly, we would like to know what is happening with that OTMoveIt3 report.
See if you can post it again. If that doesn't work I wonder if you can upload the log here as an attachment.
To attach a file, do the following:
* Click Add Reply
* Under the reply panel is the Attachments Editor
* Browse to find the attachment file you want to upload, highlight the file by clicking once on it, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* On the left you will see a icon like a letter with a little green cross on it. Please click on that and it should upload to the thread.
Now
Lets try this.
Please go to Start > Run.
Copy and past the contents of the code box below and click enter.
"%windir%\mbr" -f
After that
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
#20
Posted 22 October 2008 - 10:54 PM
pearce15
- Topic Starter
-
- Member
-
- 65 posts
Member
Hi, I hope you can open the OTMoveIt log file as I have compressed and attached it here.
10212008_113858.log.zip 827bytes
112 downloads
Will post the Dr Web Curit report in the next post.
10212008_113858.log.zip 827bytes
112 downloadsWill post the Dr Web Curit report in the next post.
#21
Posted 23 October 2008 - 12:07 AM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Thanks pearce15,
Worked like a charm.
I have taken the liberty of posting it in the forum.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\\ deleted successfully.
========== COMMANDS ==========
File delete failed. E:\DOCUME~1\Chris\LOCALS~1\Temp\~DFB824.tmp scheduled to be deleted on reboot.
File delete failed. E:\DOCUME~1\Chris\LOCALS~1\Temp\~DFB9AC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_113858
Files moved on Reboot...
File E:\DOCUME~1\Chris\LOCALS~1\Temp\~DFB824.tmp not found!
File E:\DOCUME~1\Chris\LOCALS~1\Temp\~DFB9AC.tmp not found!
File move failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
Worked like a charm.
I have taken the liberty of posting it in the forum. ========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\\ deleted successfully.
========== COMMANDS ==========
File delete failed. E:\DOCUME~1\Chris\LOCALS~1\Temp\~DFB824.tmp scheduled to be deleted on reboot.
File delete failed. E:\DOCUME~1\Chris\LOCALS~1\Temp\~DFB9AC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_113858
Files moved on Reboot...
File E:\DOCUME~1\Chris\LOCALS~1\Temp\~DFB824.tmp not found!
File E:\DOCUME~1\Chris\LOCALS~1\Temp\~DFB9AC.tmp not found!
File move failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
#23
Posted 23 October 2008 - 01:14 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
I have converted this to a text file and posted in the thread.
Process in memory: E:\WINDOWS\system32\services.exe:596;;BackDoor.MaosBoot;Eradicated.;
ComboFix.exe\32788R22FWJFW\C.bat;E:\Documents and Settings\Chris\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;E:\Documents and Settings\Chris\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;E:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
SDFix.exe\SDFix\apps\Process.exe;E:\Documents and Settings\Chris\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;E:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
A0093303.bat;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP218;Probably BATCH.Virus;;
A0093502.bat;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP219;Probably BATCH.Virus;;
A0093568.EXE;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP219;Program.PsExec.170;;
A0094012.exe\32788R22FWJFW\C.bat;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222\A0094012.exe;Probably BATCH.Virus;;
A0094012.exe\32788R22FWJFW\psexec.cfexe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222\A0094012.exe;Program.PsExec.171;;
A0094012.exe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222;Archive contains infected objects;Moved.;
A0094013.exe\SDFix\apps\Process.exe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222\A0094013.exe;Tool.Prockill;;
A0094013.exe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222;Archive contains infected objects;Moved.;
Process.exe;E:\SDFix\apps;Tool.Prockill;;
A0049727.exe\data035;F:\System Volume Information\_restore{C86FD520-6A04-431D-A872-56F2FBB59345}\RP209\A0049727.exe;Adware.SaveNow;;
A0049727.exe\data036;F:\System Volume Information\_restore{C86FD520-6A04-431D-A872-56F2FBB59345}\RP209\A0049727.exe;Adware.NewDotNet;;
A0049727.exe\data037;F:\System Volume Information\_restore{C86FD520-6A04-431D-A872-56F2FBB59345}\RP209\A0049727.exe;Program.ProxyOSS;;
A0049727.exe;F:\System Volume Information\_restore{C86FD520-6A04-431D-A872-56F2FBB59345}\RP209;Archive contains infected objects;Moved.;
2EP_T06.xls;F:\Misc docs;W97M.Marker;Cured.;
Process in memory: E:\WINDOWS\system32\services.exe:596;;BackDoor.MaosBoot;Eradicated.;
ComboFix.exe\32788R22FWJFW\C.bat;E:\Documents and Settings\Chris\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;E:\Documents and Settings\Chris\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;E:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
SDFix.exe\SDFix\apps\Process.exe;E:\Documents and Settings\Chris\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;E:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
A0093303.bat;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP218;Probably BATCH.Virus;;
A0093502.bat;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP219;Probably BATCH.Virus;;
A0093568.EXE;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP219;Program.PsExec.170;;
A0094012.exe\32788R22FWJFW\C.bat;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222\A0094012.exe;Probably BATCH.Virus;;
A0094012.exe\32788R22FWJFW\psexec.cfexe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222\A0094012.exe;Program.PsExec.171;;
A0094012.exe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222;Archive contains infected objects;Moved.;
A0094013.exe\SDFix\apps\Process.exe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222\A0094013.exe;Tool.Prockill;;
A0094013.exe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP222;Archive contains infected objects;Moved.;
Process.exe;E:\SDFix\apps;Tool.Prockill;;
A0049727.exe\data035;F:\System Volume Information\_restore{C86FD520-6A04-431D-A872-56F2FBB59345}\RP209\A0049727.exe;Adware.SaveNow;;
A0049727.exe\data036;F:\System Volume Information\_restore{C86FD520-6A04-431D-A872-56F2FBB59345}\RP209\A0049727.exe;Adware.NewDotNet;;
A0049727.exe\data037;F:\System Volume Information\_restore{C86FD520-6A04-431D-A872-56F2FBB59345}\RP209\A0049727.exe;Program.ProxyOSS;;
A0049727.exe;F:\System Volume Information\_restore{C86FD520-6A04-431D-A872-56F2FBB59345}\RP209;Archive contains infected objects;Moved.;
2EP_T06.xls;F:\Misc docs;W97M.Marker;Cured.;
#24
Posted 23 October 2008 - 01:27 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello again pearce15,
Time to have another look at what is going on in your machine. Also please tell me how your computer is working now. Can you get internet connection for example?
Time to have another look at what is going on in your machine. Also please tell me how your computer is working now. Can you get internet connection for example?
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, a log will open. Please post the contents of log.txt back here.
#25
Posted 23 October 2008 - 08:03 PM
pearce15
- Topic Starter
-
- Member
-
- 65 posts
Member
Hi there,
my internet connection is still limited to my outlook express and online messenging. Upon launching my browsers (firefox and IE), they cannot navigate out of the home pages.
Here is my RSIT log txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Chris at 2008-10-24 09:58:09
Microsoft Windows XP Professional Service Pack 2, v.2096
System drive E: has 3 GB (17%) free of 19 GB
Total RAM: 1023 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:24 AM, on 10/24/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\cryptainersrv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Misc installers\Protection tools\Eraser\Eraser.exe
E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Outlook Express\msimn.exe
E:\Documents and Settings\Chris\Desktop\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Chris.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....y...=us&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Eraser] C:\Misc installers\Protection tools\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199678078437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - E:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8974 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2005-03-09 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-03-09 131072]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - E:\WINDOWS\System32\msdxm.ocx [2004-03-12 843802]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"=E:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-22 94208]
"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ATIPTA"=E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-01 335872]
"NeroFilterCheck"=E:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Easy-PrintToolBox"=E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"ZoneAlarm Client"=E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-11-14 919016]
"WinPatrol"=E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-01-25 316728]
"AVG8_TRAY"=E:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-02 1234712]
"QuickTime Task"=E:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"POINTER"=point32.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=E:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"PlaxoUpdate"=E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe [2007-12-20 283207]
"SUPERAntiSpyware"=E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176]
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2007-08-31 1460560]
"Eraser"=C:\Misc installers\Protection tools\Eraser\Eraser.exe [2007-12-23 916240]
"Sony Ericsson PC Suite"=E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE
Acrobat Assistant.lnk - E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2003-10-28 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Misc installers\Limewire\LimeWire.exe"="C:\Misc installers\Limewire\LimeWire.exe:*:Enabled:LimeWire"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe"="E:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"E:\Program Files\AVG\AVG8\avgupd.exe"="E:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"E:\Program Files\AVG\AVG8\avgemc.exe"="E:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"E:\Program Files\MSN Messenger\MSNMSGR.EXE"="E:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Disabled:Messenger"
"E:\Documents and Settings\Chris\Local Settings\temp\7zS3.tmp\SymNRT.exe"="E:\Documents and Settings\Chris\Local Settings\temp\7zS3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - open - "E:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2008-10-24 09:44:00 ----D---- E:\WINDOWS\LastGood
2008-10-21 11:49:33 ----D---- E:\rsit
2008-10-21 11:38:58 ----D---- E:\_OTMoveIt
2008-10-21 11:25:29 ----D---- E:\WINDOWS\ERUNT
2008-10-21 11:14:58 ----D---- E:\SDFix
2008-10-21 09:43:44 ----D---- E:\WINDOWS\system32\PreInstall
2008-10-21 09:43:42 ----HD---- E:\WINDOWS\$NtUninstallKB898461$
2008-10-20 18:52:01 ----D---- E:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-20 10:35:39 ----A---- E:\WINDOWS\zip.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\VFIND.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\SWXCACLS.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\SWSC.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\SWREG.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\sed.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\NIRCMD.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\grep.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\fdsv.exe
2008-10-20 10:34:31 ----D---- E:\Qoobox
2008-10-16 13:11:26 ----A---- E:\WINDOWS\resetlog.txt
2008-10-06 11:48:17 ----D---- E:\Documents and Settings\Chris\Application Data\EBookSys
======List of files/folders modified in the last 1 months======
2008-10-24 00:33:22 ----A---- E:\WINDOWS\SchedLgU.Txt
2008-10-21 11:27:22 ----A---- E:\WINDOWS\ntbtlog.txt
2008-10-20 18:46:36 ----A---- E:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; E:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; E:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]
R1 intelppm;Intel Processor Driver; E:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-03-12 33792]
R1 SASDIFSV;SASDIFSV; \??\E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; E:\WINDOWS\System32\vsdatant.sys [2007-11-14 394952]
R2 AvgTdiX;AVG8 Network Redirector; E:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 ssoftnt4;ssoftnt4; \??\E:\WINDOWS\system32\Drivers\ssoftnt4.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; E:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-10-28 620032]
R3 GEARAspiWDM;GEARAspiWDM; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-20 9600]
R3 IPFilter;Microsoft IntelliPoint Features driver; E:\WINDOWS\System32\DRIVERS\IPFilter.sys [2002-04-12 11136]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; E:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-03-11 20992]
R3 SASENUM;SASENUM; \??\E:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-03-12 26624]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-03-12 57600]
R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver; E:\WINDOWS\System32\DRIVERS\netusbxp.sys [2002-02-20 72576]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-03-12 20480]
S1 KLIF;KLIF; E:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
S3 catchme;catchme; \??\E:\DOCUME~1\Chris\LOCALS~1\Temp\catchme.sys []
S3 GAGPDrv;GAGPDrv; E:\WINDOWS\system32\drivers\GAGPDrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; E:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-27 13352]
S3 ggsemc;SEMC USB Flash Driver; E:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-02-27 20520]
S3 gmer;gmer; E:\WINDOWS\System32\DRIVERS\gmer.sys [2008-01-07 70001]
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; E:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 22880]
S3 k750bus;Sony Ericsson 750 driver (WDM); E:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; E:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; E:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; E:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; E:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mbr;mbr; \??\E:\DOCUME~1\Chris\LOCALS~1\Temp\mbr.sys []
S3 s117bus;Sony Ericsson Device 117 driver (WDM); E:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; E:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; E:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); E:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); E:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; E:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); E:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-03-12 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-03-12 15104]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-03-12 26624]
S3 Wdf01000;Wdf01000; E:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; E:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2003-10-28 376832]
R2 avg8emc;AVG8 E-mail Scanner; E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; E:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 ssoftservice;Cryptainer service; E:\WINDOWS\system32\cryptainersrv.exe [2007-01-24 74240]
R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; E:\WINDOWS\system32\ati2sgag.exe [2003-10-28 188416]
S2 vsmon;TrueVector Internet Monitor; E:\WINDOWS\system32\ZONELABS\vsmon.exe [2007-11-14 75304]
S3 Adobe LM Service;Adobe LM Service; E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-23 72704]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-15 654848]
S3 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 Macromedia Licensing Service;Macromedia Licensing Service; E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-10-14 68096]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; E:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
-----------------EOF-----------------
my internet connection is still limited to my outlook express and online messenging. Upon launching my browsers (firefox and IE), they cannot navigate out of the home pages.
Here is my RSIT log txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Chris at 2008-10-24 09:58:09
Microsoft Windows XP Professional Service Pack 2, v.2096
System drive E: has 3 GB (17%) free of 19 GB
Total RAM: 1023 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:24 AM, on 10/24/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\cryptainersrv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Misc installers\Protection tools\Eraser\Eraser.exe
E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Outlook Express\msimn.exe
E:\Documents and Settings\Chris\Desktop\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Chris.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....y...=us&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Eraser] C:\Misc installers\Protection tools\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199678078437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - E:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8974 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2005-03-09 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-03-09 131072]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - E:\WINDOWS\System32\msdxm.ocx [2004-03-12 843802]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"=E:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-22 94208]
"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ATIPTA"=E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-01 335872]
"NeroFilterCheck"=E:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Easy-PrintToolBox"=E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"ZoneAlarm Client"=E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-11-14 919016]
"WinPatrol"=E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-01-25 316728]
"AVG8_TRAY"=E:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-02 1234712]
"QuickTime Task"=E:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"POINTER"=point32.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=E:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"PlaxoUpdate"=E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe [2007-12-20 283207]
"SUPERAntiSpyware"=E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176]
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2007-08-31 1460560]
"Eraser"=C:\Misc installers\Protection tools\Eraser\Eraser.exe [2007-12-23 916240]
"Sony Ericsson PC Suite"=E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE
Acrobat Assistant.lnk - E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2003-10-28 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Misc installers\Limewire\LimeWire.exe"="C:\Misc installers\Limewire\LimeWire.exe:*:Enabled:LimeWire"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe"="E:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"E:\Program Files\AVG\AVG8\avgupd.exe"="E:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"E:\Program Files\AVG\AVG8\avgemc.exe"="E:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"E:\Program Files\MSN Messenger\MSNMSGR.EXE"="E:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Disabled:Messenger"
"E:\Documents and Settings\Chris\Local Settings\temp\7zS3.tmp\SymNRT.exe"="E:\Documents and Settings\Chris\Local Settings\temp\7zS3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - open - "E:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2008-10-24 09:44:00 ----D---- E:\WINDOWS\LastGood
2008-10-21 11:49:33 ----D---- E:\rsit
2008-10-21 11:38:58 ----D---- E:\_OTMoveIt
2008-10-21 11:25:29 ----D---- E:\WINDOWS\ERUNT
2008-10-21 11:14:58 ----D---- E:\SDFix
2008-10-21 09:43:44 ----D---- E:\WINDOWS\system32\PreInstall
2008-10-21 09:43:42 ----HD---- E:\WINDOWS\$NtUninstallKB898461$
2008-10-20 18:52:01 ----D---- E:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-20 10:35:39 ----A---- E:\WINDOWS\zip.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\VFIND.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\SWXCACLS.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\SWSC.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\SWREG.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\sed.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\NIRCMD.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\grep.exe
2008-10-20 10:35:39 ----A---- E:\WINDOWS\fdsv.exe
2008-10-20 10:34:31 ----D---- E:\Qoobox
2008-10-16 13:11:26 ----A---- E:\WINDOWS\resetlog.txt
2008-10-06 11:48:17 ----D---- E:\Documents and Settings\Chris\Application Data\EBookSys
======List of files/folders modified in the last 1 months======
2008-10-24 00:33:22 ----A---- E:\WINDOWS\SchedLgU.Txt
2008-10-21 11:27:22 ----A---- E:\WINDOWS\ntbtlog.txt
2008-10-20 18:46:36 ----A---- E:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; E:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; E:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]
R1 intelppm;Intel Processor Driver; E:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-03-12 33792]
R1 SASDIFSV;SASDIFSV; \??\E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; E:\WINDOWS\System32\vsdatant.sys [2007-11-14 394952]
R2 AvgTdiX;AVG8 Network Redirector; E:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 ssoftnt4;ssoftnt4; \??\E:\WINDOWS\system32\Drivers\ssoftnt4.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; E:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-10-28 620032]
R3 GEARAspiWDM;GEARAspiWDM; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-20 9600]
R3 IPFilter;Microsoft IntelliPoint Features driver; E:\WINDOWS\System32\DRIVERS\IPFilter.sys [2002-04-12 11136]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; E:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-03-11 20992]
R3 SASENUM;SASENUM; \??\E:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-03-12 26624]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-03-12 57600]
R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver; E:\WINDOWS\System32\DRIVERS\netusbxp.sys [2002-02-20 72576]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-03-12 20480]
S1 KLIF;KLIF; E:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
S3 catchme;catchme; \??\E:\DOCUME~1\Chris\LOCALS~1\Temp\catchme.sys []
S3 GAGPDrv;GAGPDrv; E:\WINDOWS\system32\drivers\GAGPDrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; E:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-27 13352]
S3 ggsemc;SEMC USB Flash Driver; E:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-02-27 20520]
S3 gmer;gmer; E:\WINDOWS\System32\DRIVERS\gmer.sys [2008-01-07 70001]
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; E:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 22880]
S3 k750bus;Sony Ericsson 750 driver (WDM); E:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; E:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; E:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; E:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; E:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mbr;mbr; \??\E:\DOCUME~1\Chris\LOCALS~1\Temp\mbr.sys []
S3 s117bus;Sony Ericsson Device 117 driver (WDM); E:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; E:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; E:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); E:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); E:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; E:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); E:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-03-12 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-03-12 15104]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-03-12 26624]
S3 Wdf01000;Wdf01000; E:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; E:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2003-10-28 376832]
R2 avg8emc;AVG8 E-mail Scanner; E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; E:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 ssoftservice;Cryptainer service; E:\WINDOWS\system32\cryptainersrv.exe [2007-01-24 74240]
R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; E:\WINDOWS\system32\ati2sgag.exe [2003-10-28 188416]
S2 vsmon;TrueVector Internet Monitor; E:\WINDOWS\system32\ZONELABS\vsmon.exe [2007-11-14 75304]
S3 Adobe LM Service;Adobe LM Service; E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-23 72704]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-15 654848]
S3 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 Macromedia Licensing Service;Macromedia Licensing Service; E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-10-14 68096]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; E:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
-----------------EOF-----------------
#26
Posted 23 October 2008 - 09:28 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello pearce15,
At first sight I am not seeing much in your logs now. Just a few old and now vunerable programs that we will deal with when/if we can resolve your internet access problem.
In this post we will try a system of elimination to see if you have a program conflict problem.
After each of these steps try to see if you have internet access. Note: You may have to reboot to reset the changes.
-----Step 1-----
Lets make sure your Windows Firewall disabled. If you are running two real time firewalls you will get conflict.
How to Disable Windows Firewall in Windows XP SP2 or SP3
1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.
-----Step 2-----
A lot of people have had difficulties after installing ZoneAlarm.
Please uninstall ZoneAlarm using the Windows Add/Remove Programs utility.
If that turns out not to be the problem and you want it back, you probably originally downloaded the program into a folder somewhere and you can just reinstall it from the download.
-----Step 3-----
AVG Resident Shield
You can disable Resident Protection from the AVG control panel. From memory you can right click and choose to disable. Come back and ask if you have difficulty here.
-----Step 4-----
Spybot Search and Destroy
Uninstall from the Add/Remove Programs utility.
Again if it turns out not to be the problem and you want it back, you probably originally downloaded the program into a folder somewhere and you can just reinstall it from the download.
-----Step 5-----
ERASER
Uninstall from the Add/Remove Programs utility.
Again if it turns out not to be the problem and you want it back, you probably originally downloaded the program into a folder somewhere and you can just reinstall it from the download.
Remember at each step try and see if your problem has resolved. If it has go no further. On the other hand keep going if it hasn't.
By the way don't reinstall after each step just leave that until, hopefully, you find the culprit.
We will however need to quickly get another firewall back in place if that is you problem. We will talk about that when the time comes.
Let me know the results.
At first sight I am not seeing much in your logs now. Just a few old and now vunerable programs that we will deal with when/if we can resolve your internet access problem.
In this post we will try a system of elimination to see if you have a program conflict problem.
After each of these steps try to see if you have internet access. Note: You may have to reboot to reset the changes.
-----Step 1-----
Lets make sure your Windows Firewall disabled. If you are running two real time firewalls you will get conflict.
How to Disable Windows Firewall in Windows XP SP2 or SP3
1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.
-----Step 2-----
A lot of people have had difficulties after installing ZoneAlarm.
Please uninstall ZoneAlarm using the Windows Add/Remove Programs utility.
If that turns out not to be the problem and you want it back, you probably originally downloaded the program into a folder somewhere and you can just reinstall it from the download.
-----Step 3-----
AVG Resident Shield
You can disable Resident Protection from the AVG control panel. From memory you can right click and choose to disable. Come back and ask if you have difficulty here.
-----Step 4-----
Spybot Search and Destroy
Uninstall from the Add/Remove Programs utility.
Again if it turns out not to be the problem and you want it back, you probably originally downloaded the program into a folder somewhere and you can just reinstall it from the download.
-----Step 5-----
ERASER
Uninstall from the Add/Remove Programs utility.
Again if it turns out not to be the problem and you want it back, you probably originally downloaded the program into a folder somewhere and you can just reinstall it from the download.
Remember at each step try and see if your problem has resolved. If it has go no further. On the other hand keep going if it hasn't.
By the way don't reinstall after each step just leave that until, hopefully, you find the culprit.
We will however need to quickly get another firewall back in place if that is you problem. We will talk about that when the time comes.
Let me know the results.
#27
Posted 23 October 2008 - 11:11 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello again pearce15,
One thing you must do once we are sure we have your machine clean is to change all your passwords and other banking information you have on that computer. It may also be appropriate to inform your financial institutions that your machine has been infected with a BackDoor.MaosBoot. This nasty infection specifically targets banking information.
Here is a link to tell you about it.
http://info.drweb.com/show/3301/en
In the meantime I would stay away from all financial transactions.
One thing you must do once we are sure we have your machine clean is to change all your passwords and other banking information you have on that computer. It may also be appropriate to inform your financial institutions that your machine has been infected with a BackDoor.MaosBoot. This nasty infection specifically targets banking information.
Here is a link to tell you about it.
http://info.drweb.com/show/3301/en
In the meantime I would stay away from all financial transactions.
#28
Posted 24 October 2008 - 04:18 AM
pearce15
- Topic Starter
-
- Member
-
- 65 posts
Member
Hey emeraldnzl,
for Step 1: still cannot browse the web/load pages.
Step 2: after I uninstalled Zonealarm: a serious msg appeared in a blue screen.
"STOP: c000021a {Fatal System Error}
The Windows SubSystem system process terminated unexpectedly with a status of 0xc0000005 (0x77cd252b 0x012ced04).
The system has been shut down."
After which I restarted my pc, it was ok starting up. I launched both IE and Firefox, both seems able to surf the web now.
Should I continue with the other steps?
for Step 1: still cannot browse the web/load pages.
Step 2: after I uninstalled Zonealarm: a serious msg appeared in a blue screen.
"STOP: c000021a {Fatal System Error}
The Windows SubSystem system process terminated unexpectedly with a status of 0xc0000005 (0x77cd252b 0x012ced04).
The system has been shut down."
After which I restarted my pc, it was ok starting up. I launched both IE and Firefox, both seems able to surf the web now.
Should I continue with the other steps?
#29
Posted 24 October 2008 - 02:11 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello again pearce15,
Nope, no need to go further. You have found the culprit.
Now we need to get a good firewall back in place.
Choose one from these that are free for personal use:I use Comodo. Like all firewalls it can be a bit of a pain for the first couple of weeks while it is learning your system after that though no problems.
Next
Your Java is out of date, older versions are vunerable to attack.
Please download JavaRa to your desktop and unzip it to its own folder
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.
Please go to the link below to update.
http://www.adobe.com.../readstep2.html
Finally in this post
Kaspersky works with Internet Explorer and Firefox 3.
Go to Kaspersky website and perform an online antivirus scan.
Should I continue with the other steps?
Nope, no need to go further. You have found the culprit.
Now we need to get a good firewall back in place.
Choose one from these that are free for personal use:I use Comodo. Like all firewalls it can be a bit of a pain for the first couple of weeks while it is learning your system after that though no problems.
Next
Your Java is out of date, older versions are vunerable to attack.
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.
Please go to the link below to update.
http://www.adobe.com.../readstep2.html
Finally in this post
Kaspersky works with Internet Explorer and Firefox 3.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
#30
Posted 25 October 2008 - 04:34 AM
pearce15
- Topic Starter
-
- Member
-
- 65 posts
Member
Hi again emeraldnzl,
not sure if the BackDoor.MaosBoot on my pc had been removed previously? since i m reading ur post yesterday, 01:11 PM
"Hello again pearce15,
One thing you must do once we are sure we have your machine clean is to change all your passwords and other banking information you have on that computer. It may also be appropriate to inform your financial institutions that your machine has been infected with a BackDoor.MaosBoot. This nasty infection specifically targets banking information.
Here is a link to tell you about it.
http://info.drweb.com/show/3301/en
In the meantime I would stay away from all financial transactions."
My PC seems fine now.
Here's the kaspersky report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2, v.2096 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 25, 2008 05:48:30
Records in database: 1344640
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 123982
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:10:36
File name / Threat name / Threats count
E:\Documents and Settings\Chris\DoctorWeb\Quarantine\A0049727.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
E:\Documents and Settings\Chris\DoctorWeb\Quarantine\A0049727.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
E:\Documents and Settings\Chris\DoctorWeb\Quarantine\A0049727.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.g 1
The selected area was scanned.
not sure if the BackDoor.MaosBoot on my pc had been removed previously? since i m reading ur post yesterday, 01:11 PM
"Hello again pearce15,
One thing you must do once we are sure we have your machine clean is to change all your passwords and other banking information you have on that computer. It may also be appropriate to inform your financial institutions that your machine has been infected with a BackDoor.MaosBoot. This nasty infection specifically targets banking information.
Here is a link to tell you about it.
http://info.drweb.com/show/3301/en
In the meantime I would stay away from all financial transactions."
My PC seems fine now.
Here's the kaspersky report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2, v.2096 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 25, 2008 05:48:30
Records in database: 1344640
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 123982
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:10:36
File name / Threat name / Threats count
E:\Documents and Settings\Chris\DoctorWeb\Quarantine\A0049727.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
E:\Documents and Settings\Chris\DoctorWeb\Quarantine\A0049727.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
E:\Documents and Settings\Chris\DoctorWeb\Quarantine\A0049727.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.g 1
The selected area was scanned.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
