Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ms2009virus and others

Started by hille005 , Apr 06 2009 04:59 PM

  • Please log in to reply

#1
hille005
Posted 06 April 2009 - 04:59 PM

hille005

    Member

  • Member
  • PipPip
  • 15 posts
I became infected with MS2009 virus (something to that effect). Ran AVG and it reported it could not remove a couple of items but did remove 11. Things worked okay for 24 hours. All symptoms reappeared. Ran AVG again, same results, ran Housecall, it reported that it removed malaware. I still notice redirecting. I can not use IE anymore, it will not connect to the internet. Firefox will but I see strange sites loading when I surf.
I read your all your instructions to do before posting and followed them. Attached are my logs. I appreciated the help.

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

4/6/2009 5:39:19 PM
mbam-log-2009-04-06 (17-39-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 127567
Time elapsed: 25 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTListIt logfile created on: 4/6/2009 5:45:41 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\dean2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

318.48 Mb Total Physical Memory | 105.63 Mb Available Physical Memory | 33.17% Memory free
775.52 Mb Paging File | 499.05 Mb Available in Paging File | 64.35% Paging File free
Paging file location(s): C:\pagefile.sys 480 960;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 22.27 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEAN-LAPTOP
Current User Name: Dean2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\TRENDnet\TEW-624UB_TEW-644UB\WlanCU.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\dean2\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (yzmiunvycnz [Auto | Stopped]) -- C:\Program Files\Common Files\boivijx.dll ()

========== Driver Services (SafeList) ==========

DRV - (aliadwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (FA312 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)
DRV - (HSFHWALI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (PRISM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\EXPRESS.sys (Intersil Americas Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rt2870 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rt2870.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (StreamDispatcher [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys (Conexant Systems, Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WLNdis50 [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\wlndis50.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/11/26 21:23:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/01/31 13:39:47 | 00,000,000 | ---D | M]

[2006/07/14 08:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dean2\Application Data\mozilla\Firefox\Profiles\7mcn4s4w.default\extensions
[2009/04/06 17:05:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/11/26 21:23:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/18 08:29:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/01/31 13:39:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/04/06 14:03:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2008/11/26 21:23:03 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/11/26 21:23:03 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/11/26 21:23:04 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/11/26 21:23:04 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/11/26 21:23:04 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/03/08 09:28:11 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/03/08 09:28:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/03/08 09:28:11 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/03/08 09:28:11 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/03/08 09:28:11 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/08 09:28:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TEW-624UB & TEW-644UB Manager.lnk = C:\Program Files\TRENDnet\TEW-624UB_TEW-644UB\WlanCU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1233419087499 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1233419063073 (MUWebControl Class)
O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} https://mscrm.demose.../proxy/srdp.cab (Surgient URA Remote Desktop Client)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view...View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.unitytools.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/06 17:43:27 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\dean2\Desktop\OTListIt2.exe
[2009/04/06 17:41:34 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/06 17:41:27 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\dean2\Desktop\Rooter.exe
[2009/04/06 15:56:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dean2\Application Data\Malwarebytes
[2009/04/06 15:56:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 15:56:43 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/06 15:56:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/06 15:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/06 15:55:58 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\dean2\Desktop\mbam-setup.exe
[2009/04/06 15:55:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/06 15:54:53 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\dean2\Desktop\NTREGOPT.lnk
[2009/04/06 15:54:53 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\dean2\Desktop\ERUNT.lnk
[2009/04/06 15:54:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/06 15:54:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\dean2\Desktop\erunt_setup.exe
[2009/04/06 15:20:40 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\dean2\Desktop\HijackThis.lnk
[2009/04/06 15:20:37 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/06 15:20:09 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\dean2\Desktop\HJTInstall.exe
[2009/04/06 14:38:39 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/04/06 14:09:44 | 02,348,416 | ---- | C] () -- C:\DOCUME~1\dean2\Desktop\FixDwndp.exe
[2009/04/06 10:26:01 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/06 09:33:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.gpref
[2009/04/06 09:15:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009/04/05 15:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/04/05 12:10:56 | 00,001,710 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TEW-624UB & TEW-644UB Manager.lnk
[2009/04/03 16:39:18 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\DOCUME~1\dean2\Desktop\setup-spybotsd162.exe
[2009/04/03 16:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/04/03 16:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/04/03 16:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/04/03 16:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/03 13:43:39 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/03 13:41:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/03 13:16:47 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\DOCUME~1\dean2\Desktop\avg_free_stf_en_85_285a1462.exe
[2009/04/03 12:39:23 | 00,033,792 | ---- | C] () -- C:\Program Files\Common Files\boivijx.dll
[2009/04/03 12:38:54 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe
[2009/03/26 21:41:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/26 21:41:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/26 21:41:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/25 11:25:44 | 02,823,680 | ---- | C] () -- C:\DOCUME~1\dean2\My Documents\doll.doc
[2009/03/24 16:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dean2\Local Settings\Application Data\view22
[2009/03/24 15:45:36 | 01,706,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/03/24 15:45:33 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2009/03/24 15:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\View22
[2009/01/24 21:13:26 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2007/04/04 07:15:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2007/03/01 13:42:22 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\nets12.dll
[2006/08/04 08:26:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/06/21 08:28:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/15 18:27:54 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/03/31 07:00:00 | 00,000,672 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/06 17:43:08 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\dean2\Desktop\OTListIt2.exe
[2009/04/06 17:41:23 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\dean2\Desktop\Rooter.exe
[2009/04/06 16:47:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/06 16:47:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/06 16:46:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/06 15:56:43 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/06 15:56:06 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\dean2\Desktop\mbam-setup.exe
[2009/04/06 15:54:53 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\dean2\Desktop\NTREGOPT.lnk
[2009/04/06 15:54:53 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\dean2\Desktop\ERUNT.lnk
[2009/04/06 15:54:28 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\dean2\Desktop\erunt_setup.exe
[2009/04/06 15:20:41 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\dean2\Desktop\HijackThis.lnk
[2009/04/06 15:20:08 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\dean2\Desktop\HJTInstall.exe
[2009/04/06 14:37:39 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/06 14:09:51 | 02,348,416 | ---- | M] () -- C:\DOCUME~1\dean2\Desktop\FixDwndp.exe
[2009/04/06 13:51:49 | 00,000,672 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/06 13:51:49 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/06 13:51:49 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/06 12:31:02 | 00,348,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 09:33:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.gpref
[2009/04/06 09:15:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009/04/06 05:44:35 | 00,000,576 | ---- | M] () -- C:\DOCUME~1\dean2\Desktop\KQRS-FM.url
[2009/04/06 01:41:30 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0CB1A2D-F889-42DB-9DC3-4C48EBB94B03}.job
[2009/04/03 16:42:50 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\DOCUME~1\dean2\Desktop\setup-spybotsd162.exe
[2009/04/03 13:43:39 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/03 13:29:41 | 63,049,904 | ---- | M] (AVG Technologies) -- C:\DOCUME~1\dean2\Desktop\avg_free_stf_en_85_285a1462.exe
[2009/04/03 12:39:32 | 00,033,792 | ---- | M] () -- C:\Program Files\Common Files\boivijx.dll
[2009/04/03 12:38:46 | 00,008,704 | -H-- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/03/27 05:39:59 | 00,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/27 05:39:59 | 00,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/27 05:39:58 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/26 21:34:38 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 11:25:46 | 02,823,680 | ---- | M] () -- C:\DOCUME~1\dean2\My Documents\doll.doc
[2009/03/25 11:23:58 | 00,002,521 | ---- | M] () -- C:\DOCUME~1\dean2\Desktop\Microsoft Office Outlook 2003 (2).lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 1150 bytes -> C:\DOCUME~1\dean2\Desktop\Internet Explorer Yahoo.url:favicon
< End of report >

OTListIt Extras logfile created on: 4/6/2009 5:45:41 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Documents and Settings\dean2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

318.48 Mb Total Physical Memory | 105.63 Mb Available Physical Memory | 33.17% Memory free
775.52 Mb Paging File | 499.05 Mb Available in Paging File | 64.35% Paging File free
Paging file location(s): C:\pagefile.sys 480 960;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 22.27 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEAN-LAPTOP
Current User Name: Dean2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:dll32
"7171:TCP" = 7171:TCP:*:Enabled:dll32

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard (Microsoft Corporation)
C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax File not found
C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax File not found
C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager File not found
C:\Documents and Settings\dean2\Local Settings\Temporary Internet Files\Content.IE5\QI43U6JQ\incredimail_install[1].exe:*:Enabled:IncrediMail Installer File not found
C:\Documents and Settings\dean2\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{69F8C206-F767-438C-B3CE-705AA97F7AAB}" = TEW-624UB & TEW-644UB
"{6E1D54D7-47EB-11D5-AE90-00D0590FFE27}" = HP Wireless LAN
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.14)" = Mozilla Firefox (2.0.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2009 2:28:14 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2009 2:32:33 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2009 2:32:48 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2009 2:49:00 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2009 2:51:28 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2009 3:01:46 PM | Computer Name = DEAN-LAPTOP | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 4/6/2009 3:24:36 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2009 3:24:44 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2009 5:47:04 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2009 5:47:29 PM | Computer Name = DEAN-LAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 4/6/2009 4:49:30 PM | Computer Name = DEAN-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The TCP/IP NetBIOS Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/6/2009 4:49:30 PM | Computer Name = DEAN-LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Remote Registry service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 4/6/2009 4:49:30 PM | Computer Name = DEAN-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The SSDP Discovery Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/6/2009 4:49:30 PM | Computer Name = DEAN-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The WebClient service terminated unexpectedly. It has done this 1
time(s).

Error - 4/6/2009 5:10:12 PM | Computer Name = DEAN-LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2009 5:47:03 PM | Computer Name = DEAN-LAPTOP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain OFFICE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/6/2009 5:47:27 PM | Computer Name = DEAN-LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/6/2009 5:48:01 PM | Computer Name = DEAN-LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2009 6:03:03 PM | Computer Name = DEAN-LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2009 6:33:04 PM | Computer Name = DEAN-LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

Advertisements

#2
hille005
Posted 07 April 2009 - 05:58 AM

hille005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I can get IE to connect to the internet now but I still have the virus.

AVG is, however, still reporting to me occasionally that I have a trojan in the system32\userinit.ext file. it sasy Trojan Horse downloader generic and there are three of them, now there are four of them! It just popped up again.. They are "white listed". it is still there. I tell AVG to remove but it doesn't .

Please help me get rid of the virus.

Edited by hille005, 07 April 2009 - 09:06 AM.

  • 0

#3
hille005
Posted 07 April 2009 - 02:18 PM

hille005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
AVG ran again and found this:"C:\WINDOWS\system32\userinit.exe";"Trojan horse Downloader.Generic_r.DT";"Object is white-listed (critical/system file that should not be removed)"
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP