Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse adload & many others

Started by saniya8987 , Aug 02 2009 06:20 PM

  • Please log in to reply

#1
saniya8987
Posted 02 August 2009 - 06:20 PM

saniya8987

    Member

  • Member
  • PipPip
  • 20 posts
Hi,

A few weeks ago my AVG anti-virus found a Trojan on my computer during a scan. I attempted to heal it and move it to the vault like I usually do however since then a few different Trojans have been found on my laptop by AVG. The initial Trojan found was Trojan horse small.BOG and last night a new Trojan was found on my laptop and that is Trojan horse injector.FB. Since then I have been unable to update AVG as every time it attempts to do so it fails to connect to the internet despite there being a excellent connection. Along with being unable to update AVG I have been unable to install all of the scanning programs and anti-virus programs. Every time I attempt to install any of the recommended programs and I go to the website to download the program, I am unable to go to the page as it just says that there is no internet connection. Since then I have tried to install any firewall or defending program available.

I have previously had a few problems with my laptop and last year I had to get it fixed, my hard drive had to be sectioned due to some corruption.

System Info:
AMD Turion 64X2 Mobile at 1.6GHz
896MB RAM
Window XP Service Pack 3

I would greatly appreciate any help that you can give, or any recommendations. When I had it previously fixed last year I was told that I should get a new internal hard drive as the current sectioned one may stop working at any time.

I was also unable to run some of the programs requested in the introductory section.

Sorry and thank you for any help that you can give.

I have the OTL results;

OTL logfile created on: 03/08/2009 00:28:39 - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Saniya\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.04 Mb Total Physical Memory | 377.27 Mb Available Physical Memory | 42.20% Memory free
2.11 Gb Paging File | 1.67 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.44 Gb Total Space | 6.50 Gb Free Space | 27.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 83.46 Gb Total Space | 83.39 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-786
Current User Name: Saniya
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/04/04 22:52:38 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/04/19 20:34:26 | 00,764,672 | ---- | M] () -- C:\Program Files\BufferZone\CLNTSVC.EXE
PRC - [2009/04/19 20:33:40 | 00,081,920 | ---- | M] () -- C:\Program Files\BufferZone\BZRPCSS.EXE
PRC - [2009/04/19 20:33:38 | 00,086,016 | ---- | M] () -- C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE
PRC - [2006/04/04 22:52:38 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/14 01:12:19 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/08/01 23:19:08 | 00,157,184 | ---- | M] () -- C:\WINDOWS\msa.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/01/19 18:54:25 | 00,200,704 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/02 09:38:58 | 00,188,416 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/12/09 19:40:16 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009/04/19 20:34:10 | 03,265,664 | ---- | M] () -- C:\Program Files\BufferZone\CLIENTGUI.EXE
PRC - [2008/12/09 19:40:16 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/08/02 14:47:47 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/02 14:47:43 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/02 23:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/08/05 14:56:32 | 00,256,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:32 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/01/27 17:33:58 | 00,060,984 | ---- | M] () -- C:\WINDOWS\System32\o2flash.exe
PRC - [2009/08/02 14:47:57 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/02 14:47:57 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/02 14:47:57 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2006/03/03 22:03:10 | 00,090,112 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/08/01 23:19:05 | 00,159,232 | ---- | M] () -- C:\Documents and Settings\Saniya\Local Settings\Temp\c.exe
PRC - [2009/08/03 00:26:31 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saniya\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/09 19:40:16 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2008/12/09 19:40:16 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/04/04 22:52:38 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/08/02 14:47:43 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/04/19 20:34:26 | 00,764,672 | ---- | M] () -- C:\Program Files\BufferZone\CLNTSVC.EXE -- (BufferZoneSvc [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/08/05 14:56:32 | 00,256,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/06/29 16:54:34 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f8d1fce3bbaa [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,094,208 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/04/14 01:12:28 | 00,099,328 | ---- | M] () -- C:\Virtual\Untrusted\C_\WINDOWS\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
SRV - [2008/04/14 01:12:28 | 00,099,328 | ---- | M] () -- C:\Virtual\Untrusted\C_\WINDOWS\system32\msiexec.exe -- (MSIServer_Untrusted_BZ [On_Demand | Stopped])
SRV - [2005/01/27 17:33:58 | 00,060,984 | ---- | M] () -- C:\WINDOWS\System32\o2flash.exe -- (O2Flash [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/03/03 22:03:10 | 00,090,112 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2005/01/28 14:44:28 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2008/04/14 01:12:36 | 00,034,816 | ---- | M] () -- C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -- (winmgmt_Untrusted_BZ [Auto | Running])
SRV - [2008/04/14 01:12:36 | 00,034,816 | ---- | M] () -- C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -- (StiSvc_Untrusted_BZ [Auto | Stopped])
SRV - [2008/04/14 01:12:36 | 00,034,816 | ---- | M] () -- C:\Virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -- (ShellHWDetection_Untrusted_BZ [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://track.morenic...?w=155970&s=147
IE - URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...7&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/02 14:47:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/14 12:53:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/01 20:07:18 | 00,000,000 | ---D | M]

[2009/08/02 15:58:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\mozilla\Firefox\Profiles\og29x299.default\extensions
[2009/02/14 20:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\mozilla\Firefox\Profiles\og29x299.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/08/02 15:58:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/15 21:03:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/02 15:58:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\Access Privileges Test
[2009/01/19 18:49:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/02/15 21:03:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/02/15 21:03:01 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/02/15 21:03:01 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/02/15 21:03:02 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/02/15 21:03:05 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/02/15 21:03:05 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/04/30 17:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/12/11 01:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/02/15 21:03:24 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/01/19 18:54:38 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/14 12:53:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/14 12:53:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/14 12:53:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/14 12:53:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/14 12:53:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/14 12:53:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/14 12:53:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/01/19 18:54:49 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/01/19 18:54:32 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/02/15 21:03:31 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/15 21:03:31 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/28 00:49:37 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/02/15 21:03:32 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/15 21:03:32 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/15 21:03:32 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CBZurlmon Object) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll (Trustware)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\System32\msxml71.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [MSxmlHpr] C:\WINDOWS\System32\msxm192z.DLL (USA)
O4 - HKCU..\Run: [Monopod] C:\Documents and Settings\Saniya\Local Settings\Temp\c.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Saniya\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON FILES\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON FILES\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON FILES\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON FILES\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON FILES\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON FILES\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON FILES\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\COMMON FILES\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 04:25:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{04dfdf74-5b46-11de-a6be-00c0a8caa5a8}\Shell - "" = AutoRun
O33 - MountPoints2\{04dfdf74-5b46-11de-a6be-00c0a8caa5a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{04dfdf74-5b46-11de-a6be-00c0a8caa5a8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0ca4c2d6-fd29-11dd-a6ad-00c0a8caa5a8}\Shell\AutoRun\command - "" = q0dhfjf.exe
O33 - MountPoints2\{0ca4c2d6-fd29-11dd-a6ad-00c0a8caa5a8}\Shell\open\Command - "" = q0dhfjf.exe
O33 - MountPoints2\{76b3efeb-e7d9-11dd-a693-00c0a8caa5a8}\Shell\AutoRun\command - "" = F:\xn1i9x.com -- File not found
O33 - MountPoints2\{76b3efeb-e7d9-11dd-a693-00c0a8caa5a8}\Shell\explore\Command - "" = F:\xn1i9x.com -- File not found
O33 - MountPoints2\{76b3efeb-e7d9-11dd-a693-00c0a8caa5a8}\Shell\open\Command - "" = F:\xn1i9x.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/03 00:27:07 | 00,535,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Saniya\Desktop\OTL.exe
[2009/08/03 00:26:02 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/08/03 00:25:44 | 00,493,056 | ---- | C] ( ) -- C:\Documents and Settings\Saniya\Desktop\RootRepeal.exe
[2009/08/03 00:11:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\03-08-2009
[2009/08/03 00:10:15 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Saniya\Desktop\NTREGOPT.lnk
[2009/08/03 00:10:15 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Saniya\Desktop\ERUNT.lnk
[2009/08/03 00:10:10 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/03 00:08:33 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Saniya\Desktop\erunt_setup.exe
[2009/08/03 00:07:20 | 00,041,984 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Saniya\Desktop\SysRestorePoint.exe
[2009/08/02 23:54:37 | 00,288,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Saniya\Desktop\TFC.exe
[2009/08/02 23:41:57 | 00,000,450 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/08/02 23:41:57 | 00,000,364 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/08/02 23:41:54 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Saniya\Desktop\XoftSpySE.lnk
[2009/08/02 23:41:51 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2009/08/02 23:41:21 | 03,355,800 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Saniya\Desktop\XoftSpySE_Setup.exe
[2009/08/02 23:22:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPrimo
[2009/08/02 23:22:30 | 00,000,000 | ---D | C] -- C:\Program Files\GetPrimo
[2009/08/02 23:17:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saniya\Application Data\cft
[2009/08/02 23:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saniya\Application Data\pridl
[2009/08/02 14:48:31 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/02 14:48:31 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2009/08/02 14:48:30 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/02 14:48:23 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/02 14:48:21 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/02 14:48:04 | 32,964,803 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/02 14:48:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/02 14:48:04 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/02 14:48:04 | 00,088,982 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/02 14:48:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/02 02:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\AV Care
[2009/08/02 01:50:46 | 00,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/02 00:33:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BufferZone
[2009/08/02 00:33:29 | 00,000,000 | ---D | C] -- C:\Program Files\BUFFERZONE
[2009/08/02 00:30:14 | 10,443,776 | ---- | C] () -- C:\Documents and Settings\Saniya\Desktop\BufferZoneProXP.msi
[2009/08/01 23:45:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saniya\Application Data\AVG8
[2009/08/01 23:19:39 | 00,000,000 | ---D | C] -- C:\Program Files\Jcore
[2009/08/01 23:19:36 | 00,000,073 | ---- | C] () -- C:\DIET WITHOUT HUNGER.url
[2009/08/01 23:19:35 | 00,000,000 | ---D | C] -- C:\Program Files\Protection System
[2009/08/01 23:19:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SC.INS
[2009/08/01 23:19:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\sc.exe
[2009/08/01 23:19:24 | 00,157,184 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/08/01 23:19:03 | 00,202,756 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2009/08/01 18:16:09 | 00,001,241 | ---- | C] () -- C:\Documents and Settings\Saniya\Desktop\Tomb Raider - Underworld.lnk
[2009/07/28 02:01:20 | 00,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/07/28 01:59:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saniya\Application Data\Logs
[2009/07/20 18:17:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saniya\Local Settings\Application Data\Temp

========== Files - Modified Within 14 Days ==========

[1 C:\*.tmp files]
[2009/08/03 00:27:15 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/03 00:26:31 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saniya\Desktop\OTL.exe
[2009/08/03 00:26:03 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/08/03 00:17:03 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/03 00:10:15 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Saniya\Desktop\NTREGOPT.lnk
[2009/08/03 00:10:15 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Saniya\Desktop\ERUNT.lnk
[2009/08/03 00:08:30 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Saniya\Desktop\erunt_setup.exe
[2009/08/03 00:07:15 | 00,041,984 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Saniya\Desktop\SysRestorePoint.exe
[2009/08/03 00:04:47 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 00:04:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/03 00:04:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/02 23:54:17 | 00,288,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saniya\Desktop\TFC.exe
[2009/08/02 23:41:57 | 00,000,450 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/08/02 23:41:57 | 00,000,364 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/08/02 23:41:54 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Saniya\Desktop\XoftSpySE.lnk
[2009/08/02 23:41:32 | 03,355,800 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Saniya\Desktop\XoftSpySE_Setup.exe
[2009/08/02 14:48:31 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/02 14:48:31 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2009/08/02 14:48:30 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/02 14:48:23 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/02 14:48:21 | 32,964,803 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/02 14:48:21 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/02 14:48:04 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/02 14:48:04 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/02 14:48:04 | 00,088,982 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/02 01:50:50 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/02 00:32:14 | 10,443,776 | ---- | M] () -- C:\Documents and Settings\Saniya\Desktop\BufferZoneProXP.msi
[2009/08/01 23:19:36 | 00,000,073 | ---- | M] () -- C:\DIET WITHOUT HUNGER.url
[2009/08/01 23:19:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SC.INS
[2009/08/01 23:19:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\sc.exe
[2009/08/01 23:19:08 | 00,157,184 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/08/01 23:19:04 | 00,202,756 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll
[2009/08/01 18:16:09 | 00,001,241 | ---- | M] () -- C:\Documents and Settings\Saniya\Desktop\Tomb Raider - Underworld.lnk
[2009/08/01 15:27:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/30 15:45:38 | 00,493,056 | ---- | M] ( ) -- C:\Documents and Settings\Saniya\Desktop\RootRepeal.exe

========== LOP Check ==========

[2009/08/02 13:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/14 12:56:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/19 19:17:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/02/14 20:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/08/02 00:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BufferZone
[2009/01/20 22:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/02/21 23:19:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2009/07/01 22:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/08/02 15:23:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Saniya\Application Data
[2009/01/19 17:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\ATI
[2009/08/01 17:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\Azureus
[2009/08/02 23:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\cft
[2009/01/20 22:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\CyberLink
[2009/07/28 01:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\Logs
[2009/08/02 23:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\pridl
[2009/02/17 22:33:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Saniya\Application Data\SecuROM
[2009/07/01 23:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\Sports Interactive
[2009/07/17 22:40:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\U3
[2009/03/11 00:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saniya\Application Data\VideoCharge Studio
[2009/08/02 23:41:57 | 00,000,450 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE 2.job
[2009/08/02 23:41:57 | 00,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE.job
[2009/08/02 01:50:50 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/07/14 12:46:57 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/03 00:04:47 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 00:17:03 | 00,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/03 00:04:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/03 00:27:15 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >
< End of report >


OTL Extras logfile created on: 03/08/2009 00:28:39 - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Saniya\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.04 Mb Total Physical Memory | 377.27 Mb Available Physical Memory | 42.20% Memory free
2.11 Gb Paging File | 1.67 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.44 Gb Total Space | 6.50 Gb Free Space | 27.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 83.46 Gb Total Space | 83.39 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-786
Current User Name: Saniya
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface) -- (ATI Technologies Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 -- (Sports Interactive)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Disabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"ERUNT_is1" = ERUNT 1.1j
"XoftSpySE" = XoftSpySE

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Thank you, if you require me to run anything else please let me know and I will try to run it.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP