Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

YOUR SYSTEM IS INFECTED (backgrond)


  • Please log in to reply

#1
stryker7000

stryker7000

    Member

  • Member
  • PipPip
  • 10 posts
I don't know if this has a specific name, but the other day, my computer restarted twice while I was online, and my background was changed to a black box with red writing that says "YOUR SYSTEM IS INFECTED," and a paragraph saying 'System has been stopped due to a serious malfunction. Spyware activity has been detected. it is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed.' i have ran spybot search and destroy twice now but it remains the same, it seems that this computer is always getting infected with something i was jus wondering if anyone might be able to help thanks in advance!

stryker

--also i have attached a screen shot just so you could see what i am

Attached Thumbnails

  • untitled.JPG

  • 0

Advertisements


#2
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

Please go to the Malware and Spyware Cleaning Guide, and follow the instructions there. This will give you a few preparations to make, as well as instruction for posting your OTL Log.

when your done please post your Logs here in this topic.

Thanks,
  • 0

#3
stryker7000

stryker7000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
alright so i have been following everything in that thread and thus far my computer has gotten its background back but I'll keep you posted with those logs once they finish :)
  • 0

#4
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
ok just post them up when you get a chance :)
  • 0

#5
stryker7000

stryker7000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/25/2009 8:15:51 PM
mbam-log-2009-08-25 (20-15-51).txt

Scan type: Quick Scan
Objects scanned: 97445
Time elapsed: 17 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 30
Registry Values Infected: 7
Registry Data Items Infected: 9
Folders Infected: 3
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9cd5bdd-43cc-476f-b365-eb38f2936b4f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9cd5bdd-43cc-476f-b365-eb38f2936b4f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6328ca3b-9fdd-4ab6-9d38-b35f1048bf2f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6328ca3b-9fdd-4ab6-9d38-b35f1048bf2f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e10dd280-d234-4d72-b26a-c1175c1f9833} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e10dd280-d234-4d72-b26a-c1175c1f9833} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8d8baf56-b581-4b90-a549-c4ac6b03f1bb} (Adware.Instant Access) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Deluxe Protector (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Juan\XP Deluxe Protector (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.
C:\Program Files\AV9 (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.
C:\Program Files\podmena (Trojan.Downloader) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\xlxjkg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Juan\Local Settings\Temporary Internet Files\Content.IE5\ZORH9LSJ\3077ahntdksr[1].dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
c:\program files\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iehostcx32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\podmena\podmena.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4bc87308.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4bc87308.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\ld09.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Juan\Start Menu\XP Deluxe Protector.LNK (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122390.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#6
stryker7000

stryker7000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 8/26/2009 11:05:16 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Juan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

191.48 Mb Total Physical Memory | 26.69 Mb Available Physical Memory | 13.94% Memory free
779.00 Mb Paging File | 447.95 Mb Available in Paging File | 57.50% Paging File free
Paging file location(s): c:\pagefile.sys 600 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 20.14 Gb Free Space | 27.02% Space Free | Partition Type: NTFS
Drive D: | 16.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.89 Gb Total Space | 1.10 Gb Free Space | 58.15% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: JUAN-CBSIHJ1HQV
Current User Name: Juan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/06/12 14:45:26 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/12 14:44:54 | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
PRC - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2003/12/09 15:02:04 | 00,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/06/11 02:52:26 | 00,122,880 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
PRC - [2005/03/31 11:26:50 | 00,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2003/06/11 02:52:24 | 00,380,928 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
PRC - [2004/05/10 02:32:14 | 07,917,056 | ---- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIAudioi\SBADeck\ADeck.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/11/30 22:49:06 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/08/26 09:57:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Juan\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/12/14 08:37:20 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2009/06/12 14:44:54 | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2005/01/26 16:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/02/18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/02/28 17:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2004/03/31 18:55:24 | 00,172,544 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcsvc.exe -- (npkcsvc [Disabled | Stopped])
SRV - [2005/01/26 16:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2005/01/26 16:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2005/11/08 16:25:00 | 00,647,242 | ---- | M] () -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService [On_Demand | Stopped])
SRV - [2006/04/03 18:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])
SRV - [2003/05/19 17:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\System32\YPcservice.000 -- (YPCService [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 3B CA 28 63 DD 9F B6 4A 9D 38 B3 5F 10 48 BF 2F [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/12 14:44:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2009/06/12 14:44:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/23 21:14:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/23 22:20:44 | 00,000,000 | ---D | M]

[2009/06/11 17:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\mozilla\Extensions
[2009/06/11 17:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/11 17:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\mozilla\Firefox\Profiles\elkt55kf.default\extensions
[2009/08/25 21:11:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/11/13 22:18:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/23 20:23:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/23 20:23:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/23 20:23:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/07/28 08:32:54 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/01/25 20:13:36 | 00,700,416 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/01/25 20:14:05 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/23 20:23:39 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/02 18:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 18:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 18:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 18:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 18:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 18:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 18:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305532 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost70.38.73.26 flog.bestvirusremover2008.com
O1 - Hosts: 70.38.73.26 fupd2.bestvirusremover2008.com
O1 - Hosts: 70.38.73.26 log.bestvirusremover2008.com
O1 - Hosts: 70.38.73.26 bestvirusremover2008.com
O1 - Hosts: 70.38.73.26 www.bestvirusremover2008.com
O1 - Hosts: 70.38.73.26 secure.bestpaymentsolution.net
O1 - Hosts: 70.38.73.26 download.bestvirusremover2008.com
O1 - Hosts: 70.38.73.26 virusremover-2008.info
O1 - Hosts: 70.38.73.26 callback.bestvirusremover2008.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 10539 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {31ADE74D-6A8D-4086-9E55-F0C354C4F172} - C:\WINDOWS\System32\wvUomkIc.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5EB546B7-63AA-4DFF-B9B6-89667C23C8FF} - C:\WINDOWS\System32\nnnoLEur.dll File not found
O2 - BHO: (no name) - {611A0E0B-DEEB-4259-9690-2C978E76B2DF} - C:\WINDOWS\System32\awtrSlmm.dll File not found
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {697907CC-405C-49C1-9885-B7B6221977EA} - C:\WINDOWS\System32\efcCvSMC.dll File not found
O2 - BHO: (no name) - {6A5BF45A-9A49-4683-B58B-D72D99314992} - C:\WINDOWS\System32\ddcYsSLE.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {96D2E65F-AFEB-4417-B7CF-A2FE2BDDE54C} - C:\WINDOWS\System32\awtTKebc.dll File not found
O2 - BHO: (no name) - {998676AA-7634-4073-8C17-B2DCD2D3C55E} - C:\WINDOWS\System32\ddcYpmKc.dll File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O2 - BHO: (no name) - {BB05F5EC-D6B9-4872-B942-3319CB61B959} - C:\WINDOWS\System32\qoMcbxUk.dll File not found
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IPInSightLAN 02] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 02] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKLM..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe File not found
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1251253204156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1153260289437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\nnnoLEur) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/27 13:26:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/06/15 22:28:26 | 00,000,000 | -HS- | M] () - H:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{07574c2c-3232-11dc-be6e-00138f40491a}\Shell - "" = AutoRun
O33 - MountPoints2\{07574c2c-3232-11dc-be6e-00138f40491a}\Shell\1\Command - "" = F:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{07574c2c-3232-11dc-be6e-00138f40491a}\Shell\2\Command - "" = F:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{07574c2c-3232-11dc-be6e-00138f40491a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b6d6c74-2729-11dc-be60-00138f40491a}\Shell - "" = AutoRun
O33 - MountPoints2\{5b6d6c74-2729-11dc-be60-00138f40491a}\Shell\1\Command - "" = F:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{5b6d6c74-2729-11dc-be60-00138f40491a}\Shell\2\Command - "" = F:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{5b6d6c74-2729-11dc-be60-00138f40491a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fbd3780-f5c2-11db-be32-00138f40491a}\Shell - "" = AutoRun
O33 - MountPoints2\{9fbd3780-f5c2-11db-be32-00138f40491a}\Shell\1\Command - "" = G:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{9fbd3780-f5c2-11db-be32-00138f40491a}\Shell\2\Command - "" = G:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{9fbd3780-f5c2-11db-be32-00138f40491a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cab15a80-3999-11de-bf71-00138f40491a}\Shell - "" = AutoRun
O33 - MountPoints2\{cab15a80-3999-11de-bf71-00138f40491a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cab15a80-3999-11de-bf71-00138f40491a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: ("autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*") - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/26 10:58:52 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Juan\Desktop\OTL.exe
[2009/08/26 10:37:54 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Juan\Desktop\RootRepeal.exe
[2009/08/26 00:01:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/08/25 20:45:35 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/25 20:45:31 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/25 20:45:31 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/25 20:45:30 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/25 20:45:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/25 20:45:16 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/25 20:45:16 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/25 20:45:16 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/25 20:45:16 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/25 20:44:30 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/25 20:44:30 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/25 19:46:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Juan\Application Data\Malwarebytes
[2009/08/25 19:46:00 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/25 19:45:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/25 19:45:53 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/25 19:45:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/25 19:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/25 19:39:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/25 19:38:19 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Juan\Desktop\NTREGOPT.lnk
[2009/08/25 19:38:19 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Juan\Desktop\ERUNT.lnk
[2009/08/25 19:38:00 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/24 20:37:47 | 00,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 14 Days ==========

[2009/08/26 10:41:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/26 10:39:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/26 10:39:46 | 20,088,4224 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/08/26 10:13:24 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/26 10:13:24 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/26 10:13:23 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/26 10:07:56 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/26 10:00:58 | 03,989,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/26 09:57:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Juan\Desktop\OTL.exe
[2009/08/26 09:56:04 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Juan\Desktop\RootRepeal.exe
[2009/08/26 00:07:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/25 21:36:01 | 05,361,810 | -H-- | M] () -- C:\Documents and Settings\Juan\Local Settings\Application Data\IconCache.db
[2009/08/25 20:45:35 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/25 20:45:16 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/25 19:46:00 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/25 19:38:19 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Juan\Desktop\NTREGOPT.lnk
[2009/08/25 19:38:19 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Juan\Desktop\ERUNT.lnk
[2009/08/24 13:25:34 | 00,305,532 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/17 11:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 11:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 11:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 11:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 11:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 11:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 11:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 11:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 11:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== LOP Check ==========

[2009/08/25 20:00:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/19 15:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/28 19:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/31 18:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/08/06 16:26:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/06/19 11:01:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/04/19 09:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2006/12/14 08:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2006/07/21 19:09:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2006/03/09 20:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/06/19 10:55:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2006/01/28 22:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/07/26 16:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2006/01/29 15:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/08/25 19:46:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Juan\Application Data
[2009/07/18 10:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\aAvgApi
[2006/01/28 22:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\acccore
[2007/01/30 20:14:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\Ahead
[2007/05/26 13:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\Aim
[2008/08/08 12:13:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\AVGTOOLBAR
[2009/07/26 16:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\CopyTrans
[2006/02/03 18:13:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\Corel
[2006/02/18 14:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\CyberLink
[2008/06/18 13:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\dvdcss
[2007/01/23 20:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\Hamachi
[2008/04/19 09:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\iolo
[2006/02/19 13:57:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\Kore
[2006/07/21 19:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\MAGIX
[2006/03/09 20:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\Motive
[2009/05/06 17:41:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\U3
[2006/07/16 22:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\Ventrilo
[2009/07/26 16:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juan\Application Data\WindSolutions
[2009/07/23 17:28:24 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/03/31 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/24 02:27:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/26 10:41:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2005/04/07 14:38:04 | 00,195,168 | ---- | M] () -- C:\unym.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >
  • 0

#7
stryker7000

stryker7000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL Extras logfile created on: 8/26/2009 11:05:16 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Juan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

191.48 Mb Total Physical Memory | 26.69 Mb Available Physical Memory | 13.94% Memory free
779.00 Mb Paging File | 447.95 Mb Available in Paging File | 57.50% Paging File free
Paging file location(s): c:\pagefile.sys 600 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 20.14 Gb Free Space | 27.02% Space Free | Partition Type: NTFS
Drive D: | 16.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.89 Gb Total Space | 1.10 Gb Free Space | 58.15% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: JUAN-CBSIHJ1HQV
Current User Name: Juan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"24917:TCP" = 24917:TCP:*:Enabled:BitComet 24917 TCP
"24917:UDP" = 24917:UDP:*:Enabled:BitComet 24917 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\LimeWire\LimeWire.exe" = C:\Program Files\Internet Explorer\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC)" = Visual IP InSight(SBC)
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{514DF7BB-D192-417C-BB60-58BF1FD34253}" = S500/S600 USB Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8 Ultra Edition HD
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast!" = avast! Antivirus
"BearShare" = BearShare
"CopyTrans Suite" = CopyTrans Suite Remove Only
"ERUNT_is1" = ERUNT 1.1j
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = CorelDRAW Graphics Suite 11
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.5
"KSignAccessToolkit" = KSignAccessToolkit v1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"npkcxp" = nProtect KeyCrypt
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"S3" = KM400/KN400 Display Driver and Utilities
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.00
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/8/2006 5:56:48 PM | Computer Name = JUAN-CBSIHJ1HQV | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

Error - 9/13/2006 4:02:46 PM | Computer Name = JUAN-CBSIHJ1HQV | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst failed, 00000005.

[ Application Events ]
Error - 6/20/2008 4:20:51 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module shell32.dll, version 6.0.2900.2180, fault address 0x0002385d.

Error - 6/20/2008 4:21:12 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module shell32.dll, version 6.0.2900.2180, fault address 0x00023b74.

Error - 6/20/2008 4:21:20 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 6/20/2008 6:32:04 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 6/20/2008 9:51:05 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x00033869.

Error - 6/27/2008 11:09:51 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module shell32.dll, version 6.0.2900.2180, fault address 0x00023b74.

Error - 6/30/2008 1:01:40 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\MP3FE.EXE for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program MP3FE.EXE because of this error. Program: MP3FE.EXE
File:
D:\MP3FE.EXE The error value is listed in the Additional Data section. User Action
1.
Open the file again. This situation might be a temporary problem that corrects
itself when the program runs again. 2. If the file still cannot be accessed and -
It is on the network, your network administrator should verify that there is not
a problem with the network and that the server can be contacted. - It is on a removable
disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted
into the computer. 3. Check and repair the file system by running CHKDSK. To run
CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt,
type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file
from a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value:
C0000012 Disk type: 5

Error - 6/30/2008 1:01:51 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1000
Description = Faulting application MP3FE.EXE, version 0.0.0.0, faulting module MP3FE.EXE,
version 0.0.0.0, fault address 0x00054639.

Error - 6/30/2008 1:02:05 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Error | ID = 1001
Description = Fault bucket 00502521.

Error - 6/30/2008 1:10:57 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/26/2009 11:07:48 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/26/2009 11:25:07 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service
to connect.

Error - 8/26/2009 11:25:07 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053

Error - 8/26/2009 11:30:59 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/26/2009 11:32:08 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = System Error | ID = 1003
Description = Error code 0000000a, parameter1 805c1068, parameter2 000000ff, parameter3
00000000, parameter4 804d92c2.

Error - 8/26/2009 11:45:32 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service
to connect.

Error - 8/26/2009 11:45:32 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053

Error - 8/26/2009 11:45:32 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Service Control Manager | ID = 7023
Description = The avast! Mail Scanner service terminated with the following error:
%%183

Error - 8/26/2009 11:50:38 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/26/2009 11:51:32 AM | Computer Name = JUAN-CBSIHJ1HQV | Source = System Error | ID = 1003
Description = Error code 0000000a, parameter1 805c1068, parameter2 000000ff, parameter3
00000000, parameter4 804d92c2.


< End of report >
  • 0

#8
stryker7000

stryker7000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Alright I have finished running everything (that I could) I did actually have some problems running 'Step Five: Rootkit Detection' when I ran RootRepeal it would start up for a short time then go to a blue screen with a lot of text, and then restart the computer, so i don't know if these files will help but i have posted them all up. let me know if anything must be done or what.
  • 0

#9
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi stryker7000,

looks like MBAM cleaned out quite a bit, please do the following...


ComboFix

Please download ComboFix from Here or Here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

===============================================
  • 0

#10
stryker7000

stryker7000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok so i tried to download combofix on the computer in question and it didn't seem to work as it should have attached i have given screen shots of what happened first a pop up saying i didn't have permissions and another saying error shortly after, right now i have to go to work and won't be out till later so i just figured i would post what has happened so far let me know what i should do :)

stryker

--also do you know anything about RAM? that computer is hella slow and i think that may be an issue also well keep in touch thanks

Attached Thumbnails

  • untitled2.JPG
  • untitled3.JPG

  • 0

#11
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi stryker7000,

thats not a good sign.... lets try uninstalling combofix and reinstalling it. Then getting an online scan to see what we are working with.

ComboFix Removal

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
===============================================

ComboFix

Please download ComboFix from Here or Here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

===============================================

TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

===============================================

Please post the combofix log if it runs, and the Kaspersky WebScanner report in your next reply. Also let me know how things are running.

Note: it may take quite a while for Kaspersky WebScanner to run :)
  • 0

#12
stryker7000

stryker7000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok i am sorry i haven't replied recently but i would like to continue this topic i have jus been really busy recently but i will try to find some time this week to continue troubleshooting. thanks for trhe help thus far :)

stryker
  • 0

#13
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
no problem, I will leave it open since I know your still working on it. Just post back when you can.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP