Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Yellow Shield in Taskbar/AIM virus


  • Please log in to reply

#1
madalinebanks

madalinebanks

    New Member

  • Member
  • Pip
  • 2 posts
Thank you in advance for any help anyone here might be able to offer me....

My problem started yesterday when a few friends informed me that they were getting AIM instant messages from my screen name with typical virus messages such as "look how i won a free i pod CLICK HERE" or "CLICK HERE to view my new pics online." I haven't signed on to AIM in months, so I'm not even sure how this all started. I uninstalled AIM from my computer (XP, 32 bit(?)) and deleted it, and after some research downloaded and ran a Trojan Removal as well as an AVG Threat Scan. These, along with my usual anti virus program didn't turn up anything. Now today when I turned my computer on, It's running extremely slow and I have a yellow shield with an exclamation point inside that is telling me updates are ready for my computer. Also, my friends are still receiving the instant messages. I've read that this is probably some type of Malware/Virus and I was hoping someone could help me take the necessary steps to remove it (if possible). I followed the instructions on one of the Malweare Removal topics on this blog and downloaded/ran OLT Quick Scan, but it has been running for about half an hour saying it's looking for "newly modified files" and I'm not sure if this is normal or I should begin again with something else.

Thank you again for any assistance you can provide me with regards to this matter.

Madaline
  • 0

Advertisements


#2
madalinebanks

madalinebanks

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
The OTL Quick Scan just finished and here is the log...

OTL logfile created on: 11/9/2010 8:33:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\X2\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 216.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.07 Gb Free Space | 43.13% Space Free | Partition Type: NTFS

Computer Name: FW-A174130BF246 | User Name: X2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 20:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\X2\My Documents\Downloads\OTL.exe
PRC - [2010/11/08 22:25:47 | 006,335,192 | ---- | M] (AVG) -- C:\Program Files\AVGQTS\AVGQTS.EXE
PRC - [2010/10/27 01:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/21 10:33:36 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\X2\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\X2\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/12/09 17:47:22 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/11 10:26:19 | 000,093,360 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswRunDll.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 10:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/09/11 04:40:30 | 000,992,176 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2006/06/29 12:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 20:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\X2\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/08 22:25:47 | 006,335,192 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVGQTS\AVGQTS.EXE -- (AVGQTSSVC)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - [2010/11/08 22:25:48 | 000,072,488 | ---- | M] (AVG) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010/11/08 22:25:48 | 000,030,384 | ---- | M] (AVG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\qtsscan.sys -- (qtsscan)
DRV - [2010/11/08 22:25:47 | 000,024,464 | ---- | M] (AVG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qtsflt.sys -- (qtsflt)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/15 06:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 06:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.vir -- (DLACDBHM)
DRV - [2007/07/23 14:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/10 22:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/10/25 14:19:18 | 000,092,561 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2004/10/21 15:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/03 16:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2003/01/23 16:37:50 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaimc00000001"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/27 23:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/09 00:33:16 | 000,000,000 | ---D | M]

[2010/03/22 22:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\Mozilla\Extensions
[2010/03/22 22:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\Mozilla\Extensions\[email protected]
[2010/11/08 22:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\Mozilla\Firefox\Profiles\9qesayfs.default\extensions
[2010/03/19 16:18:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\X2\Application Data\Mozilla\Firefox\Profiles\9qesayfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/27 08:48:26 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\X2\Application Data\Mozilla\Firefox\Profiles\9qesayfs.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/27 08:49:03 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\X2\Application Data\Mozilla\Firefox\Profiles\9qesayfs.default\searchplugins\aim-search-1.xml
[2010/03/22 21:46:21 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\X2\Application Data\Mozilla\Firefox\Profiles\9qesayfs.default\searchplugins\aim-search.xml
[2010/11/09 01:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\X2\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\X2\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\X2\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1260398947515 (MUWebControl Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/03 13:09:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 00:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X2\Desktop\Trojan-Remover-682
[2010/11/08 23:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/08 23:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/11/08 23:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X2\My Documents\Simply Super Software
[2010/11/08 23:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X2\Application Data\Simply Super Software
[2010/11/08 23:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/11/08 22:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/08 22:25:48 | 000,072,488 | ---- | C] (AVG) -- C:\WINDOWS\System32\drivers\qtsmon.sys
[2010/11/08 22:25:48 | 000,030,384 | ---- | C] (AVG) -- C:\WINDOWS\System32\drivers\qtsscan.sys
[2010/11/08 22:25:47 | 000,024,464 | ---- | C] (AVG) -- C:\WINDOWS\System32\drivers\qtsflt.sys
[2010/11/08 22:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVGQTS
[2010/11/08 22:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVGQTS
[2010/11/08 21:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/03 20:35:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\X2\My Documents\My Dropbox
[2010/11/03 20:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X2\Application Data\Dropbox
[2010/10/21 16:06:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\X2\My Documents\My Videos
[2010/10/20 21:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/20 21:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/20 21:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 20:44:19 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/11/09 20:09:17 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-1343024091-1003UA.job
[2010/11/09 19:59:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/09 19:49:59 | 000,015,604 | ---- | M] () -- C:\Documents and Settings\X2\My Documents\See.docx
[2010/11/09 19:25:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/09 19:23:22 | 000,465,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 19:23:22 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/09 19:23:10 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E16EF5BF-62EA-4290-B934-D9EF138F26CF}.job
[2010/11/09 19:20:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 19:19:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/08 23:43:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/11/08 23:30:18 | 010,332,999 | ---- | M] () -- C:\Documents and Settings\X2\Desktop\Trojan-Remover-682.zip
[2010/11/08 22:44:51 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\X2\Local Settings\Application Data\housecall.guid.cache
[2010/11/08 22:25:48 | 000,072,488 | ---- | M] (AVG) -- C:\WINDOWS\System32\drivers\qtsmon.sys
[2010/11/08 22:25:48 | 000,030,384 | ---- | M] (AVG) -- C:\WINDOWS\System32\drivers\qtsscan.sys
[2010/11/08 22:25:47 | 000,024,464 | ---- | M] (AVG) -- C:\WINDOWS\System32\drivers\qtsflt.sys
[2010/11/08 22:25:34 | 000,000,263 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/11/08 21:55:48 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/06 11:09:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-1343024091-1003Core.job
[2010/11/03 20:35:09 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\X2\Start Menu\Programs\Startup\Dropbox.lnk
[2010/11/03 20:35:07 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\X2\Desktop\Dropbox.lnk
[2010/10/27 23:05:14 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\X2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/27 23:05:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/20 21:29:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/15 03:37:17 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 02:25:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 07:38:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 19:49:58 | 000,015,604 | ---- | C] () -- C:\Documents and Settings\X2\My Documents\See.docx
[2010/11/08 23:43:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/11/08 23:38:17 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/11/08 23:38:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/11/08 23:38:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/11/08 23:38:17 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/11/08 23:29:25 | 010,332,999 | ---- | C] () -- C:\Documents and Settings\X2\Desktop\Trojan-Remover-682.zip
[2010/11/08 22:44:51 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\X2\Local Settings\Application Data\housecall.guid.cache
[2010/11/08 22:05:05 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/11/08 22:01:18 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/08 21:55:48 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/03 20:35:09 | 000,000,983 | ---- | C] () -- C:\Documents and Settings\X2\Start Menu\Programs\Startup\Dropbox.lnk
[2010/11/03 20:35:07 | 000,000,983 | ---- | C] () -- C:\Documents and Settings\X2\Desktop\Dropbox.lnk
[2010/10/20 21:38:16 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/20 21:29:12 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/19 16:20:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\X2\Local Settings\Application Data\FASTWiz.log
[2009/11/03 14:24:58 | 000,000,263 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/03 14:16:13 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/11/03 08:59:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/20 10:14:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

========== LOP Check ==========

[2010/11/08 22:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVGQTS
[2010/11/08 22:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/08 23:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/11/09 00:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/03 14:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/05/01 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/28 22:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\Amazon
[2010/11/09 19:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\Dropbox
[2010/11/08 23:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\LimeWire
[2010/11/09 00:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\Simply Super Software
[2009/11/03 15:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\Windows Desktop Search
[2009/12/09 17:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X2\Application Data\Windows Search
[2010/11/09 19:25:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/09 20:44:19 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2010/11/09 19:23:10 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E16EF5BF-62EA-4290-B934-D9EF138F26CF}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP