Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with Trojan

Started by Naybad , Nov 23 2010 03:36 PM

  • Please log in to reply

#1
Naybad
Posted 23 November 2010 - 03:36 PM

Naybad

    New Member

  • Member
  • Pip
  • 1 posts
Hi i keep getting a popup from my AVG to the affect that Trojan horse Dropper.Generic2.bxvh ?? Cant fix this tried lots off things but nothing seems to be working. I tried malwarebyte last night and it came up with nothing seemed to stop after it (about 30 min more work then computer was turned off). I have AVG Spybot-SD and Zone alarm running. I hope some one can help. (I think there is more than one post about this one so will keep an eye out for fixes)


Thx Craig

OTL logfile created on: 23/11/2010 21:27:21 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Naybad\Desktop
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 236.92 Gb Free Space | 50.87% Space Free | Partition Type: NTFS

Computer Name: NAYBAD-PC | User Name: Naybad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Naybad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\Razer\Arctosa\razertra.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.76\aaCenter.exe ()
PRC - C:\Program Files\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Naybad\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV:64bit: - (ATKFUSService) -- C:\Windows\SysNative\ATKFUSService.exe (ASUSTeK COMPUTER INC.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe ()
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PublicPreviewTurbineMessageService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe (Turbine, Inc.)
SRV - (PublicPreviewTurbineNetworkService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe (Turbine, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (vsdatant7) -- C:\Windows\SysNative\drivers\vsdatant.win7.sys File not found
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Sandra.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (EIO64) -- C:\Windows\SysNative\DRIVERS\EIO64.sys File not found
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys File not found
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Arctosa) -- C:\Windows\SysNative\drivers\Arctosa.sys (Razer USA Ltd.)
DRV:64bit: - (mv64xx) -- C:\Windows\SysNative\DRIVERS\mv64xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (atkdisplf) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys ()
DRV - (WinRing0_1_2_0) -- C:\Users\Naybad\overclocking\RealTemp_3.00-[Guru3D.com]\WinRing0x64.sys (OpenLibSys.org)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 5B EC F5 46 20 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2645238&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/12/21 22:39:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/28 20:30:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/11/22 22:38:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 19:50:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 19:50:20 | 000,000,000 | ---D | M]

[2009/01/10 22:12:35 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\Mozilla\Extensions
[2010/11/22 22:50:06 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\Mozilla\Firefox\Profiles\k0s5cxug.default\extensions
[2010/04/28 16:52:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Naybad\AppData\Roaming\Mozilla\Firefox\Profiles\k0s5cxug.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/18 15:17:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Naybad\AppData\Roaming\Mozilla\Firefox\Profiles\k0s5cxug.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/23 19:57:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Naybad\AppData\Roaming\Mozilla\Firefox\Profiles\k0s5cxug.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/22 22:38:15 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\Naybad\AppData\Roaming\Mozilla\Firefox\Profiles\k0s5cxug.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/08/19 21:08:14 | 000,000,939 | ---- | M] () -- C:\Users\Naybad\AppData\Roaming\Mozilla\Firefox\Profiles\k0s5cxug.default\searchplugins\conduit.xml
[2010/11/13 20:25:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/23 18:40:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 19:56:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/13 20:25:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/30 18:44:19 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/30 18:44:19 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/30 18:44:19 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/30 18:44:19 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ()
O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Naybad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Naybad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ceb4756-9e61-11df-90a5-0023549b730e}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe -- File not found
O33 - MountPoints2\{643468e6-df9a-11dd-90b1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{643468e6-df9a-11dd-90b1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{643468e6-df9a-11dd-90b1-806e6f6e6963}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 23:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/11/22 23:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/11/22 22:39:10 | 000,000,000 | ---D | C] -- C:\Users\Naybad\Documents\ForceField Shared Files
[2010/11/22 22:38:56 | 000,000,000 | ---D | C] -- C:\Users\Naybad\AppData\Roaming\CheckPoint
[2010/11/22 22:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/11/22 22:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm_Security
[2010/11/22 22:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/11/22 22:34:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/11/22 22:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/11/22 22:33:12 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/11/22 22:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/11/22 21:00:54 | 000,000,000 | ---D | C] -- C:\Users\Naybad\AppData\Roaming\Malwarebytes
[2010/11/22 21:00:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/22 21:00:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/22 21:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/22 21:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/22 20:57:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/22 20:38:25 | 000,000,000 | ---D | C] -- C:\Users\Naybad\Desktop\Trojan horse dropper.generic2.cyj [Solved]_files
[2010/11/22 20:37:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Naybad\Desktop\OTL.exe
[2010/11/16 22:21:13 | 000,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2010/11/16 22:20:30 | 000,027,176 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2010/11/16 22:20:30 | 000,013,352 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2010/11/16 22:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/23 21:22:26 | 000,811,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/23 21:22:26 | 000,681,528 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/23 21:22:26 | 000,140,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/23 21:15:24 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 21:15:24 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 21:15:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/23 21:15:00 | 3211,911,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/22 22:39:57 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/11/22 22:36:52 | 000,000,901 | ---- | M] () -- C:\Users\Naybad\Desktop\ZoneAlarm Security.lnk
[2010/11/22 21:00:28 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/22 20:38:31 | 000,986,823 | ---- | M] () -- C:\Users\Naybad\Desktop\Trojan horse dropper.generic2.cyj [Solved].htm
[2010/11/22 20:37:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Naybad\Desktop\OTL.exe
[2010/11/22 20:06:58 | 067,949,024 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/11/16 22:28:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/11/16 22:28:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/11/16 22:22:40 | 000,001,080 | ---- | M] () -- C:\Users\Naybad\Desktop\Update Service.lnk
[2010/11/16 22:21:13 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2010/11/16 22:20:30 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2010/11/16 22:20:30 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2010/11/02 20:14:10 | 000,004,158 | ---- | M] () -- C:\Users\Naybad\.recently-used.xbel
[2010/10/25 18:36:10 | 000,373,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/22 22:36:52 | 000,000,901 | ---- | C] () -- C:\Users\Naybad\Desktop\ZoneAlarm Security.lnk
[2010/11/22 22:34:26 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/11/22 21:00:28 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/22 20:38:24 | 000,986,823 | ---- | C] () -- C:\Users\Naybad\Desktop\Trojan horse dropper.generic2.cyj [Solved].htm
[2010/11/16 22:28:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010/11/16 22:28:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/11/16 22:22:40 | 000,001,080 | ---- | C] () -- C:\Users\Naybad\Desktop\Update Service.lnk
[2010/11/02 20:14:10 | 000,004,158 | ---- | C] () -- C:\Users\Naybad\.recently-used.xbel
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/14 10:26:07 | 000,437,838 | ---- | C] () -- C:\Users\Naybad\AppData\Local\dd_vcredistMSI6BE4.txt
[2010/03/14 10:26:07 | 000,012,730 | ---- | C] () -- C:\Users\Naybad\AppData\Local\dd_vcredistUI6BE4.txt
[2010/01/15 13:52:09 | 000,430,730 | ---- | C] () -- C:\Users\Naybad\AppData\Local\dd_vcredistMSI55DE.txt
[2010/01/15 13:52:09 | 000,011,384 | ---- | C] () -- C:\Users\Naybad\AppData\Local\dd_vcredistUI55DE.txt
[2009/11/22 22:58:46 | 000,471,328 | ---- | C] () -- C:\Users\Naybad\AppData\Local\dd_vcredistMSI7D0D.txt
[2009/11/22 22:58:46 | 000,011,368 | ---- | C] () -- C:\Users\Naybad\AppData\Local\dd_vcredistUI7D0D.txt
[2009/10/17 13:04:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/17 13:03:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/17 12:47:33 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/16 22:12:23 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/10/13 18:29:10 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/06/13 15:38:49 | 000,000,057 | ---- | C] () -- C:\Windows\PT2Key-eng.ini
[2009/04/30 19:04:41 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/02/05 19:54:13 | 000,002,032 | ---- | C] () -- C:\Users\Naybad\AppData\Local\d3d9caps.dat
[2009/01/25 17:19:53 | 000,000,094 | ---- | C] () -- C:\Users\Naybad\AppData\Local\fusioncache.dat
[2009/01/17 16:50:28 | 000,018,944 | ---- | C] () -- C:\Users\Naybad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 22:35:53 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/01/11 17:24:37 | 000,777,882 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/01/10 21:17:17 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/01/10 21:17:17 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/01/10 20:55:40 | 000,039,527 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/01/10 20:54:31 | 000,038,786 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/01/10 20:53:14 | 000,002,188 | ---- | C] () -- C:\Users\Naybad\AppData\Local\d3d9caps64.dat
[2008/01/21 02:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/28 07:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSASV2.DLL

========== LOP Check ==========

[2010/09/30 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\ActiveMaths
[2009/06/12 22:46:24 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\AVGTOOLBAR
[2010/11/22 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\CheckPoint
[2010/02/25 21:46:20 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\DeepBurner
[2010/11/02 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\gtk-2.0
[2009/10/17 13:20:09 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\nHancer
[2009/01/10 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\Razer
[2009/02/06 16:14:03 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\Red Alert 3 Demo
[2009/11/22 22:59:35 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\runic games
[2009/01/10 21:12:48 | 000,000,000 | ---D | M] -- C:\Users\Naybad\AppData\Roaming\TMP
[2010/11/22 23:22:05 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP