Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Virus (hijack included)


  • This topic is locked This topic is locked

#1
dco123123

dco123123

    Member

  • Member
  • PipPip
  • 17 posts
So, I was playing a game and all of a sudden it starting installing something. Currently I haven't restarted my computer and it said something along the lines of "restart now for it to take full effect" So instantly I shutdown the program through task manager but I still dont know if it downloaded or not, and whether I should restart or not in order to see if something actually downloaded. Hopefully this will help - I was playing WC3 (battle.net) and it popped up saying it was the "SC2" virus I think, not entirely sure since I instantly minimized and shut down.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:34:34 PM, on 12/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Coammon Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Judith\My Documents\Downloads\HitmanPro35.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tigerwoodsonline.ea.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Judith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Judith\Start Menu\Programs\UB\UB.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Judith\Start Menu\Programs\UB\UB.lnk (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10010 bytes

Edit: sorry havent been on this in a while, here is the OTL log. Again, I am wondering if I should or should not restart my laptop.
OTL logfile created on: 12/24/2010 10:23:05 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Judith\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 262.70 Gb Free Space | 88.13% Space Free | Partition Type: NTFS
Drive D: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-96A7D0393 | User Name: Judith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/24 22:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\My Documents\Downloads\OTL.exe
PRC - [2010/12/10 16:45:28 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 16:45:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/11/21 15:06:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/25 14:52:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/10/02 06:44:22 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/12/24 22:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/21 15:06:19 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/21 15:06:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/21 15:06:17 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/02 06:44:22 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/21 15:06:33 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/21 15:06:33 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/11/21 15:06:33 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2009/11/21 15:06:29 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/21 15:06:29 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/21 15:06:18 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2009/11/21 15:06:18 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2009/11/21 15:06:18 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/13 02:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/24 10:22:56 | 005,776,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/27 17:26:00 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/07/06 12:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/06/15 14:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://tigerwoodsonline.ea.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://cubmail.cc.c.../imp/login.php"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 17:16:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 16:45:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 16:45:34 | 000,000,000 | ---D | M]

[2009/11/21 22:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Extensions
[2009/11/21 22:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Extensions\[email protected]
[2010/12/23 23:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\cy1a7sl4.default\extensions
[2010/04/27 18:15:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\cy1a7sl4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 21:13:47 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\cy1a7sl4.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/18 19:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\cy1a7sl4.default\extensions\[email protected]
[2010/12/23 23:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 21:18:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 13:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/29 15:24:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/18 13:54:20 | 000,061,440 | R--- | M] () - D:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2003/02/12 02:01:48 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - C:\WINDOWS\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/24 14:38:20 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/12/24 14:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/24 14:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/12/24 14:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/24 22:23:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1604221776-839522115-1003UA.job
[2010/12/24 22:22:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/24 22:22:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/24 22:12:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{311B26BA-FAE6-43E2-928E-CFE7697A8A11}.job
[2010/12/24 15:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/12/24 14:38:20 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/12/24 14:38:20 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2010/12/24 14:33:21 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\HiJackThis.lnk
[2010/12/24 14:31:47 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/24 14:31:46 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/12/23 22:09:19 | 000,009,606 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\6700312100429000047d.docx
[2010/12/22 12:23:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1604221776-839522115-1003Core.job
[2010/12/21 20:35:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/21 20:35:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 15:55:12 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Judith.job
[2010/12/16 22:22:52 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 23:23:43 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Judith\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/15 23:23:42 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Google Chrome.lnk
[2010/12/15 10:08:21 | 002,005,559 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/12/15 10:08:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/13 15:23:59 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Microsoft Office Excel 2007.lnk
[2010/12/10 16:45:00 | 000,330,940 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Lab5.docx
[2010/11/26 12:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/24 14:38:20 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2010/12/24 14:33:00 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\HiJackThis.lnk
[2010/12/24 14:31:47 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/24 14:31:46 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/12/10 15:25:05 | 000,330,940 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\Lab5.docx
[2010/09/28 15:57:18 | 000,004,266 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2010/05/22 21:49:29 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/02 14:00:42 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Judith\Application Data\wklnhst.dat
[2009/11/21 23:28:10 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/10/05 19:22:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/10/05 19:22:46 | 000,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/30 08:05:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/09/29 16:13:58 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\fusioncache.dat
[2009/09/29 11:12:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/06 18:22:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2009/11/21 14:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/11/21 14:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/11/21 15:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/09/29 16:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/09/30 10:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/12/24 14:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/28 21:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/12 19:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/21 14:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/21 14:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\acccore
[2009/12/22 09:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\AVG9
[2010/12/10 21:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\FrostWire
[2010/02/07 02:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Leadertech
[2010/10/30 20:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\LimeWire
[2009/12/02 14:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Template
[2010/01/10 22:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\UB
[2010/05/19 23:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Unity
[2009/10/04 08:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Windows Desktop Search
[2009/10/05 14:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Windows Search
[2010/12/24 15:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/12/24 22:12:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{311B26BA-FAE6-43E2-928E-CFE7697A8A11}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\SightSpeed Recordings:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\My Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\My Drivers:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\FrostWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\Textbooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\Telephonics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\SSD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\signals:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\Magic DVD Ripper 5.4.1 + Serial:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\Limewire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\CA:Roxio EMC Stream

< End of report >

Edited by dco123123, 24 December 2010 - 09:25 PM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello dco123123,

Welcome to Geekstogo Malware forum.

  • C:\WINDOWS\System32\bootdelete.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Next

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O33 - MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\Shell - "" = AutoRun
    O33 - MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\SightSpeed Recordings:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\My Games:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\My Drivers:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\LimeWire:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\FrostWire:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\My Documents\Downloads:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\Textbooks:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\Telephonics:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\SSD:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\signals:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\Magic DVD Ripper 5.4.1 + Serial:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\Limewire:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Judith\Desktop\CA:Roxio EMC Stream
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Finally in this post

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
  • Virscan results
  • OTL fix log
  • MBAM log

  • 0

#3
dco123123

dco123123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
So when running the programs after it is okay to reboot? The thing said it would go into full effect if I rebooted.

Edit: and the bootdelete cam back clean.


VirSCAN.org Scanned Report :
Scanned time : 2010/04/01 01:35:45 (EDT)
Scanner results: Scanners did not find malware!
File Name : bootdelete.exe
File Size : 12872 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 5614386d4cfdf9e56f355c45beebc976
SHA1 : dc7efc870467a86f965c70469d7d33d275d7dc82
Online report : http://virscan.org/r...318e0b5b58.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100401053124 2010-04-01 0.08 -
AhnLab V3 2010.03.30.06 2010.03.30 2010-03-30 0.08 -
AntiVir 8.2.1.204 7.10.6.10 2010-03-31 0.25 -
Antiy 2.0.18 20100331.4120111 2010-03-31 0.12 -
Arcavir 2009 201003311858 2010-03-31 0.03 -
Authentium 5.1.1 201003312320 2010-03-31 1.32 -
AVAST! 4.7.4 100331-2 2010-03-31 0.00 -
AVG 8.5.720 271.1.1/2782 2010-04-01 0.23 -
BitDefender 7.81008.5559578 7.31044 2010-04-01 3.54 -
ClamAV 0.95.3 10681 2010-04-01 0.01 -
Comodo 3.13.579 4457 2010-04-01 0.08 -
CP Secure 1.3.0.5 2010.04.01 2010-04-01 0.04 -
Dr.Web 5.0.2.3300 2010.04.01 2010-04-01 6.25 -
F-Prot 4.4.4.56 20100331 2010-03-31 1.27 -
F-Secure 7.02.73807 2010.04.01.03 2010-04-01 0.12 -
Fortinet 4.0.14 11.643 2010-03-31 0.08 -
GData 19.10915/19.858 20100401 2010-04-01 0.08 -
ViRobot 20100331 2010.03.31 2010-03-31 0.08 -
Ikarus T3.1.01.80 2010.04.01.75525 2010-04-01 5.50 -
JiangMin 13.0.900 2010.04.01 2010-04-01 0.08 -
Kaspersky 5.5.10 2010.04.01 2010-04-01 0.08 -
KingSoft 2009.2.5.15 2010.4.1.10 2010-04-01 0.08 -
McAfee 5.3.00 5937 2010-03-31 3.76 -
Microsoft 1.5605 2010.04.01 2010-04-01 0.08 -
Norman 6.04.10 6.04.00 2010-03-30 6.01 -
Panda 9.05.01 2010.03.31 2010-03-31 0.08 -
Trend Micro 9.120-1004 6.964.03 2010-03-31 0.03 -
Quick Heal 10.00 2010.04.01 2010-04-01 0.08 -
Rising 20.0 22.41.03.01 2010-04-01 0.08 -
Sophos 3.05.4 4.51 2010-04-01 3.85 -
Sunbelt 3.9.2412.2 6123 2010-03-31 0.08 -
Symantec 1.3.0.24 20100331.005 2010-03-31 0.05 -
nProtect 20100331.01 7875470 2010-03-31 0.08 -
The Hacker 6.5.2.0 v00248 2010-03-30 0.08 -
VBA32 3.12.12.4 20100331.0723 2010-03-31 2.77 -
VirusBuster 4.5.11.10 10.122.24/2021762 2010-03-31 2.33 -

Edited by dco123123, 28 December 2010 - 08:47 AM.

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello

So when running the programs after it is okay to reboot?


Yes, actually there is an instruction in that script for your machine to reboot. Some files can't be deleted without a reboot. :D
  • 0

#5
dco123123

dco123123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The Virscan post is above.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5406

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2010 3:51:44 PM
mbam-log-2010-12-28 (15-51-44).txt

Scan type: Quick scan
Objects scanned: 139412
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\- BHO: Ask Toolbar BHO\ not found.
File {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cd3e47-8d05-11df-8b21-0018de011744}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cd3e47-8d05-11df-8b21-0018de011744}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cd3e47-8d05-11df-8b21-0018de011744}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cd3e47-8d05-11df-8b21-0018de011744}\ not found.
File E:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
ADS C:\Documents and Settings\Judith\My Documents\SightSpeed Recordings:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\My Documents\My Games:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\My Documents\My Drivers:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\My Documents\LimeWire:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\My Documents\FrostWire:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\My Documents\Downloads:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\Desktop\Textbooks:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\Desktop\Telephonics:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\Desktop\SSD:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\Desktop\signals:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\Desktop\Magic DVD Ripper 5.4.1 + Serial:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\Desktop\Limewire:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Judith\Desktop\CA:Roxio EMC Stream deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Judith
->Temp folder emptied: 1122371156 bytes
->Temporary Internet Files folder emptied: 177987193 bytes
->Java cache emptied: 50483828 bytes
->FireFox cache emptied: 112879707 bytes
->Google Chrome cache emptied: 348137266 bytes
->Flash cache emptied: 2403764 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2853263 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 509763 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1258425 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36322285 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77764382 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 13742 bytes

Total Files Cleaned = 1,844.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Judith
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.18.0 log created on 12282010_154031

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello dco123123,

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#7
dco123123

dco123123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
Press ENTER to exit...
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello dco123123,

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Next

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Click Start and if your security program asks you if you want to allow the program, click yes.
  • If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
  • Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
  • Copy and paste that log as a reply to this topic
When you return please post
  • OTL scan log
  • ESET scan results
  • and tell me how your computer is

  • 0

#9
dco123123

dco123123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
It's funny because you said open ESET in IE. I can't open IE at all. the screen pops up and in 1 second it closes. Don't know whats going on it didn't do that before.
Anyway I ran ESET for 45mins and it finished without finding any threat.
Here is the OTL log

OTL logfile created on: 12/28/2010 7:17:15 PM - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Judith\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 263.92 Gb Free Space | 88.54% Space Free | Partition Type: NTFS
Drive D: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-96A7D0393 | User Name: Judith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/24 22:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\My Documents\Downloads\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/11/21 15:06:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/25 14:52:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/10/02 06:44:22 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/08/04 02:49:00 | 000,318,096 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/12/24 22:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judith\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/11/21 15:06:19 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/21 15:06:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/21 15:06:17 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/02 06:44:22 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/21 15:06:33 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/21 15:06:33 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/11/21 15:06:33 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2009/11/21 15:06:29 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/21 15:06:29 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/21 15:06:18 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2009/11/21 15:06:18 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2009/11/21 15:06:18 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/13 02:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/24 10:22:56 | 005,776,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/27 17:26:00 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/07/06 12:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/06/15 14:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://tigerwoodsonline.ea.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://cubmail.cc.c.../imp/login.php"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 17:16:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 16:45:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 16:45:34 | 000,000,000 | ---D | M]

[2009/11/21 22:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Extensions
[2009/11/21 22:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Extensions\[email protected]
[2010/12/28 11:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\cy1a7sl4.default\extensions
[2010/04/27 18:15:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\cy1a7sl4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 21:13:47 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\cy1a7sl4.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/18 19:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Profiles\cy1a7sl4.default\extensions\[email protected]
[2010/12/28 11:48:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 21:18:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 13:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/28 15:42:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Judith\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/26 16:33:05 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/18 13:54:20 | 000,061,440 | R--- | M] () - D:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2003/02/12 02:01:48 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{713c4d90-0f94-11e0-8b37-0018de011744}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{713c4d90-0f94-11e0-8b37-0018de011744}\Shell\Install\command - "" = E:\Setup.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 15:40:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/28 11:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\Malwarebytes
[2010/12/28 11:44:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/28 11:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/28 11:44:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/28 11:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/27 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/12/27 20:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/12/26 16:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/12/26 16:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Application Data\InstallShield
[2010/12/26 16:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/12/26 16:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Judith\Local Settings\Application Data\Downloaded Installations
[2010/12/26 16:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/12/26 16:27:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/12/26 16:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/12/26 16:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/12/24 14:38:20 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/12/24 14:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/24 14:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/12/24 14:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/12/15 00:18:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 00:17:42 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/04 00:57:10 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/12/04 00:57:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/12/04 00:57:08 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys

========== Files - Modified Within 30 Days ==========

[2010/12/28 16:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/12/28 16:00:55 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\MBRCheck.exe
[2010/12/28 15:59:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{311B26BA-FAE6-43E2-928E-CFE7697A8A11}.job
[2010/12/28 15:44:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 15:43:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/28 15:43:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/28 15:43:49 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/28 15:42:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/28 11:44:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/28 11:41:27 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Shortcut to OTL.lnk
[2010/12/28 10:45:56 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/12/28 10:23:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1604221776-839522115-1003UA.job
[2010/12/28 10:22:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/28 09:11:22 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 22:14:38 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/27 20:22:25 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk
[2010/12/27 20:22:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/12/27 12:23:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1604221776-839522115-1003Core.job
[2010/12/26 16:33:51 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2010/12/26 16:33:05 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/26 16:27:20 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2010/12/24 14:38:20 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/12/24 14:33:21 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\HiJackThis.lnk
[2010/12/24 14:31:46 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/12/23 22:09:19 | 000,009,606 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\6700312100429000047d.docx
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 15:55:12 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Judith.job
[2010/12/15 23:23:43 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Judith\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/15 23:23:42 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Google Chrome.lnk
[2010/12/15 10:08:21 | 002,005,559 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/12/15 10:08:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/13 15:23:59 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Microsoft Office Excel 2007.lnk
[2010/12/10 16:45:00 | 000,330,940 | ---- | M] () -- C:\Documents and Settings\Judith\Desktop\Lab5.docx

========== Files Created - No Company Name ==========

[2010/12/28 16:01:10 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\MBRCheck.exe
[2010/12/28 11:44:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/28 11:41:27 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\Shortcut to OTL.lnk
[2010/12/27 20:22:25 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk
[2010/12/27 20:22:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/27 20:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/12/26 16:27:59 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2010/12/26 16:27:20 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2010/12/24 14:33:00 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\HiJackThis.lnk
[2010/12/24 14:31:47 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/24 14:31:46 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/12/10 15:25:05 | 000,330,940 | ---- | C] () -- C:\Documents and Settings\Judith\Desktop\Lab5.docx
[2010/09/28 15:57:18 | 000,004,266 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2010/05/22 21:49:29 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/02 14:00:42 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Judith\Application Data\wklnhst.dat
[2009/11/21 23:28:10 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/10/05 19:22:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/10/05 19:22:46 | 000,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/30 08:05:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/09/29 16:13:58 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Judith\Local Settings\Application Data\fusioncache.dat
[2009/09/29 11:12:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/06 18:22:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

< End of report >
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts

I can't open IE at all. the screen pops up and in 1 second it closes.


Please go to support Microsoft for instructions on how to repair/reinstall your Internet Explorer.

Come back and tell me if that has made a difference.
  • 0

Advertisements


#11
dco123123

dco123123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
"Troubleshooting cannot proceed because an error occurred
We have experienced an unexpected error and cannot continue"
The IE Fix it could not run due to an unexpected error.



And I can not redownload another copy.

Also, I tried right-clicking IE and resetting the settings (which i did) and it did not help.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hmm... interesting.

Assuming that Firefox is okay we will continue the cleaning process and come back to IE.

Let's see if you can do this one:

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.
Note2: If during the running of Kaspersky it stops because of a script running just agree to continue.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.
  • 0

#13
dco123123

dco123123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.



Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Anti-virus database was updated after license expiry]


Again, sorry everything is failing and thanks for the help so far.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts

Again, sorry everything is failing and thanks for the help so far.


Not to worry these things happen from time to time. :D

Let's see if your machine can cope with this one:

It is a pretty big download but is very useful at detecting\cleaning rootkits or whatever it finds.

Please click here to download VRT Tool by Kaspersky.
  • Save it to your desktop
  • Double click the setup file to run it
  • Choose your language and click OK
  • A Virus Removal Tool Wizard will appear. Click Next
  • Accept the agreement and click Next
  • Click Next to install
  • When installed a pop up window will appear.
  • On the Autoscan panel check all items
  • Click on Start Scan
  • When finished (this can take some time... just be patient and let it do its job) click the Report button
  • Click the top right button Save.
  • Save to your desktop as Kaspersky report.txt
Copy and past the report back here.

Click Exit and Yes to uninstall Kaspersky VRT. Click yes to the prompts to complete the process.

Note: This tool will self uninstall when you click Exit so please save the log before closing it.


  • 0

#15
dco123123

dco123123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Kasperkey didn't find anything either. I left it running all night



Autoscan: completed 6 hours ago (events: 2, objects: 258817, time: 01:52:01)
12/29/2010 1:24:39 AM Task started
12/29/2010 3:16:40 AM Task completed
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP