Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rbot Trojan THREAT - Coputer Freezes


  • This topic is locked This topic is locked

#1
Kalinche007

Kalinche007

    Member

  • Member
  • PipPip
  • 27 posts
Hi,

Here are the problems I face:
Internet browser (Internet Explorer) works very slowly or freezes completely (an hourglass and a 'does not respond' message appear). Ctrl+Alt+Del does not function, computer freezes and needs a reboot.

Occasionally, a Nod32 antivirus system warning pops up:
File: C:\Windows\system32\TFTP2852
Threat: win32/Rbot Trojan
Event occurred on a new file created by the application: C:\WINDOWS\system32\tftp.exe. The file was moved to quarantine. You may close this window.

Can you help me? The computer freezes constantly and I can hardly work but hopefully we can fix this :)

OTL Log:
OTL logfile created on: 02.5.2011 г. 13:50:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Marieta Yotseva\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

1 015,00 Mb Total Physical Memory | 393,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,52 Gb Total Space | 8,87 Gb Free Space | 45,42% Space Free | Partition Type: FAT32
Drive D: | 213,34 Gb Total Space | 158,43 Gb Free Space | 74,26% Space Free | Partition Type: NTFS

Computer Name: MARIETA | User Name: Marieta Yotseva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.02 13:49:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marieta Yotseva\Desktop\OTL.exe
PRC - [2007.03.02 17:01:38 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007.03.01 21:27:10 | 000,917,504 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2007.03.01 21:27:10 | 000,495,616 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2006.06.19 11:43:34 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
PRC - [2006.05.12 11:27:04 | 000,831,488 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006.03.30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005.10.25 22:48:30 | 000,988,565 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2005.10.25 22:48:30 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005.10.25 22:48:30 | 000,118,784 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2002.08.29 03:41:24 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.05.02 13:49:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marieta Yotseva\Desktop\OTL.exe
MOD - [2002.08.29 03:41:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2007.03.02 17:01:38 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007.03.01 21:27:10 | 000,495,616 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2006.09.29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2006.03.30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.10.25 22:48:30 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2007.03.02 00:44:22 | 000,002,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\io02.sys -- (io02)
DRV - [2007.03.01 21:43:34 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007.03.01 21:42:08 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007.03.01 21:42:08 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007.03.01 21:41:40 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007.03.01 21:27:10 | 000,502,208 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2006.10.19 00:00:00 | 000,020,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2006.06.28 10:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.27 13:50:36 | 010,148,480 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2006.03.27 04:48:34 | 000,026,752 | R--- | M] (ASUSTek Computer Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2005.11.16 10:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001.08.23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [Resume copy] C:\WINDOWS\COPYFSTQ.EXE ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Marieta Yotseva\Local Settings\Temp\herss.exe ()
O4 - HKCU..\Run: [Windows Time] C:\Documents and Settings\Marieta Yotseva\Application Data\W32Time.exe (OldMan's Tales)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\Marieta Yotseva\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.128.95.129 193.24.240.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marieta Yotseva\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marieta Yotseva\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.01 20:38:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011.05.01 22:01:46 | 000,000,055 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011.05.01 22:01:44 | 000,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.02 13:49:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marieta Yotseva\Desktop\OTL.exe
[2011.04.30 23:20:08 | 000,102,400 | -H-- | C] (OldMan's Tales) -- C:\WINDOWS\System32\ovngqul.exe
[2008.11.24 19:21:13 | 008,981,504 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5541_full_emusic-7plus_en-us.exe
[2008.10.23 15:14:45 | 002,991,076 | ---- | C] (Software Companions ) -- C:\Program Files\vcsetup.exe
[2008.01.02 17:48:07 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008.01.02 17:48:07 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008.01.02 17:39:45 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2007.10.25 21:54:53 | 023,876,904 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2002.08.29 03:41:24 | 000,106,496 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\explorer.exe
[2002.08.29 03:41:24 | 000,106,496 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\AppMgmt.exe
[2002.08.29 03:41:24 | 000,102,912 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\W32Time.exe
[2002.08.29 03:41:24 | 000,102,912 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\AudioSrv.exe
[2002.08.29 03:41:24 | 000,102,493 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\msdtc.exe
[2002.08.29 03:41:24 | 000,102,493 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\dns.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.02 13:49:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marieta Yotseva\Desktop\OTL.exe
[2011.05.02 13:29:12 | 000,106,496 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\explorer.exe
[2011.05.02 13:26:02 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.02 13:19:38 | 000,102,912 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\W32Time.exe
[2011.05.02 13:19:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.02 13:19:32 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.02 08:19:02 | 000,000,000 | R--- | M] () -- C:\WINDOWS\System32\TFTP3912
[2011.05.01 22:01:46 | 000,000,055 | RHS- | M] () -- C:\autorun.inf
[2011.05.01 21:28:24 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.05.01 20:44:18 | 000,000,000 | R--- | M] () -- C:\WINDOWS\System32\TFTP4036
[2011.05.01 11:40:28 | 000,102,493 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\msdtc.exe
[2011.05.01 01:35:56 | 000,102,493 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\dns.exe
[2011.04.30 23:20:12 | 000,102,400 | -H-- | M] (OldMan's Tales) -- C:\WINDOWS\System32\ovngqul.exe
[2011.04.30 20:44:30 | 000,102,912 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\AudioSrv.exe
[2011.04.30 17:25:16 | 000,106,496 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\AppMgmt.exe
[2011.04.29 19:24:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.02 08:19:00 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\TFTP3912
[2011.05.01 20:44:17 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\TFTP4036
[2011.05.01 11:21:45 | 000,001,044 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.01 11:21:45 | 000,001,040 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.26 21:07:50 | 000,106,620 | RHS- | C] () -- C:\kgji.exe
[2011.04.26 18:15:16 | 000,000,055 | RHS- | C] () -- C:\autorun.inf
[2008.10.23 11:18:39 | 060,275,693 | ---- | C] () -- C:\Program Files\FurnishBG.exe
[2008.01.18 13:13:58 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008.01.02 17:48:07 | 000,831,488 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2008.01.02 17:48:07 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008.01.02 17:39:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2007.03.04 21:12:45 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Marieta Yotseva\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.02 00:44:21 | 000,002,624 | ---- | C] () -- C:\WINDOWS\System32\io02.sys
[2007.03.02 00:37:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.03.02 00:05:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.03.02 00:05:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.03.02 00:05:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.03.02 00:05:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.03.02 00:05:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.03.02 00:05:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.03.02 00:05:15 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2007.03.02 00:05:14 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2007.03.02 00:02:54 | 000,002,568 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007.03.01 23:08:37 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Marieta Yotseva\Local Settings\Application Data\fusioncache.dat
[2007.03.01 21:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.03.01 21:41:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll
[2007.03.01 21:38:49 | 000,017,987 | ---- | C] () -- C:\WINDOWS\irunin.ini
[2007.03.01 21:38:49 | 000,009,694 | ---- | C] () -- C:\WINDOWS\irunin.dat
[2007.03.01 21:38:41 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007.03.01 21:37:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007.03.01 21:32:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.03.01 21:17:38 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007.03.01 21:17:38 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007.03.01 21:03:09 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2007.03.01 20:47:50 | 000,004,440 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.03.01 20:47:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.03.01 20:40:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.03.01 20:36:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.03.01 20:31:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.03.01 20:31:00 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.20 03:52:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2002.08.29 03:57:58 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002.05.04 13:04:46 | 000,046,080 | ---- | C] () -- C:\WINDOWS\COPYFSTQ.EXE
[2002.05.04 13:04:45 | 000,094,636 | ---- | C] () -- C:\WINDOWS\dropcpyr.dll
[2002.04.10 18:18:00 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002.03.25 20:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001.08.23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 12:00:00 | 000,401,064 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 12:00:00 | 000,062,344 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2007.03.01 21:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007.03.01 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007.03.02 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2007.03.01 21:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marieta Yotseva\Application Data\ACD Systems
[2007.03.01 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marieta Yotseva\Application Data\Autodesk
[2007.03.02 00:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marieta Yotseva\Application Data\InterVideo
[2010.07.05 19:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marieta Yotseva\Application Data\Opera

========== Purity Check ==========



< End of report >

Thanks!
Kalina
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Kalina you are asking for problems as your windows are way out of date Windows XP Professional Edition Service Pack 1

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Marieta Yotseva\Local Settings\Temp\herss.exe ()
    O4 - HKCU..\Run: [Windows Time] C:\Documents and Settings\Marieta Yotseva\Application Data\W32Time.exe (OldMan's Tales)
    [2011.04.30 23:20:08 | 000,102,400 | -H-- | C] (OldMan's Tales) -- C:\WINDOWS\System32\ovngqul.exe
    [2002.08.29 03:41:24 | 000,106,496 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\explorer.exe
    [2002.08.29 03:41:24 | 000,106,496 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\AppMgmt.exe
    [2002.08.29 03:41:24 | 000,102,912 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\W32Time.exe
    [2002.08.29 03:41:24 | 000,102,912 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\AudioSrv.exe
    [2002.08.29 03:41:24 | 000,102,493 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\msdtc.exe
    [2002.08.29 03:41:24 | 000,102,493 | -HS- | C] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\dns.exe
    [2011.05.02 08:19:02 | 000,000,000 | R--- | M] () -- C:\WINDOWS\System32\TFTP3912
    [2011.05.01 22:01:46 | 000,000,055 | RHS- | M] () -- C:\autorun.inf
    [2011.05.01 20:44:18 | 000,000,000 | R--- | M] () -- C:\WINDOWS\System32\TFTP4036
    [2011.05.01 11:40:28 | 000,102,493 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\msdtc.exe
    [2011.05.01 01:35:56 | 000,102,493 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\dns.exe
    [2011.04.30 23:20:12 | 000,102,400 | -H-- | M] (OldMan's Tales) -- C:\WINDOWS\System32\ovngqul.exe
    [2011.04.30 20:44:30 | 000,102,912 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\AudioSrv.exe
    [2011.04.30 17:25:16 | 000,106,496 | -HS- | M] (OldMan's Tales) -- C:\Documents and Settings\Marieta Yotseva\Application Data\AppMgmt.exe
    [2011.04.26 21:07:50 | 000,106,620 | RHS- | C] () -- C:\kgji.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
Kalinche007

Kalinche007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi,

Thank you so much for your reply. I did everything you said and here are the two logs:

1.aswMBR:
aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-02 15:42:24
-----------------------------
15:42:24.296 OS Version: Windows 5.1.2600 Service Pack 1
15:42:24.296 Number of processors: 2 586 0xF02
15:42:24.312 ComputerName: MARIETA UserName:
15:42:24.859 Initialize success
15:42:26.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:42:26.843 Disk 0 Vendor: ST3250824A 3.AAH Size: 238475MB BusType: 3
15:42:28.843 Disk 0 MBR read successfully
15:42:28.843 Disk 0 MBR scan
15:42:28.843 Disk 0 Windows XP default MBR code
15:42:30.843 Disk 0 scanning sectors +488376000
15:42:30.859 Disk 0 scanning C:\WINDOWS\System32\drivers
15:42:31.890 Service scanning
15:42:32.906 Disk 0 trace - called modules:
15:42:32.906 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:42:32.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86366b48]
15:42:32.906 3 CLASSPNP.SYS[f7628022] -> nt!IofCallDriver -> \Device\00000061[0x86381f18]
15:42:32.906 5 ACPI.sys[f759012d] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86380d98]
15:42:32.906 Scan finished successfully
15:43:09.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Marieta Yotseva\Desktop\MBR.dat"
15:43:09.156 The log file has been saved successfully to "C:\Documents and Settings\Marieta Yotseva\Desktop\aswMBR.txt"

2. OTL:
OTL logfile created on: 02.5.2011 г. 15:49:13 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Marieta Yotseva\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

1 015,00 Mb Total Physical Memory | 670,00 Mb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,52 Gb Total Space | 11,67 Gb Free Space | 59,76% Space Free | Partition Type: FAT32
Drive D: | 213,34 Gb Total Space | 162,42 Gb Free Space | 76,13% Space Free | Partition Type: NTFS

Computer Name: MARIETA | User Name: Marieta Yotseva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.02 13:49:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marieta Yotseva\Desktop\OTL.exe
PRC - [2007.03.02 17:01:38 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007.03.01 21:27:10 | 000,917,504 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2007.03.01 21:27:10 | 000,495,616 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2006.06.19 11:43:34 | 000,262,144 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
PRC - [2006.05.12 11:27:04 | 000,831,488 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006.03.30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005.10.25 22:48:30 | 000,988,565 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2005.10.25 22:48:30 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005.10.25 22:48:30 | 000,118,784 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2002.08.29 03:41:24 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.05.02 13:49:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marieta Yotseva\Desktop\OTL.exe
MOD - [2002.08.29 03:41:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2007.03.02 17:01:38 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007.03.01 21:27:10 | 000,495,616 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2006.09.29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2006.03.30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.10.25 22:48:30 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2007.03.02 00:44:22 | 000,002,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\io02.sys -- (io02)
DRV - [2007.03.01 21:43:34 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007.03.01 21:42:08 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007.03.01 21:42:08 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007.03.01 21:41:40 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007.03.01 21:27:10 | 000,502,208 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2006.10.19 00:00:00 | 000,020,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2006.06.28 10:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.27 13:50:36 | 010,148,480 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2006.03.27 04:48:34 | 000,026,752 | R--- | M] (ASUSTek Computer Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2005.11.16 10:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011.05.02 15:45:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [Resume copy] C:\WINDOWS\COPYFSTQ.EXE ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\Marieta Yotseva\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.128.95.129 193.24.240.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marieta Yotseva\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marieta Yotseva\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.01 20:38:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011.05.01 22:01:44 | 000,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.02 15:45:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.02 15:41:57 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Marieta Yotseva\Desktop\aswMBR.exe
[2011.05.02 13:49:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marieta Yotseva\Desktop\OTL.exe
[2008.11.24 19:21:13 | 008,981,504 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5541_full_emusic-7plus_en-us.exe
[2008.10.23 15:14:45 | 002,991,076 | ---- | C] (Software Companions ) -- C:\Program Files\vcsetup.exe
[2008.01.02 17:48:07 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008.01.02 17:48:07 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008.01.02 17:39:45 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2007.10.25 21:54:53 | 023,876,904 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.02 15:48:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.02 15:48:16 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.02 15:43:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Marieta Yotseva\Desktop\MBR.dat
[2011.05.02 15:42:00 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Marieta Yotseva\Desktop\aswMBR.exe
[2011.05.02 13:49:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marieta Yotseva\Desktop\OTL.exe
[2011.05.02 13:26:02 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.01 21:28:24 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.04.29 19:24:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.02 15:43:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Marieta Yotseva\Desktop\MBR.dat
[2011.05.01 11:21:45 | 000,001,044 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.01 11:21:45 | 000,001,040 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2008.10.23 11:18:39 | 060,275,693 | ---- | C] () -- C:\Program Files\FurnishBG.exe
[2008.01.18 13:13:58 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008.01.02 17:48:07 | 000,831,488 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2008.01.02 17:48:07 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008.01.02 17:39:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2007.03.04 21:12:45 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Marieta Yotseva\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.02 00:44:21 | 000,002,624 | ---- | C] () -- C:\WINDOWS\System32\io02.sys
[2007.03.02 00:37:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.03.02 00:05:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.03.02 00:05:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.03.02 00:05:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.03.02 00:05:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.03.02 00:05:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.03.02 00:05:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.03.02 00:05:15 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2007.03.02 00:05:14 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2007.03.02 00:02:54 | 000,002,568 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007.03.01 23:08:37 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Marieta Yotseva\Local Settings\Application Data\fusioncache.dat
[2007.03.01 21:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.03.01 21:41:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll
[2007.03.01 21:38:49 | 000,017,987 | ---- | C] () -- C:\WINDOWS\irunin.ini
[2007.03.01 21:38:49 | 000,009,694 | ---- | C] () -- C:\WINDOWS\irunin.dat
[2007.03.01 21:38:41 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007.03.01 21:37:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007.03.01 21:32:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.03.01 21:17:38 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007.03.01 21:17:38 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007.03.01 21:03:09 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2007.03.01 20:47:50 | 000,004,440 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.03.01 20:47:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.03.01 20:40:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.03.01 20:36:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.03.01 20:31:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.03.01 20:31:00 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.20 03:52:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2002.08.29 03:57:58 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002.05.04 13:04:46 | 000,046,080 | ---- | C] () -- C:\WINDOWS\COPYFSTQ.EXE
[2002.05.04 13:04:45 | 000,094,636 | ---- | C] () -- C:\WINDOWS\dropcpyr.dll
[2002.04.10 18:18:00 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002.03.25 20:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001.08.23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 12:00:00 | 000,401,064 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 12:00:00 | 000,062,344 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2007.03.01 21:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007.03.01 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007.03.02 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2007.03.01 21:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marieta Yotseva\Application Data\ACD Systems
[2007.03.01 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marieta Yotseva\Application Data\Autodesk
[2007.03.02 00:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marieta Yotseva\Application Data\InterVideo
[2010.07.05 19:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marieta Yotseva\Application Data\Opera

========== Purity Check ==========

Thanks,
Kalina
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks much better :)

Have the alerts ceased ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#5
Kalinche007

Kalinche007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi,

I can feel now that we are progressing:)

Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6491

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

02.5.2011 г. 16:13:21
mbam-log-2011-05-02 (16-13-21).txt

Scan type: Quick scan
Objects scanned: 151579
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalCopy_1.2_(Luki_Edition)_English (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\irunin.bmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\irunin.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\irunin.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\irunin.lng (Malware.Trace) -> Quarantined and deleted successfully.

Thanks,
Kalina
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is IE behaving now, any more freezes or slowdowns ? Has NOD ceased alerting on files ?
  • 0

#7
Kalinche007

Kalinche007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
IE is still working very, very slowly, "not responding" or freezing :)

I tried downloading and installing Internet Explorer 8 but to no success:

I got the following message: The procedure entry point SHRegGetValueW could not be located in the dynamic link library SHLWAPI.dll

No more alerts from NOD antivirus.

Thanks,
Kalina
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You will not be able to get IE8 until windows is updated

Could you go to Microsoft Windows Update and install Service Pack 2, followed by Service Pack 3
Then install IE8, once you have completed that we will do a spring clean of your system to get it running a lot better :)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP