Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Redirects, Script Errors, Advertisement in the Background afte


  • Please log in to reply

#1
AlphaPositron

AlphaPositron

    New Member

  • Member
  • Pip
  • 6 posts
I've been having some issues on this Windows XP computer for several weeks now after getting the Windows Restore trojan, Java trojans and various adware. My internet browser (IE and Firefox) keeps redirecting to what seem like different advertisement websites whenever I search through google. On Firefox, in order to get to the desired destination I need to click the back button 3 times when the URL address becomes redirected (on IE this doesn't even work).

Also, internet explorer script errors randomly pop up (with different URLs) even when the browser is closed and clicking yes or no on the error window does nothing to solve the issue; it just keeps coming back. Sometimes I even hear commercials/advertisements playing in the background when the computer is idle with no browsers open.

All these problems started when Windows Restore got installed onto this computer while I was using traffic exchange programs. I looked through some forums and tried using MalwareBytes, AVG, Kaspersky (trial), SuperAntispyware and Spybot just to remove the infection and they remove it but did not fix the browser hijacks, script errors, etc. I looked through the browser add-ons but did not find anything unusual. I recently downloaded the TDSSKiller software but I can't run it.

Please, I need help with this. Nothing seems to work. Thanks in advance.

Here's the OTL log.

OTL logfile created on: 5/5/2011 4:22:14 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 331.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.06 Gb Free Space | 35.99% Space Free | Partition Type: NTFS
Drive D: | 35.44 Gb Total Space | 33.94 Gb Free Space | 95.77% Space Free | Partition Type: NTFS

Computer Name: HOME-AA2CAE7A1F | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 16:21:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/04/30 21:58:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/29 15:17:49 | 002,216,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011/04/29 15:17:49 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/12 12:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 12:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 16:21:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AVP)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/29 15:17:49 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/12 12:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/04/30 11:49:49 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/04/10 18:55:51 | 000,473,176 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/26 11:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/04/16 18:14:02 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 18:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/27 09:08:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2011/05/04 18:14:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 11:17:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 11:17:00 | 000,000,000 | ---D | M]

[2010/10/14 07:23:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/05 12:18:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rc5zdeb.default\extensions
[2010/07/06 15:57:16 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rc5zdeb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/09 20:25:17 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rc5zdeb.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/05/04 13:54:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rc5zdeb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/05 12:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/04 13:44:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/05/04 13:44:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/21 22:15:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found.
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1274377917500 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/17 21:28:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{54f2d1aa-6dac-11df-9cfd-001111bd5a0e}\Shell - "" = AutoRun
O33 - MountPoints2\{54f2d1aa-6dac-11df-9cfd-001111bd5a0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54f2d1aa-6dac-11df-9cfd-001111bd5a0e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b2e7548b-5243-11e0-9f66-001111bd5a0e}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 18:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Crawler Toolbar
[2011/05/04 18:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2011/05/04 18:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\GlobalSCAPE
[2011/05/04 18:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
[2011/05/04 18:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/05/04 18:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GlobalSCAPE
[2011/05/04 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2011/05/04 13:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/04 13:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/29 16:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
[2011/04/29 15:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
[2011/04/29 15:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator
[2011/04/29 15:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011/04/29 15:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/04/18 10:09:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/18 10:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2011/04/18 10:07:32 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/18 10:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/04/16 13:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/14 19:07:24 | 001,208,320 | ---- | C] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2011/04/13 19:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Secunia PSI
[2011/04/13 18:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/11 20:52:28 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/11 20:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/04/11 20:26:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/11 20:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/11 20:24:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/04/11 20:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/11 19:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/11 17:58:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/04/10 20:43:04 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/04/10 18:55:51 | 000,473,176 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/04/07 21:13:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 15:49:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 13:50:59 | 000,029,648 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110505_135048.reg
[2011/05/05 10:20:43 | 114,195,455 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/04 18:06:31 | 000,162,932 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/04 17:42:38 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\.htaccess.rtf
[2011/05/03 08:31:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/02 17:58:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1060284298-839522115-1003.job
[2011/05/02 10:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/01 19:50:01 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1060284298-839522115-500.job
[2011/04/30 15:22:47 | 000,129,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\n-400.pdf
[2011/04/30 11:49:49 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/04/29 15:18:53 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011/04/27 17:54:59 | 000,536,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CMPT 2.accdb
[2011/04/27 16:26:24 | 000,458,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CMPT project.accdb
[2011/04/27 09:08:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/23 23:28:32 | 000,504,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/23 23:28:32 | 000,087,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 11:48:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/18 10:07:32 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/14 19:07:25 | 001,208,320 | ---- | M] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2011/04/14 19:07:24 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\actskn43.ocx
[2011/04/13 18:44:13 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/11 22:35:23 | 000,011,420 | ---- | M] () -- C:\sysrestor.reg
[2011/04/11 17:58:47 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1060284298-839522115-1003.job
[2011/04/10 19:54:45 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1060284298-839522115-500.job
[2011/04/10 18:58:23 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/04/10 18:58:23 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/04/10 18:55:51 | 000,473,176 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/04/09 23:34:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/07 21:03:24 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19128116
[2011/04/07 21:03:23 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19128116r
[2011/04/07 20:56:51 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19128116
[2011/04/06 20:02:13 | 002,823,280 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1260785_84481055.jpg
[2011/04/05 23:06:13 | 000,229,562 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1162216_39371391.jpg
[2011/04/05 22:28:55 | 000,006,183 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\twitter-chrome-icon.png
[2011/04/05 22:27:02 | 000,005,989 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\facebook-chrome-icon.png
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 13:50:57 | 000,029,648 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110505_135048.reg
[2011/05/05 10:20:43 | 114,195,455 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/04 18:06:30 | 000,162,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/04 17:42:38 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\.htaccess.rtf
[2011/04/30 15:22:46 | 000,129,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\n-400.pdf
[2011/04/30 11:49:49 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/04/29 15:18:53 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011/04/18 10:10:15 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/14 19:07:24 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\actskn43.ocx
[2011/04/11 22:35:23 | 000,011,420 | ---- | C] () -- C:\sysrestor.reg
[2011/04/11 20:25:43 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/10 19:50:45 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1060284298-839522115-500.job
[2011/04/10 19:50:45 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1060284298-839522115-500.job
[2011/04/10 18:58:23 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/04/10 18:58:23 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/04/09 23:10:20 | 000,536,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CMPT 2.accdb
[2011/04/07 20:47:35 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19128116r
[2011/04/07 20:47:34 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19128116
[2011/04/07 20:47:27 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19128116
[2011/04/06 20:02:12 | 002,823,280 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1260785_84481055.jpg
[2011/04/05 23:06:13 | 000,229,562 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1162216_39371391.jpg
[2011/04/05 22:28:54 | 000,006,183 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\twitter-chrome-icon.png
[2011/04/05 22:27:01 | 000,005,989 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\facebook-chrome-icon.png
[2011/03/05 23:52:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/01 14:03:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/06/30 22:54:27 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/21 16:31:35 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/08 21:39:49 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/06/01 14:55:31 | 000,019,456 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 17:08:53 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/26 17:08:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/26 17:08:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/05/26 17:08:51 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/26 17:08:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/26 17:08:49 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/25 20:42:02 | 000,118,460 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2010/05/25 20:42:02 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2010/05/25 20:30:41 | 000,118,703 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2010/05/24 01:13:51 | 000,116,976 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/05/23 23:43:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/05/23 23:40:10 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/05/19 20:06:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/19 00:47:55 | 493,616,722 | ---- | C] () -- C:\Program Files\KZa02684
[2010/05/18 22:31:46 | 534,916,948 | ---- | C] () -- C:\Program Files\Microsoft Office '07.zip
[2010/05/17 22:57:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2010/05/17 22:50:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/05/17 22:02:43 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2010/05/17 21:30:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 21:26:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/17 14:19:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/17 14:18:06 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2006/03/09 13:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/03/22 14:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 14:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,504,286 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,087,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 06:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/04/23 11:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/30 08:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/11 20:26:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/22 17:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/05/04 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/04/11 20:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/17 22:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2010/05/19 00:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/06/09 10:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/05/05 15:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010/06/08 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/06/19 15:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/08 22:53:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity
[2011/04/11 20:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/06/21 16:51:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\DiskAid
[2011/02/19 23:57:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Easy MP3 Recorder
[2010/07/15 23:36:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2011/05/04 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
[2010/05/22 16:29:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Hardcore
[2010/07/15 20:14:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Hide IP NG
[2010/07/01 10:59:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\iComment
[2011/04/03 12:27:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2011/05/04 18:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
[2010/06/30 21:41:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\ubot
[2011/05/04 16:14:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/08/22 13:51:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\YouDataAIR.CDA5CEB063BC2A22C44BAA035F25F65FCCDA2208.1
[2011/05/02 10:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
AlphaPositron

AlphaPositron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the reply.

The problem worsened, however. Now I get a blue error screen that says: "Windows has been shut down to prevent damage..." and with the following codes on the bottom: STOP: 0x0000007B (0xF78B2528, 0xC000000E, 0x000000). I cannot start the computer in safe mode or any mode because it shows this error message. I tried using the windows xp os installation disk but that didn't work.

How can I access my files? Is there any way to back up the files or at least fix the system boot problem?
  • 0

#3
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
I think we'll start with backing up files first - just in case.
Do you have access to a flashdrive that you can use to copy files from the poorly PC to a working one?
Do you have the ability to burn a disk?
  • 0

#4
AlphaPositron

AlphaPositron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
It can't run any CD/DVD's at all. I'm guessing that the CD-Rom is not functioning properly.
I can probably use a flashdrive to transfer the files but I'm afraid that it will transfer the infection to my only working computer.

Edited by AlphaPositron, 06 May 2011 - 06:26 PM.

  • 0

#5
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Good evening. :)

How big is the flashdrive that you have - there is a cunning alternative that you may like.
  • 0

#6
AlphaPositron

AlphaPositron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Very small capacity actually so I don't think that will work. I have 2 512 MB memory cards (which I guess makes a total of only 1 GB).
What is the cunning alternative btw?
  • 0

#7
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Good evening. :)

The OS that you will be creating requires 64 Mb to install, so unless you have some seriously large files to transfer, you should be OK. The method is as follows:

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to your Desktop - it doesn't have to be the infected PC.
  • Insert your USB drive.
  • Click Start > My Computer, right click your USB drive and select Format > Quick format.
  • Double click the unetbootin-xpud-windows-latest.exe file that you just downloaded.
  • Click Run then OK - this will install a little bootable OS on your USB.
  • After it has completed, do not choose to reboot the clean computer; simply close the installer.

This gives you an alternative operating system with which to access your hard drive and as it isn't Windows, it won't activate any files on the PC and so you can transfer data without risk.

The next part is somewhat tricky as it differs on different machines. If you are lucky, then the following will work. If it doesn't, let me know and we'll go for a different angle.
  • If necessary insert the USB stick into the sick PC and then boot it.
  • You need to select the OS that is on the stick rather than let Windows take charge, so press F12 and choose to boot from the USB before Windows starts loading
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click the File icon on the left.
  • Expand mnt by clicking the little arrow to it's left.
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Navigate through the hard drive just as you do with Windows and right click gives you Copy and Paste as normal.
  • You can copy files to your flashdrive and then transfer them to a different PC as and when time allows.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As you have the Windows installation disc we may be able to get the PC back up and running using that, but with limited information and tools available because of the poorly Windows installation there is always a risk that the OS goes terminal and the end result is that you need to either carry out a repair install or a full reinstall.

It really comes down to how much time you wish to spend on this as it could be resolved very quickly or it may not.
  • 1

#8
AlphaPositron

AlphaPositron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you very much for your help. I was able to transfer my important files to the flashcard and into my second computer. It worked perfectly.

In addition to that, I was also able to fix the blue error screen problem by inserting the Windows XP OS CD into the DVD-Rom instead of CD-Rom. It turns out that the CD-Rom cannot read the CD. I used the Windows Recovery Console on the CD and restored the system. I removed certain files that I think caused the problem, just in case. The browser doesn't redirect anymore and no IE scripts errors show up. I still have no idea what exactly caused the blue screen error.
  • 0

#9
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Good evening. :)

Perhaps a little scan just to check for stragglers is in order. Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log AND a description of how your PC is behaving.
  • 0

#10
AlphaPositron

AlphaPositron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
The computer seems to be working normally. No more browser redirects, internet explorer script errors or commercials playing in the background. Just in case, I upgraded Mozilla Firefox and replaced IE with Chrome for better security and speed.

MalwareBytes performed a full scan and found 1 infection (which I think is a false positive).
Here's the MalwareBytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6541

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/9/2011 9:13:39 PM
mbam-log-2011-05-09 (21-13-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 213155
Time elapsed: 2 hour(s), 16 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\image-line\fl studio 9\patch.exe (Hoax.BadJoke) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------------
DDS Log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 21:26:32.85 on Mon 05/09/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.123 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Internet Security *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uLocal Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: &Crawler Toolbar Helper: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache
mRunOnce: [KB955759] rundll32.exe apphelp.dll,ShimFlushCache
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Crawler Search - tbr:iemenu
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274377917500
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\7rc5zdeb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z006&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-4-10 18816]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-4-30 142592]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2010-5-17 61529]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-4-16 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2011-4-10 473176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVP;Kaspersky Anti-Virus Service;"c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe" -r --> c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [?]
.
=============== Created Last 30 ================
.
2011-05-10 01:14:06 54016 ----a-w- c:\windows\system32\drivers\ubraeui.sys
2011-05-10 00:01:40 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-10 00:01:16 -------- d-----w- c:\program files\Coupons
2011-05-09 22:47:28 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-05-09 22:38:36 332800 ----a-w- c:\windows\system32\SETC9.tmp
2011-05-09 22:38:21 1172480 ------w- c:\windows\system32\SET131.tmp
2011-05-09 22:37:26 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-05-09 22:36:44 60416 ----a-w- c:\windows\system32\SET17B.tmp
2011-05-09 22:36:44 401408 ----a-w- c:\windows\system32\SET179.tmp
2011-05-09 22:36:44 284160 ----a-w- c:\windows\system32\SET17A.tmp
2011-05-09 22:36:42 473088 ----a-w- c:\windows\system32\wbem\SET17E.tmp
2011-05-09 22:36:42 227840 ----a-w- c:\windows\system32\wbem\SET17C.tmp
2011-05-09 22:36:37 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-05-09 22:36:35 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-05-09 22:36:33 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-05-09 22:36:32 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-05-09 22:27:57 215552 ----a-w- c:\program files\windows nt\accessories\SETB7.tmp
2011-05-09 20:56:23 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-09 20:56:22 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-09 20:56:22 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-09 20:56:22 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-09 20:56:22 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-09 20:56:21 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-09 20:56:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-09 20:56:20 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-09 20:24:16 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-05-09 20:24:16 -------- d-----w- c:\docume~1\owner\applic~1\Spyware Terminator
2011-05-09 20:16:06 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-05-09 20:16:06 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-05-09 20:16:04 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-05-09 20:16:03 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2011-05-09 20:16:03 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2011-05-09 20:14:55 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-05-09 20:13:58 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2011-05-09 20:10:04 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-05-09 20:10:04 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-05-09 19:58:19 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-05-09 19:58:19 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-05-09 19:58:19 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-05-09 19:58:19 13312 ----a-w- c:\windows\system32\irclass.dll
2011-05-09 19:58:05 22339 ----a-r- c:\windows\SET13A.tmp
2011-05-09 19:58:05 10559 ----a-r- c:\windows\SET13D.tmp
2011-05-09 19:57:54 13753 ----a-r- c:\windows\SET107.tmp
2011-05-09 19:57:50 1086058 ----a-r- c:\windows\SETFB.tmp
2011-05-09 19:57:48 1042903 ----a-r- c:\windows\SETF8.tmp
2011-05-06 02:57:16 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-06 02:55:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-05-04 22:01:51 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\GlobalSCAPE
2011-05-04 22:01:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2011-05-04 17:44:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-04 17:44:42 472808 ----a-w- c:\program files\mozilla firefox\plugins\REN1F4.tmp
2011-04-30 15:49:49 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-04-30 15:46:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-30 15:46:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 20:29:23 -------- d-----w- c:\program files\WinClamAVShield
2011-04-29 19:17:44 -------- d-----w- c:\program files\Spyware Terminator
2011-04-29 19:17:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2011-04-18 14:07:33 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
2011-04-18 14:07:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 17:18:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-04-14 23:07:24 389120 ----a-w- c:\windows\system32\actskn43.ocx
2011-04-14 23:07:24 1208320 ----a-w- c:\windows\system32\PTxSCP.ocx
2011-04-13 23:46:08 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Secunia PSI
2011-04-12 02:35:23 11420 ----a-w- C:\sysrestor.reg
2011-04-12 00:52:28 -------- d--h--w- C:\$AVG
2011-04-12 00:32:24 -------- d-----w- c:\docume~1\owner\applic~1\AVG10
2011-04-12 00:26:02 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-04-12 00:24:16 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-12 00:24:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-12 00:23:23 -------- d-----w- c:\program files\AVG
2011-04-11 23:51:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-04-11 21:58:33 -------- d-----w- c:\windows\SxsCaPendDel
2011-04-11 00:43:04 18816 ----a-w- c:\windows\system32\SAVRKBootTasks.sys
2011-04-10 22:58:23 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-10 22:58:23 113933 ----a-w- c:\windows\system32\drivers\klin.dat
.
==================== Find3M ====================
.
2011-05-04 17:44:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-18 17:32:10 71072 ----a-w- c:\windows\CouponPrinter.ocx
.
============= FINISH: 21:27:20.60 ===============

Attached Files


Edited by AlphaPositron, 09 May 2011 - 07:32 PM.

  • 0

#11
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Good evening. :)

The golden rule with anti-virus programs is to only have one active resident scanner installed at a time, and you have two: AVG Anti-Virus Free Edition 2011 and Kaspersky Internet Security. You need to decide on which one you don't want, and uninstall it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run OTL.exe.
  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found.
    O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.

  • Close any open browsers.
  • Click the Run Fix button at the top.
  • Let the program run until it has completed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP