Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Anti-Virus Sites Denied [Closed]


  • This topic is locked This topic is locked

#1
pravon

pravon

    New Member

  • Member
  • Pip
  • 1 posts
Hi

I had been alternating between several Anti-Virus programs (trial versions). The last one that I used was AVG. Since I thought AVG slowed down the system a bit, I uninstalled it and used the system without any Anti-Virus software for 2 days. The consequence: The system slowed down even more. It got hanged randomly and I had to press the restart button to start working again.

When I tried opening up Anti-Virus sites, I couldn't. I suspect a Trojan.

And, one of my geeky friend says the only option is to format the system. But there's a problem in doing it as my CD Drive is now defunct. How do I tackle this problem?

OTL report:

OTL logfile created on: 11/26/2011 10:21:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.23 Mb Total Physical Memory | 522.40 Mb Available Physical Memory | 54.46% Memory free
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.54% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 19.01 Gb Free Space | 64.89% Space Free | Partition Type: NTFS
Drive D: | 7.97 Gb Total Space | 1.25 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
Drive G: | 7.45 Gb Total Space | 3.63 Gb Free Space | 48.78% Space Free | Partition Type: FAT32
Drive H: | 39.06 Gb Total Space | 0.75 Gb Free Space | 1.92% Space Free | Partition Type: NTFS
Drive I: | 39.06 Gb Total Space | 1.60 Gb Free Space | 4.10% Space Free | Partition Type: NTFS
Drive J: | 39.06 Gb Total Space | 9.24 Gb Free Space | 23.65% Space Free | Partition Type: NTFS
Drive K: | 31.86 Gb Total Space | 1.33 Gb Free Space | 4.18% Space Free | Partition Type: NTFS

Computer Name: USER-A846258518 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 22:20:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/09/27 20:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/08/01 23:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/17 19:50:12 | 000,057,344 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2011/02/15 11:32:40 | 000,858,632 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
PRC - [2011/02/15 11:32:36 | 001,268,744 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Program Files\Common Files\MicroWorld\Agent\MWAGENT.EXE
PRC - [2007/01/27 08:42:48 | 000,044,384 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2006/09/13 10:12:52 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/09/13 10:07:08 | 000,880,640 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005/03/11 16:33:28 | 000,147,456 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/03/08 02:33:28 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/14 21:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/14 21:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/14 21:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/14 21:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/14 21:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/14 18:36:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2007/01/21 11:46:16 | 000,018,944 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2006/04/18 17:15:22 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/02/15 11:32:40 | 000,858,632 | ---- | M] (MicroWorld Technologies Inc.) [Auto | Running] -- C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE -- (MWAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/11/08 19:16:12 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://in.search.yah...type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\user\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 00:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/24 12:34:43 | 000,000,000 | ---D | M]

[2011/07/18 19:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/11/15 21:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\fvpgd9jv.default\extensions
[2011/10/17 21:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/17 19:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2011/10/17 21:57:53 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/10/17 21:57:54 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011/09/06 00:15:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/15 04:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: ESPN Cricinfo = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip\1.0.0_0\
CHR - Extension: Star Gazer = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme\1.1_0\

O1 HOSTS File: ([2011/07/31 12:34:34 | 000,000,801 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\user\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B6FDDF8-1B68-4CFA-9AF0-E3F69ED2D2AF}: NameServer = 218.248.255.146 218.248.255.147
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/17 17:18:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/21 06:18:58 | 000,059,288 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{23e71b83-fc70-11e0-85e7-0015f250a8c3}\Shell - "" = AutoRun
O33 - MountPoints2\{23e71b83-fc70-11e0-85e7-0015f250a8c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23e71b83-fc70-11e0-85e7-0015f250a8c3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{247f00af-0a81-11e1-861b-0015f250a8c3}\Shell - "" = AutoRun
O33 - MountPoints2\{247f00af-0a81-11e1-861b-0015f250a8c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{247f00af-0a81-11e1-861b-0015f250a8c3}\Shell\AutoRun\command - "" = G:\setup.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 23:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Dan Awesome
[2011/11/22 22:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rage Maker
[2011/11/22 22:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rage Maker
[2011/11/12 18:11:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2011/11/08 19:16:11 | 000,232,512 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/11/08 19:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2011/11/08 19:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/11/08 19:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Lite
[2011/11/08 19:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/11/03 01:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\How Does US Economy Work - Understand How the US Economy Works_files
[2011/11/02 17:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2011/11/02 17:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Facebook
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/26 21:59:03 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-299502267-839522115-1003UA.job
[2011/11/26 21:57:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-299502267-839522115-1003UA.job
[2011/11/26 21:11:37 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/26 21:11:37 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/26 21:10:12 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/11/26 21:06:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/26 21:06:18 | 1005,899,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/25 23:32:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/25 23:32:22 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/25 18:59:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-299502267-839522115-1003Core.job
[2011/11/24 22:21:44 | 000,096,390 | ---- | M] () -- C:\Documents and Settings\user\Desktop\img.JPG
[2011/11/24 19:58:54 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/20 11:02:53 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2011/11/20 11:02:53 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/14 18:34:58 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/08 19:16:12 | 000,232,512 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/11/08 19:15:58 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2011/11/03 01:27:54 | 000,046,304 | ---- | M] () -- C:\Documents and Settings\user\Desktop\How Does US Economy Work - Understand How the US Economy Works.htm
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/24 22:21:43 | 000,096,390 | ---- | C] () -- C:\Documents and Settings\user\Desktop\img.JPG
[2011/11/22 22:47:40 | 005,100,714 | ---- | C] () -- C:\Documents and Settings\user\Desktop\IMG_0123.JPG
[2011/11/08 19:15:58 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2011/11/03 01:27:53 | 000,046,304 | ---- | C] () -- C:\Documents and Settings\user\Desktop\How Does US Economy Work - Understand How the US Economy Works.htm
[2011/11/02 17:54:41 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-299502267-839522115-1003UA.job
[2011/11/02 17:54:40 | 000,000,972 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-299502267-839522115-1003Core.job
[2011/07/25 18:04:51 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\user\Application Data\.backup.dm
[2011/07/20 05:43:12 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 21:01:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/18 19:52:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/18 17:16:30 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2011/07/18 17:16:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2011/07/18 17:16:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2011/07/18 17:16:26 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2011/07/18 17:16:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2011/07/18 17:16:24 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2011/07/18 17:16:24 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2011/07/18 17:16:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2011/07/17 20:07:15 | 000,338,176 | ---- | C] () -- C:\WINDOWS\System32\wget.exe
[2011/07/17 20:07:15 | 000,293,896 | ---- | C] () -- C:\WINDOWS\System32\curl.exe
[2011/07/17 20:07:15 | 000,172,040 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/17 17:22:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 17:14:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/17 10:06:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/17 10:03:50 | 000,173,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/27 13:57:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005/01/25 14:15:42 | 000,010,240 | R--- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,136,800 | RHS- | C] () -- C:\WINDOWS\System32\kxfka.dll
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/09/19 18:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/19 07:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/08 19:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/11/17 22:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/17 20:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2011/10/17 21:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/07/24 19:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitComet
[2011/11/13 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitTorrent
[2011/11/08 19:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Lite
[2011/07/17 20:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MicroWorld
[2011/10/17 21:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2011/07/31 17:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WeatherWatcher
[2011/07/22 21:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\webcam
[2011/10/20 00:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YouTube Downloader
[2011/11/25 18:59:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-299502267-839522115-1003Core.job
[2011/11/26 21:59:03 | 000,000,994 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-299502267-839522115-1003UA.job
[2011/11/26 21:10:12 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{23e71b83-fc70-11e0-85e7-0015f250a8c3}\Shell - "" = AutoRun
    O33 - MountPoints2\{23e71b83-fc70-11e0-85e7-0015f250a8c3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{23e71b83-fc70-11e0-85e7-0015f250a8c3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{247f00af-0a81-11e1-861b-0015f250a8c3}\Shell - "" = AutoRun
    O33 - MountPoints2\{247f00af-0a81-11e1-861b-0015f250a8c3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{247f00af-0a81-11e1-861b-0015f250a8c3}\Shell\AutoRun\command - "" = G:\setup.exe
    [2004/08/04 04:00:00 | 000,136,800 | RHS- | C] () -- C:\WINDOWS\System32\kxfka.dll
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP