Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VW5J80J.COM file corrupted; initialization errors. PC working slow.

Started by Tudysjudy , Mar 25 2012 02:07 PM

  • Please log in to reply

#1
Tudysjudy
Posted 25 March 2012 - 02:07 PM

Tudysjudy

    New Member

  • Member
  • Pip
  • 1 posts
Known facts:

- I've noticed this process, "VW5J80J.COM", running a lot in the backround. Sometimes five or six seperate ones. A while ago a message appeared saying that file was corrupted and to do disk check. I tried to do disk check, but it didn't load at restart like normal. I looked up that file and there are no results for it, as if my PC is the only one that has it. You can find the VW5J80J file in the OTL report.

- I ran a virus scan, and it found nothing other than the normal stuff (my anti-virus tends to view anything with ".exe" as a virus), I use "zillya" anti-virus.

- Whenever I start windows I get a few messages with something like "xc 50000000 initilization error".

- Computer working very slow, especially when on internet. Connection fine. When not on internet most things fine.

- All began in the last few days. During which, for the first time I also started getting pop-up messages, normally to cooking sites or google sites. I have two seperate firefoxes, one for work and one for free-time. This was strange, because I normally use firefox adblocker so I don't get pop-up messages.

- It happens when I use another browser (opera) also, but less.

- I recently noticed firefox updated and now, when you clear history, a section for, I don't know how to translate it into English correctly, but basically "non-online information of sites", as if they collect some information.

- During this time, my PC has been "over-heating" a lot more than normal. I don't know how to describe it, you know, when the fan in the PC turns on and it makes a loud noise for a while and then stops.



The OTL report can be seen below:


PS:
Рабочий стол = desktop
Корпорация Майкрософт = microsoft corporation
(pc in other language)

OTL logfile created on: 25.03.2012 15:46:36 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Комп'ютер\Рабочий стол
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000422 | Country: Україна | Language: UKR | Date Format: dd.MM.yyyy

503,48 Mb Total Physical Memory | 71,58 Mb Available Physical Memory | 14,22% Memory free
1,20 Gb Paging File | 0,56 Gb Available in Paging File | 46,23% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 1,74 Gb Free Space | 2,34% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 461,26 Gb Free Space | 99,03% Space Free | Partition Type: NTFS

Computer Name: КОМП | User Name: Комп'ютер | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.25 14:12:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Комп'ютер\Рабочий стол\OTL.exe
PRC - [2012.03.19 04:13:45 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.03.13 15:14:44 | 003,195,112 | ---- | M] () -- C:\Program Files\Zillya Antivirus\ZavCore.exe
PRC - [2012.03.13 15:14:44 | 002,150,632 | ---- | M] (ALLIT Service, LLC.) -- C:\Program Files\Zillya Antivirus\ZavAux.exe
PRC - [2009.01.23 05:41:00 | 000,109,056 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\services.exe
PRC - [2008.04.14 15:41:14 | 000,509,440 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008.04.14 15:41:10 | 000,050,688 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\system32\smss.exe
PRC - [2008.04.14 15:40:58 | 001,034,240 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.03.19 04:13:45 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.03.13 15:14:44 | 003,195,112 | ---- | M] () -- C:\Program Files\Zillya Antivirus\ZavCore.exe
MOD - [2012.03.11 20:24:27 | 008,527,520 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.09.05 21:36:14 | 000,170,216 | ---- | M] () -- C:\Program Files\Common Files\Zillya Antivirus\Bases\CoreMain.DLL
MOD - [2011.08.15 21:38:44 | 000,696,552 | ---- | M] () -- C:\Program Files\Common Files\Zillya Antivirus\Bases\CoreArch.dll
MOD - [2010.03.16 19:11:56 | 000,037,624 | ---- | M] () -- C:\Program Files\Common Files\Zillya Antivirus\Bases\CoreMem.dll
MOD - [2010.02.23 11:11:10 | 000,080,896 | ---- | M] () -- C:\Program Files\Zillya Antivirus\ZscLib.dll
MOD - [2010.02.18 14:47:22 | 000,040,184 | ---- | M] () -- C:\Program Files\Common Files\Zillya Antivirus\Bases\CoreHAL.dll
MOD - [2009.03.06 12:15:34 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll
MOD - [2008.04.14 15:40:42 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008.04.14 15:40:42 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.03.13 15:14:44 | 003,195,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Zillya Antivirus\ZavCore.exe -- (ZillyaAVCoreSvc)
SRV - [2012.03.13 15:14:44 | 002,150,632 | ---- | M] (ALLIT Service, LLC.) [Auto | Running] -- C:\Program Files\Zillya Antivirus\ZavAux.exe -- (ZillyaAVAuxSvc)
SRV - [2011.06.01 18:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2009.03.06 12:38:26 | 000,483,840 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009.01.23 05:41:00 | 000,109,056 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009.01.23 05:41:00 | 000,109,056 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008.04.14 15:41:14 | 000,290,304 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008.04.14 15:41:14 | 000,126,464 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008.04.14 15:41:12 | 000,073,216 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008.04.14 15:41:12 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\netdevio.dll -- (NETw3v32)
SRV - [2008.04.14 15:41:10 | 000,141,824 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008.04.14 15:41:10 | 000,091,648 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008.04.14 15:41:08 | 000,096,768 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008.04.14 15:41:06 | 000,113,664 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 15:41:06 | 000,113,664 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 15:41:02 | 000,032,768 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008.04.14 15:41:00 | 000,150,528 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008.04.14 15:40:48 | 000,333,824 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Служба загрузки изображений (WIA)
SRV - [2008.04.14 15:40:48 | 000,186,368 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008.04.14 15:40:48 | 000,175,616 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008.04.14 15:40:48 | 000,145,408 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008.04.14 15:40:46 | 000,295,936 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008.04.14 15:40:46 | 000,249,856 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008.04.14 15:40:46 | 000,193,024 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008.04.14 15:40:46 | 000,171,008 | ---- | M] (Корпорация Майкрософт) [Auto | Stopped] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008.04.14 15:40:46 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008.04.14 15:40:46 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008.04.14 15:40:46 | 000,135,680 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008.04.14 15:40:46 | 000,018,944 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008.04.14 15:40:44 | 000,436,736 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008.04.14 15:40:44 | 000,409,088 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) Фоновая интеллектуальная служба передачи (BITS)
SRV - [2008.04.14 15:40:42 | 000,247,296 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Служба сетевого расположения (NLA)
SRV - [2008.04.14 15:40:42 | 000,198,144 | ---- | M] (Корпорация Майкрософт) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008.04.14 15:40:40 | 000,331,264 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Брандмауэр Windows/Общий доступ к Интернету (ICS)
SRV - [2008.04.14 15:40:36 | 000,126,464 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008.04.14 15:40:36 | 000,045,568 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008.04.14 15:40:36 | 000,024,064 | ---- | M] (Корпорация Майкрософт) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008.04.14 15:40:34 | 000,687,616 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) Расширения драйверов WMI (Windows Management Instrumentation)
SRV - [2008.04.14 15:40:34 | 000,171,008 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | System | Stopped] -- hex(2):73 -- (vcdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010.06.16 12:14:06 | 000,049,992 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Znf.sys -- (Znf)
DRV - [2010.02.23 11:11:10 | 000,078,336 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Zsc.sys -- (Zsc)
DRV - [2009.03.06 12:38:26 | 000,080,128 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2009.03.06 12:38:26 | 000,030,208 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2009.03.06 12:38:26 | 000,023,296 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2009.03.06 12:35:22 | 000,012,160 | ---- | M] (Корпорация Майкрософт) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2008.09.24 03:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008.05.01 22:15:46 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008.04.14 15:22:46 | 000,073,472 | ---- | M] (Корпорация Майкрософт) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008.04.14 15:22:32 | 000,120,192 | ---- | M] (Корпорация Майкрософт) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.14 15:22:30 | 000,068,480 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008.04.14 15:17:56 | 000,024,832 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008.04.14 15:17:16 | 000,037,504 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008.04.14 15:14:10 | 000,053,120 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008.04.14 15:14:02 | 000,065,024 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008.04.14 15:11:14 | 000,044,544 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008.04.14 15:10:10 | 000,051,968 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008.04.14 15:07:38 | 000,188,288 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008.04.14 14:16:18 | 000,005,504 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008.04.14 14:11:48 | 000,058,368 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008.04.13 18:51:02 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008.04.13 15:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001.10.20 09:00:00 | 000,125,440 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001.10.20 09:00:00 | 000,011,776 | ---- | M] (Корпорация Майкрософт) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001.10.20 09:00:00 | 000,006,912 | ---- | M] (Корпорация Майкрософт) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001.10.20 09:00:00 | 000,003,328 | ---- | M] (Корпорация Майкрософт) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pciide.sys -- (PCIIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://google.com.ua/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\W, = http://uk.wikipedia....earch?search=%s
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Яндекс"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.ua"
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 04:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.09 07:48:50 | 000,000,000 | ---D | M]

[2011.11.27 00:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Комп'ютер\Application Data\Mozilla\Extensions
[2012.01.10 01:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Комп'ютер\Application Data\Mozilla\Firefox\Profiles\2cw2c5x9.Користувач\extensions
[2012.02.04 22:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Комп'ютер\Application Data\Mozilla\Firefox\Profiles\4bwonl8m.Вогнелис\extensions
[2012.01.06 02:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Комп'ютер\Application Data\Mozilla\Firefox\Profiles\jqkuzbop.default\extensions
[2011.12.31 06:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\РЉРЅРЈРЇ'СЋС‚РΜСЂ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JQKUZBOP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.19 04:13:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.01 11:56:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.31 06:10:43 | 000,001,350 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\meta-ua.xml
[2011.12.31 06:10:43 | 000,001,107 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\metamarket.xml
[2011.12.31 06:10:43 | 000,001,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-uk.xml
[2011.12.31 06:10:43 | 000,001,370 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex.xml

Hosts file not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Адрес) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Корпорация Майкрософт)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0794B5C8-27AB-4FC8-A11F-05C5E92737CC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Корпорация Майкрософт)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Корпорация Майкрософт)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Корпорация Майкрософт)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Корпорация Майкрософт)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Предзагрузчик Browseui - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Демон кэша категорий компонентов - C:\WINDOWS\system32\browseui.dll (Корпорация Майкрософт)
O24 - Desktop Components:0 (Моя поточна домашня сторінка) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Безмятежность.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Безмятежность.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Корпорация Майкрософт)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Корпорация Майкрософт)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.01 11:19:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.05.07 03:03:54 | 000,000,036 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.25 14:12:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Комп'ютер\Рабочий стол\OTL.exe
[2012.03.24 04:02:53 | 000,000,000 | -HSD | C] -- C:\ZIL.QUAR
[2012.03.23 02:14:47 | 000,049,992 | ---- | C] (NetFilterSDK.com) -- C:\WINDOWS\System32\drivers\Znf.sys
[2012.03.23 02:14:44 | 000,078,336 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\Zsc.sys
[2012.03.23 02:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zillya Antivirus
[2012.03.23 02:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Главное меню\Программы\Zillya! Antivirus
[2012.03.23 02:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Zillya Antivirus
[2012.03.23 02:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Zillya Antivirus
[2012.03.22 03:05:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012.03.21 02:51:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Комп'ютер\Recent
[2012.03.11 13:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Комп'ютер\Local Settings\Application Data\Opera
[2012.03.11 13:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Комп'ютер\Application Data\Opera
[2012.03.11 13:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011.08.26 13:11:29 | 000,346,112 | ---- | C] (Корпорация Майкрософт) -- C:\Program Files\mspaint.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.25 15:55:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012.03.25 15:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012.03.25 15:40:38 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012.03.25 15:39:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.25 15:39:24 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.25 14:55:26 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012.03.25 14:55:26 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012.03.25 14:12:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Комп'ютер\Рабочий стол\OTL.exe
[2012.03.25 13:56:43 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012.03.25 13:55:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012.03.25 04:59:33 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012.03.25 04:58:39 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012.03.25 04:52:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.25 03:55:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012.03.25 03:55:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012.03.25 02:55:31 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012.03.25 02:55:26 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012.03.25 01:56:38 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012.03.25 01:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012.03.25 00:56:40 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012.03.25 00:55:39 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012.03.24 23:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012.03.24 23:55:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012.03.24 22:55:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012.03.24 22:55:07 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012.03.24 21:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012.03.24 21:55:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012.03.24 20:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012.03.24 20:55:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012.03.24 19:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012.03.24 19:55:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012.03.24 18:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012.03.24 18:55:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012.03.24 17:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012.03.24 17:55:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012.03.24 16:56:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012.03.24 16:55:41 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012.03.24 15:41:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.03.24 12:55:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012.03.24 12:55:14 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012.03.24 11:56:37 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012.03.24 11:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012.03.24 10:56:39 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012.03.24 10:55:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012.03.24 09:55:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012.03.24 09:55:19 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012.03.24 08:56:36 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012.03.24 08:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012.03.24 07:57:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012.03.24 07:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012.03.24 06:57:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012.03.24 06:55:12 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012.03.24 05:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012.03.24 05:55:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012.03.23 02:14:21 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Рабочий стол\Zillya! Антивірус.lnk
[2012.03.23 02:00:17 | 091,198,464 | ---- | M] () -- C:\Documents and Settings\Комп'ютер\Рабочий стол\ZillyaAntivirus_ua.msi
[2012.03.22 21:43:40 | 004,749,312 | ---- | M] () -- C:\Documents and Settings\Комп'ютер\Рабочий стол\Роллікс_-_День_у_день_(3_17).mp3
[2012.03.22 13:59:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.22 06:15:57 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\W5Yl8wi.dat
[2012.03.21 20:22:58 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\Vw5j80j.com_
[2012.03.21 20:22:58 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\Vw5j80j.com
[2012.03.20 02:53:40 | 008,261,132 | ---- | M] () -- C:\Documents and Settings\Комп'ютер\Рабочий стол\5.mp3
[2012.03.11 14:33:17 | 000,040,131 | ---- | M] () -- C:\123.JPG
[2012.03.11 14:26:15 | 000,024,025 | ---- | M] () -- C:\12.JPG
[2012.03.10 09:55:36 | 000,127,493 | ---- | M] () -- C:\Шлюб.jpg
[2012.03.10 08:27:49 | 000,068,102 | ---- | M] () -- C:\Ідіоти.jpg
[2012.03.06 03:38:53 | 000,000,462 | ---- | M] () -- C:\Documents and Settings\Комп'ютер\Application Data\Microsoft\Internet Explorer\Quick Launch\Уроки.lnk
[2012.03.06 02:00:05 | 000,063,213 | ---- | M] () -- C:\Віра.jpg
[2012.03.02 19:32:01 | 000,123,683 | ---- | M] () -- C:\Бидло.jpg
[2012.02.29 07:42:52 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Комп'ютер\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.24 03:55:23 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\Vw5j80j.com
[2012.03.23 02:14:21 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Рабочий стол\Zillya! Антивірус.lnk
[2012.03.23 01:55:20 | 091,198,464 | ---- | C] () -- C:\Documents and Settings\Комп'ютер\Рабочий стол\ZillyaAntivirus_ua.msi
[2012.03.21 23:55:05 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\Vw5j80j.com_
[2012.03.21 20:38:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.21 20:22:34 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\W5Yl8wi.dat
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012.03.21 20:22:33 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012.03.21 20:22:33 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012.03.21 20:12:31 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012.03.20 02:54:06 | 004,749,312 | ---- | C] () -- C:\Documents and Settings\Комп'ютер\Рабочий стол\Роллікс_-_День_у_день_(3_17).mp3
[2012.03.20 02:52:25 | 008,261,132 | ---- | C] () -- C:\Documents and Settings\Комп'ютер\Рабочий стол\5.mp3
[2012.03.16 23:11:02 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\Комп'ютер\Application Data\Microsoft\Internet Explorer\Quick Launch\План.lnk
[2012.03.11 14:33:17 | 000,040,131 | ---- | C] () -- C:\123.JPG
[2012.03.11 14:26:15 | 000,024,025 | ---- | C] () -- C:\12.JPG
[2012.03.11 13:55:10 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Главное меню\Программы\Опера.lnk
[2012.03.10 09:55:30 | 000,127,493 | ---- | C] () -- C:\Шлюб.jpg
[2012.03.10 08:27:41 | 000,068,102 | ---- | C] () -- C:\Ідіоти.jpg
[2012.03.06 03:38:53 | 000,000,462 | ---- | C] () -- C:\Documents and Settings\Комп'ютер\Application Data\Microsoft\Internet Explorer\Quick Launch\Уроки.lnk
[2012.03.06 02:00:02 | 000,063,213 | ---- | C] () -- C:\Віра.jpg
[2012.03.02 19:31:57 | 000,123,683 | ---- | C] () -- C:\Бидло.jpg
[2012.01.09 09:35:36 | 000,004,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cbkxtjjv.ukg
[2011.12.11 22:15:09 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Комп'ютер\Application Data\Параметри формату Adobe AIFF CS5
[2011.12.02 10:11:39 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Комп'ютер\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.27 16:07:33 | 000,058,348 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.11.27 00:44:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.11.27 00:43:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011.11.27 00:43:04 | 000,004,337 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.11.27 00:40:27 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.11.26 23:10:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.11.26 23:02:11 | 000,022,564 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.11.26 23:01:14 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\vcdrom.exe
[2011.11.26 23:01:13 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\IEClean.exe
[2011.11.26 23:01:07 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2011.11.26 23:01:06 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2011.11.26 23:01:05 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

========== LOP Check ==========

[2012.01.09 07:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012.03.23 02:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zillya Antivirus
[2012.02.24 10:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\.purple
[2012.02.23 07:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\gtk-2.0
[2012.03.16 21:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\ICQ
[2011.11.27 14:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\InfraRecorder
[2012.01.03 00:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\Leadertech
[2011.12.26 05:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\MOVAVI
[2012.03.11 13:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\Opera
[2011.12.19 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\Orbit
[2011.11.27 14:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\ProgSense
[2012.01.03 01:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\Seagate
[2012.02.28 11:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Комп'ютер\Application Data\uTorrent
[2012.03.25 00:56:40 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012.03.25 04:59:33 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012.03.24 05:55:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012.03.24 05:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012.03.24 06:55:12 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012.03.24 06:57:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012.03.24 07:57:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012.03.24 07:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012.03.24 08:56:36 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012.03.24 08:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012.03.24 09:55:19 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012.03.25 00:55:39 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012.03.24 09:55:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012.03.24 10:56:39 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012.03.24 10:55:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012.03.24 11:56:37 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012.03.24 11:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012.03.24 12:55:14 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012.03.24 12:55:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012.03.25 13:55:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012.03.25 13:56:43 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012.03.25 14:55:26 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012.03.25 01:56:38 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012.03.25 14:55:26 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2012.03.25 15:55:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2012.03.25 15:55:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2012.03.24 16:56:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2012.03.24 16:55:41 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012.03.24 17:55:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012.03.24 17:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2012.03.24 18:55:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2012.03.24 18:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2012.03.24 19:55:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2012.03.25 01:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012.03.24 19:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2012.03.24 20:55:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2012.03.24 20:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2012.03.24 21:55:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2012.03.24 21:55:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2012.03.24 22:55:07 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012.03.24 22:55:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2012.03.24 23:55:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2012.03.24 23:55:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2012.03.25 02:55:31 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012.03.25 02:55:26 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012.03.25 03:55:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012.03.25 03:55:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012.03.25 04:58:39 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



< End of report >

Edited by Tudysjudy, 25 March 2012 - 02:13 PM.

  • 0

Advertisements

#2
RKinner
Posted 25 March 2012 - 11:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It's the Zero Access rootkit with a bunch of at(xx).job tasks.

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line:

del  \windows\tasks\at*.job

(if it asks you if you are sure say: y)

del  \WINDOWS\System32\Vw5j80j.com

del  \WINDOWS\System32\Vw5j80j.com_
(note the underscore at the end. _ )
del  "\Documents and Settings\All Users\Application Data\W5Yl8wi.dat"

(close command window)


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (Allow the Avast Engine download and scan)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP