Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Xp Virus


  • Please log in to reply

#1
genox

genox

    New Member

  • Member
  • Pip
  • 8 posts
Having Several Problems with Windows XP Sp3, First of all, it all started when I installed an update, after the restart (my windows worked fine & was activated prior to this) It says my windows is activated, click ok to finish, when I click okay, it sends me to the login screen, second, when I bypassed it with Windows key + U and check the system32 folder, my wpa.dbl & wpa.bak files were missing, Now randomly I get the blue screen of death right before the windows login screen & the error msg was IRQL NOT LESS OR EQUAL, after 4 or 5 restarts, I can get back to the login screen without BOD, anyone give me instructions on what to do or what information you need & I will gladly... (Trying to avoid doing a clean install, just want to repair if possible..) Thank you

OTL logfile created on: 12/11/2012 4:57:54 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 82.92% Memory free
5.09 Gb Paging File | 4.70 Gb Available in Paging File | 92.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 25.56 Gb Free Space | 34.30% Space Free | Partition Type: NTFS

Computer Name: MALL-A7FFBFE67B | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/11 16:57:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2012/12/11 16:21:55 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/12/06 18:17:00 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/29 17:43:01 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/05/30 12:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2008/04/14 07:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\narrator.exe
PRC - [2008/04/14 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\utilman.exe
PRC - [2008/04/14 07:00:00 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobe\msoobe.exe
PRC - [2005/11/09 04:33:42 | 005,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
PRC - [2005/07/04 19:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/11 16:21:55 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
MOD - [2012/12/11 15:53:41 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/06 18:17:00 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/17 23:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/09/03 02:25:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll
MOD - [2005/02/24 23:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ses_cl.dll
MOD - [2004/09/29 18:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 18:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 03:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe -- (WUSB54Gv42SVC)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/11 16:21:55 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/12/11 15:53:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/06 18:17:00 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/29 17:43:01 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/05 14:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 12:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/11 16:21:55 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/06/19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/10/12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/10/17 22:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/02/01 21:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/09/26 01:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-12-11 16:22:11&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: uwphurzggn%40uwphurzggn.org:1.0
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search\FireFoxExt\13.2.0.4 [2012/12/11 16:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/06 18:17:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/06 18:16:51 | 000,000,000 | ---D | M]

[2012/03/09 03:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/12/07 12:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions
[2012/10/15 23:19:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/16 23:52:10 | 000,000,000 | ---D | M] (Qwiklinx for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\{6921B3CC-9935-4D28-9A83-B3D824210580}
[2012/12/07 12:40:15 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2012/08/27 19:21:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/11/20 21:42:18 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\{a018b213-6b46-4791-9298-519020db5737}
[2012/11/24 15:14:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/11/07 17:35:06 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\[email protected]
[2012/11/19 21:42:14 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\[email protected]
[2012/11/19 21:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\[email protected]\chrome\content\extensionCode
[2012/03/16 23:26:46 | 000,004,728 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\[email protected]
[2012/10/29 21:41:25 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/11/07 17:39:59 | 000,002,566 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\searchplugins\aol-search.xml
[2012/04/24 22:38:06 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7taqx2ic.default\searchplugins\conduit.xml
[2012/12/06 18:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/06 18:16:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/06 18:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/22 01:55:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/12/11 16:22:04 | 000,003,546 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/24 21:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.moz-backup
[2012/10/12 04:13:42 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo\1.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdoofcjojmapbdaeobejbffmgbgbfjpm\7.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/11 16:37:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Documents and Settings\Owner\Application Data\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Download and Sa Class) - {F02C52C2-452F-D14C-45F8-FAEA496CF90E} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Download and Sa\509ae2114d35d.ocx ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Facebook Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E0DB50-3C3E-48C7-B10E-FFFB21C1B56D}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/26 21:31:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/11 16:46:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/11 16:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GooredFix Backups
[2012/12/11 16:37:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/12/11 16:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
[2012/12/11 16:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2012/12/11 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\KeyFinder
[2012/12/11 16:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[2012/12/11 16:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
[2012/12/11 16:22:09 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/12/11 16:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/12/11 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/12/11 16:21:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/12/11 15:17:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/12/11 15:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012/12/11 15:08:09 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/12/11 15:08:05 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/12/11 15:08:02 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/12/11 15:08:01 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012/12/11 15:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/12/06 18:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/06 17:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Random
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/11 16:53:33 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/11 16:53:33 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/11 16:52:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/11 16:52:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1409082233-682003330-1003UA.job
[2012/12/11 16:51:23 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/12/11 16:49:37 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/11 16:49:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/11 16:43:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/11 16:37:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/12/11 16:21:55 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/12/11 16:06:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk


========== ZeroAccess Check ==========

[2012/05/19 16:41:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 07:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/11 16:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[2012/12/11 16:21:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/11/07 17:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Download and Sa
[2012/11/07 17:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2012/03/11 17:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nexon
[2012/11/09 14:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC1Data
[2012/07/31 22:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
[2012/08/01 01:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PWD
[2012/10/23 14:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
[2012/03/10 12:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder
[2012/03/18 20:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/17 00:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.purple
[2012/12/11 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
[2012/12/11 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2012/12/11 16:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2012/03/16 23:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2012/11/09 14:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Cleaners
[2012/11/17 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCPro
[2012/05/16 23:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qwiklinx
[2012/05/17 00:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Toolbar4

========== Purity Check ==========



< End of report >

Edited by genox, 11 December 2012 - 04:09 PM.

  • 0

Advertisements


#2
genox

genox

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Anyone help please..
  • 0

#3
genox

genox

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Bump...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP