Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I Don't Know What Is Wrong! [Solved]

Started by bob snelgrove , Jun 24 2009 09:08 PM

  • This topic is locked This topic is locked

#16
chamber
Posted 04 July 2009 - 09:21 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi bob,

Sorry about the delay, real life got in the way.

You have uTorrent on your system, p2p is a very likely reason that you became infected.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

1) OTM

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
c:\programdata\tmp6CAA.tmp
c:\program files\uTorrent
C:\Users\Bob\AppData\Roaming\uTorrent

:Commands
[purity]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

2) Fix entries with HijackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below if still present,

O1 - Hosts: 91.121.97.18 thepiratebay.org
O1 - Hosts: 91.121.97.18 www.thepiratebay.org
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis

Can you also let me know how your computer is running?

In your reply I would like to see copied and pasted,

1) OTM log
2) How is your computer running now?
  • 0

Advertisements

#17
bob snelgrove
Posted 04 July 2009 - 10:01 AM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks, chamber

I'm out of town until Sunday.

Quick question?

I thought you guys don't use hijackthis here but instaed use OTL (sp?)

The first guide said hijackthis is out of date and old timer was more accurate/current?


thx!

bob
  • 0

#18
chamber
Posted 04 July 2009 - 10:04 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
HijackThis was downloaded with RSIT.

Seeing as how we have it we may as well use it. :)
  • 0

#19
bob snelgrove
Posted 05 July 2009 - 07:59 PM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\programdata\tmp6CAA.tmp moved successfully.
c:\program files\uTorrent moved successfully.
C:\Users\Bob\AppData\Roaming\uTorrent moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 1445782 bytes
->Temporary Internet Files folder emptied: 1331995 bytes
->Java cache emptied: 13525150 bytes
->FireFox cache emptied: 87819411 bytes
->Google Chrome cache emptied: 726 bytes
->Apple Safari cache emptied: 4309688 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\JET8FFF.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 88505 bytes
RecycleBin emptied: 1212814 bytes

Total Files Cleaned = 104.65 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07052009_184312

Files moved on Reboot...
File C:\Windows\temp\JET8FFF.tmp not found!

Registry entries deleted on Reboot...
  • 0

#20
bob snelgrove
Posted 05 July 2009 - 08:14 PM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

HijackThis was downloaded with RSIT.

Seeing as how we have it we may as well use it. :)


Sorry, don't know what you mean. Can I have a good link for Hijack this?

thx


bob
  • 0

#21
bob snelgrove
Posted 05 July 2009 - 08:21 PM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I ran RSIT and all I get is a log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bob at 2009-07-05 19:16:57
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 110 GB (23%) free of 477 GB
Total RAM: 3582 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:17:00, on 7/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Fraps\fraps.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FeedReader30\feedreader.exe
C:\Users\Bob\AppData\Roaming\Login King\LoginKing\bin\loginking.exe
C:\Windows\ehome\ehmsas.exe
C:\USERS\BOB\APPDATA\ROAMING\LOGIN KING\LOGINKING\BIN\LKINJ.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Bob\Desktop\RSIT.exe
C:\Program Files\trend micro\Bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r2.attbi.com;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Craigslist Toolbar - {2cff8b6a-9a4c-4192-b925-c6ffa19340e4} - C:\Program Files\Craigslist\tbCra1.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.121.97.18 thepiratebay.org
O1 - Hosts: 91.121.97.18 www.thepiratebay.org
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eread7.0\IEeREAD.dll
O2 - BHO: Craigslist Toolbar - {2cff8b6a-9a4c-4192-b925-c6ffa19340e4} - C:\Program Files\Craigslist\tbCra1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eread7.0\WebHook.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\Windows\system32\SoftAheadCert.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Craigslist Toolbar - {2cff8b6a-9a4c-4192-b925-c6ffa19340e4} - C:\Program Files\Craigslist\tbCra1.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [Google Update] "C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [SansaDispatch] C:\Users\Guest\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe" (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1047655440-825837936-2561869621-501\..\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet (User 'Guest')
O4 - Startup: Login King 2007.lnk = AppData\Roaming\Login King\LoginKing\bin\loginking.exe
O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Search Image on TinEye - file://C:\Users\Bob\Documents\TinEye 1.0\TinEye.js
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA13313-DAC0-4DFF-93A1-619D06C30BC8}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98f36efb071e5) (gupdate1c98f36efb071e5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc. - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 1: +++ WELCOME TO KPOA 93.5 FM! +++ - http://www.kpoa.com/

--
End of file - 13212 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1047655440-825837936-2561869621-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1047655440-825837936-2561869621-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{AB01CD49-63E2-4B8F-9933-1A51F6A39BA0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2009-04-17 68936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
AddTask Class - C:\Program Files\eread7.0\IEeREAD.dll [2007-06-28 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2cff8b6a-9a4c-4192-b925-c6ffa19340e4}]
Craigslist Toolbar - C:\Program Files\Craigslist\tbCra1.dll [2009-03-19 1883672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-04-24 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
AddTask Class - C:\Program Files\eread7.0\WebHook.dll [2008-03-10 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2}]
SACert Class - C:\Windows\system32\SoftAheadCert.dll [2009-06-19 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll [2009-06-09 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\cooliris.dll [2008-11-21 3725272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2cff8b6a-9a4c-4192-b925-c6ffa19340e4} - Craigslist Toolbar - C:\Program Files\Craigslist\tbCra1.dll [2009-03-19 1883672]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-04-17 211272]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vsc32cnf.exe"=C:\Program Files\Roland\VSC32\vsc32cnf.exe [2000-02-07 36864]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-16 13535776]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-10 1948440]
"DeltaIITaskbarApp"=C:\Windows\system32\DeltaIITray.exe [2008-03-03 236040]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"Fraps"=C:\FRAPS\FRAPS.EXE [2006-06-18 2834432]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"Jing"=C:\Program Files\TechSmith\Jing\Jing.exe [2009-05-26 2893064]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-18 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"feedreader.exe"=C:\Program Files\FeedReader30\feedreader.exe [2009-03-29 2058240]
"Google Update"=C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AbacastDistributedOnDemand:11]
C:\Users\Bob\AppData\Local\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltaIITaskbarApp]
C:\Windows\system32\DeltaIITray.exe [2008-03-03 236040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
C:\Program Files\FeedReader30\feedreader.exe [2009-03-29 2058240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\Windows\System32\DeltaIITray.exe [2008-03-03 236040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-05-16 13535776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-05-16 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-05-16 526880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PxDotNetLoader]
C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe [2009-01-13 42336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Users\Bob\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2009-05-18 79872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-06-20 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-18 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-24 251240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vscvol.exe]
C:\Program Files\Roland\VSC32\vscvol.exe [2000-02-09 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yapta Tracker]
C:\Program Files\Yapta\YaptaClient.exe /onstartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
C:\PROGRA~1\Audible\Bin\AUDIBL~1.EXE [2008-12-09 1783128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe [2002-02-14 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor.lnk]
C:\PROGRA~1\PHILIP~1\Monitor.exe [2007-10-16 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVTonic Control Panel.lnk]
C:\PROGRA~1\WAVEXP~1\TVTonic\TVTONI~1.EXE [2008-08-02 775168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-07-28 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Login King 2007.lnk - C:\Users\Bob\AppData\Roaming\Login King\LoginKing\bin\loginking.exe
Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-12-02 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7a8f3d-ac02-11dc-8766-001d7d9c86e9}]
shell\AutoRun\command - E:\.\MigWiz\migsetup.exe


======List of files/folders created in the last 1 months======

2009-07-05 18:43:12 ----D---- C:\_OTM
2009-07-01 23:41:12 ----D---- C:\rsit
2009-07-01 23:41:12 ----D---- C:\Program Files\trend micro
2009-07-01 14:03:27 ----SHD---- C:\$RECYCLE.BIN
2009-07-01 14:03:26 ----A---- C:\ComboFix.txt
2009-07-01 13:35:52 ----A---- C:\Windows\zip.exe
2009-07-01 13:35:52 ----A---- C:\Windows\SWXCACLS.exe
2009-07-01 13:35:52 ----A---- C:\Windows\SWSC.exe
2009-07-01 13:35:52 ----A---- C:\Windows\SWREG.exe
2009-07-01 13:35:52 ----A---- C:\Windows\sed.exe
2009-07-01 13:35:52 ----A---- C:\Windows\PEV.exe
2009-07-01 13:35:52 ----A---- C:\Windows\NIRCMD.exe
2009-07-01 13:35:52 ----A---- C:\Windows\grep.exe
2009-07-01 13:35:50 ----SD---- C:\Combo-Fix
2009-07-01 13:32:05 ----D---- C:\Qoobox
2009-06-28 19:11:45 ----A---- C:\Windows\system32\tmp.txt
2009-06-28 19:11:43 ----A---- C:\rapport.txt
2009-06-27 13:59:13 ----SHD---- C:\RECYCLER
2009-06-26 19:27:56 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-06-26 19:27:40 ----D---- C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2009-06-26 19:27:40 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-25 22:13:31 ----D---- C:\Program Files\FeedReader30
2009-06-24 17:12:17 ----D---- C:\Users\Bob\AppData\Roaming\Malwarebytes
2009-06-24 17:12:12 ----D---- C:\ProgramData\Malwarebytes
2009-06-24 17:12:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-24 17:10:06 ----D---- C:\Windows\ERDNT
2009-06-24 17:09:12 ----D---- C:\Program Files\ERUNT
2009-06-22 17:54:02 ----D---- C:\Program Files\SlySoft
2009-06-21 07:32:35 ----A---- C:\Windows\system32\javaws.exe
2009-06-21 07:32:35 ----A---- C:\Windows\system32\javaw.exe
2009-06-21 07:32:35 ----A---- C:\Windows\system32\java.exe
2009-06-20 06:50:34 ----A---- C:\Windows\Dext2001.ini
2009-06-20 06:50:26 ----D---- C:\Program Files\Philips Webcam
2009-06-19 17:36:20 ----A---- C:\Windows\system32\SoftAheadCert.dll
2009-06-19 17:35:07 ----D---- C:\Program Files\AV WebCam Morpher GOLD
2009-06-19 16:08:17 ----D---- C:\AV_LOGS
2009-06-19 16:06:12 ----D---- C:\Program Files\AV WebCam Morpher
2009-06-19 16:04:51 ----A---- C:\Windows\VDVD.INI
2009-06-19 16:04:51 ----A---- C:\Windows\Cover.INI
2009-06-19 16:04:51 ----A---- C:\Windows\avvcnvrt.INI
2009-06-19 16:04:50 ----A---- C:\Windows\VMorpher.INI
2009-06-19 15:58:57 ----A---- C:\Windows\AVFTP.INI
2009-06-19 15:54:28 ----D---- C:\Program Files\AV Video Morpher
2009-06-19 15:44:45 ----A---- C:\Windows\system32\video-morpher.exe
2009-06-19 15:00:48 ----D---- C:\ProgramData\WebcamMax
2009-06-19 15:00:39 ----D---- C:\Users\Bob\AppData\Roaming\Webcammax
2009-06-19 14:57:48 ----D---- C:\Program Files\WebcamMax
2009-06-19 09:12:51 ----D---- C:\Users\Bob\AppData\Roaming\Creative
2009-06-19 09:11:35 ----D---- C:\Program Files\Common Files\Reallusion
2009-06-19 09:09:46 ----D---- C:\Program Files\Creative Live! Cam
2009-06-19 09:09:05 ----D---- C:\Program Files\Dell
2009-06-19 09:08:56 ----D---- C:\Program Files\Creative
2009-06-10 06:05:01 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 06:03:59 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 06:03:29 ----A---- C:\Windows\system32\mshtml.dll
2009-06-10 06:03:27 ----A---- C:\Windows\system32\urlmon.dll
2009-06-10 06:03:26 ----A---- C:\Windows\system32\wininet.dll
2009-06-10 06:03:25 ----A---- C:\Windows\system32\ieencode.dll
2009-06-09 09:02:50 ----D---- C:\Windows\userstartmenu
2009-06-09 09:02:50 ----D---- C:\Windows\userdesktop
2009-06-09 09:02:50 ----D---- C:\Windows\desktop
2009-06-09 09:02:50 ----D---- C:\Windows\commondesktop
2009-06-09 09:02:49 ----D---- C:\Program Files\IQcobra

======List of files/folders modified in the last 1 months======

2009-07-05 19:17:00 ----D---- C:\Windows\Prefetch
2009-07-05 19:16:40 ----D---- C:\Windows\Temp
2009-07-05 18:47:01 ----D---- C:\Users\Bob\AppData\Roaming\Skype
2009-07-05 18:43:13 ----RD---- C:\Program Files
2009-07-05 18:43:13 ----HD---- C:\ProgramData
2009-07-05 18:29:41 ----D---- C:\Users\Bob\AppData\Roaming\skypePM
2009-07-02 23:26:53 ----SHD---- C:\System Volume Information
2009-07-02 15:01:41 ----D---- C:\Windows\system32\Tasks
2009-07-02 14:54:15 ----D---- C:\Windows\System32
2009-07-02 14:54:15 ----D---- C:\Windows\inf
2009-07-02 14:54:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-02 14:29:35 ----D---- C:\ProgramData\X10 Settings
2009-07-01 22:05:13 ----D---- C:\Windows\pss
2009-07-01 14:03:33 ----D---- C:\Windows\system32\en-US
2009-07-01 14:00:30 ----AD---- C:\Windows
2009-07-01 14:00:30 ----A---- C:\Windows\system.ini
2009-07-01 13:59:20 ----SD---- C:\Windows\Downloaded Program Files
2009-07-01 13:54:58 ----D---- C:\Windows\system32\drivers
2009-07-01 13:54:58 ----D---- C:\Windows\AppPatch
2009-07-01 13:54:58 ----D---- C:\Program Files\Common Files
2009-07-01 08:49:18 ----A---- C:\Windows\ntbtlog.txt
2009-07-01 07:50:06 ----D---- C:\Windows\Tasks
2009-06-30 09:29:53 ----HD---- C:\$AVG8.VAULT$
2009-06-29 18:12:49 ----D---- C:\Windows\system32\catroot2
2009-06-29 05:47:22 ----SHD---- C:\Windows\Installer
2009-06-28 07:44:42 ----D---- C:\Program Files\Mozilla Firefox
2009-06-27 06:04:50 ----D---- C:\Users\Bob\AppData\Roaming\Feedreader
2009-06-27 05:25:59 ----D---- C:\Windows\Minidump
2009-06-26 19:27:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-26 19:22:29 ----D---- C:\Program Files\Google
2009-06-25 14:59:20 ----D---- C:\ProgramData\DVD Shrink
2009-06-24 13:38:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-24 13:00:05 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-24 12:50:55 ----D---- C:\Program Files\Common Files\Adobe
2009-06-24 12:50:50 ----D---- C:\ProgramData\Adobe
2009-06-24 05:30:46 ----D---- C:\ProgramData\avg8
2009-06-21 08:32:50 ----D---- C:\Users\Bob\AppData\Roaming\Move Networks
2009-06-21 07:36:36 ----D---- C:\Program Files\Java
2009-06-20 06:50:32 ----D---- C:\Windows\system32\catroot
2009-06-20 06:50:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-20 06:50:27 ----D---- C:\Windows\twain_32
2009-06-10 14:52:11 ----D---- C:\Windows\Microsoft.NET
2009-06-10 14:52:07 ----RSD---- C:\Windows\assembly
2009-06-10 08:43:09 ----D---- C:\Windows\ehome
2009-06-10 06:14:10 ----D---- C:\Windows\winsxs
2009-06-10 06:13:17 ----D---- C:\ProgramData\Microsoft Help
2009-06-08 06:43:35 ----SD---- C:\Users\Bob\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2007-08-08 28968]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-04-24 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-06-10 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-06-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-04-24 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 hmonitor;hmonitor; \??\C:\Windows\system32\drivers\hmonitor.sys [2007-06-21 7188]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R2 CAMTHWDM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\CAMTHWDM.sys [2008-03-11 941784]
R2 dvdmmg;dvdmmg; \??\C:\Windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
R2 RVIEG01;VSC Engine; \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [2001-04-13 187992]
R2 WebCamHelper;WebCamHelper; \??\C:\PROGRA~1\AVWEBC~2\WebCamHelper.sys [2006-03-02 2688]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-12-01 103360]
R3 DELTAII;Service for M-Audio Delta Driver (WDM); C:\Windows\system32\DRIVERS\deltaII.sys [2008-03-03 302728]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-16 7465312]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 vsc32;Virtual Sound Canvas 3.2; C:\Windows\system32\DRIVERS\vsc.sys [2001-04-16 951284]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2008-10-28 27160]
S2 AVWEBCAM;AV WebCam, WDM Video Capture; C:\Windows\system32\DRIVERS\avwebcam.sys [2008-01-11 13696]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
S3 Ca2001v;CA2001 WebCam Driver; C:\Windows\System32\Drivers\Ca2001v.sys []
S3 CA561;EZCam III; C:\Windows\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
S3 camvid20;Philips ToUcam Camera; Video; C:\Windows\system32\DRIVERS\camdrv21.sys [2004-05-19 253909]
S3 catchme;catchme; \??\C:\Users\Bob\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-04-07 16608]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-06-17 38160]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-01-08 47360]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-12-04 30088]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys [2007-10-30 9088]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
S3 WpdUsb;WpdUsb; C:\Windows\System32\Drivers\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-16 906520]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-24 298776]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-06-10 1368952]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-16 118784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-01-17 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-01-17 103736]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-24 92008]
R2 WXRSS;TVTonic RSS; C:\Program Files\Wavexpress\TVTonic\WXRSS.exe [2008-08-02 142336]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-29 610304]
S2 gupdate1c98f36efb071e5;Google Update Service (gupdate1c98f36efb071e5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-13 655624]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-23 87288]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-10 918528]
S3 WiselinkPro;SAMSUNG WiselinkPro Service; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2008-11-04 4415488]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
  • 0

#22
chamber
Posted 05 July 2009 - 11:31 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi bob,

HijackThis is actually downloaded when running RSIT. If you go to start and then type HijackThis in the search bar you should find the program in there,

If not, you can run it from here,
C:\Program Files\trend micro\Bob.exe
  • 0

#23
bob snelgrove
Posted 06 July 2009 - 09:22 AM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
chamber,

I ran hijack this. Things are better overall but IE7 still crashes and won't respond randomly. Sometimes OK.


thx


bob
  • 0

#24
chamber
Posted 06 July 2009 - 12:12 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi bob,

I would really like to see if we can get Malwarebytes to produce a log, then we'll clear out your temp files and get an online scan to see what else may be in there.

First off, can you hold down the windows key and press R this will bring up the run box, type "appwiz.cpl", this will bring up Programs And Features, from there can you remove the copy of Malwarebytes that you have.

1) TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2) Malwarebytes Scan

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) Online Scan.

Please do an online scan with Kaspersky WebScanner Click on Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


In your reply I would like to see copied and pasted,

1) Results of online scan
2) Malwarebytes log
3) How is your computer running now?
  • 0

#25
bob snelgrove
Posted 06 July 2009 - 10:28 PM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
chamber,

Here is the mal log. Still trying to get a complete online scan without browser (IE or Moz) crashing!


Malwarebytes' Anti-Malware 1.38
Database version: 2382
Windows 6.0.6002 Service Pack 2

7/6/2009 12:38:53 PM
mbam-log-2009-07-06 (12-38-53).txt

Scan type: Quick Scan
Objects scanned: 92278
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#26
chamber
Posted 07 July 2009 - 04:08 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi bob,

If the browser keeps crashing try this instead.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.



Let me know any other problems that you are having.
  • 0

#27
bob snelgrove
Posted 07 July 2009 - 07:20 AM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
chamber,

kapersky (online) has been running for 10 hours and is at 50%. I'll try and let it finish. If not I will try plan B.

thx

bob
  • 0

#28
bob snelgrove
Posted 07 July 2009 - 09:04 AM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Was I supposed to turn off AVG before running K?

thx


bob
  • 0

#29
chamber
Posted 07 July 2009 - 11:25 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts

chamber,

kapersky (online) has been running for 10 hours and is at 50%. I'll try and let it finish. If not I will try plan B.

thx

bob


No problemo. :)

Was I supposed to turn off AVG before running K?

thx


bob


Doesn't really matter.
  • 0

#30
bob snelgrove
Posted 07 July 2009 - 02:16 PM

bob snelgrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I got the online to complete. Here is the log. I think all this torrent junk is from my son using my pc!


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, July 7, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, July 07, 2009 04:21:17
Records in database: 2434504
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 622209
Threat name: 18
Infected objects: 24
Suspicious objects: 11
Duration of the scan: 16:45:54


File name / Threat name / Threats count
C:\Comcasteudora\out.mbx Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\Comcasteudora\yamaha.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Program Files\DASTrader DEMO\help.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\Qoobox\Quarantine\C\344.exe.vir Infected: Trojan-Downloader.Win32.Small.ajja 1
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXfrodietxiwwpxpnqkdvsuqlenqnapqdb.dll.vir Infected: Trojan.Win32.Agent2.kug 1
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXogynpmttnuhxcymvrtqpucisqebttmlq.dll.vir Infected: Packed.Win32.Tdss.w 1
C:\Qoobox\Quarantine\C\Windows\System32\WS2Fix.exe.vir Infected: Trojan-Downloader.Win32.Agent.chqe 1
C:\Users\Bob\AppData\Local\Identities\{944342CA-3D1F-4FB4-B7B2-B5890E6C16F7}\Microsoft\Outlook Express\CA Anti-Spam.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Identities\{944342CA-3D1F-4FB4-B7B2-B5890E6C16F7}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Exploit.Win32.PDF-URI.l 1
C:\Users\Bob\AppData\Local\Identities\{944342CA-3D1F-4FB4-B7B2-B5890E6C16F7}\Microsoft\Outlook Express\Sent Items.bak Infected: Trojan.Win32.Genome.dil 1
C:\Users\Bob\AppData\Local\Identities\{944342CA-3D1F-4FB4-B7B2-B5890E6C16F7}\Microsoft\Outlook Express\Sent Items.bak Infected: not-a-virus:RiskTool.Win32.HideWindows 1
C:\Users\Bob\AppData\Local\Identities\{944342CA-3D1F-4FB4-B7B2-B5890E6C16F7}\Microsoft\Outlook Express\Sent Items.bak Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i 1
C:\Users\Bob\AppData\Local\Identities\{944342CA-3D1F-4FB4-B7B2-B5890E6C16F7}\Microsoft\Outlook Express\Sent Items.bak Infected: Trojan.Win32.Agent.ree 1
C:\Users\Bob\AppData\Local\Identities\{944342CA-3D1F-4FB4-B7B2-B5890E6C16F7}\Microsoft\Outlook Express\Sent Items.bak Infected: Backdoor.Win32.Iroffer.jw 1
C:\Users\Bob\AppData\Local\Identities\{944342CA-3D1F-4FB4-B7B2-B5890E6C16F7}\Microsoft\Outlook Express\Sent Items.bak Infected: Trojan-Spy.Win32.Delf.jq 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\14C92F84-0001971D.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\160870CC-0001974B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\306272D6-000196E6.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\36687596-000196B3.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\38DB5CA7-00019767.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\51941E9D-00019768.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\570E072F-000196F8.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Sent Items\097537E6-00001AAA.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\AppData\Local\Microsoft\Windows Mail\Local Folders\Sent Items\575360BF-00001A99.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Bob\Desktop\fixpc\SmitfraudFix\WS2Fix.exe Infected: Trojan-Downloader.Win32.Agent.chqe 1
C:\Users\Bob\Desktop\fixpc\SmitfraudFix.exe Infected: Trojan-Downloader.Win32.Agent.chqe 1
C:\Users\Bob\Desktop\Nikon Capture NX 2.0.0\cnx2.exe Infected: Trojan-Downloader.Win32.Agent.uwu 1
C:\Users\Bob\Desktop\Nikon Capture NX 2.0.0\cnx2.exe Infected: Trojan.Win32.Monderc.gen 1
C:\Users\Bob\Desktop\zips\Nikon Capture NX 2.0.0.rar Infected: Trojan-Downloader.Win32.Agent.uwu 1
C:\Users\Bob\Desktop\zips\Nikon Capture NX 2.0.0.rar Infected: Trojan.Win32.Monderc.gen 1
C:\Users\Bob\Documents\Downloads\best windows security for vista and xp 2008\privacy software\xp\evidence eliminator\insteelm2.exe Infected: Backdoor.Win32.Bifrose.agym 1
C:\Users\Bob\Documents\Downloads\Nikon Capture NX 2.0.0\cnx2.exe Infected: Trojan-Downloader.Win32.Agent.uwu 1
C:\Users\Bob\Documents\Downloads\Nikon Capture NX 2.0.0\cnx2.exe Infected: Trojan.Win32.Monderc.gen 1
C:\Users\Bob\Documents\Downloads\Nikon Capture NX 2.0.0.rar Infected: Trojan-Downloader.Win32.Agent.uwu 1
C:\Users\Bob\Documents\Downloads\Nikon Capture NX 2.0.0.rar Infected: Trojan.Win32.Monderc.gen 1

The selected area was scanned.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP