Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vimax Ads Everywhere [Closed]

Started by rytie16 , Jan 12 2010 06:00 PM

  • This topic is locked This topic is locked

#1
rytie16
Posted 12 January 2010 - 06:00 PM

rytie16

    New Member

  • Member
  • Pip
  • 5 posts
I have vimax ads on every page i visit. I've tried malewarebytes it doesn't find anything. please help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:51 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Atievxx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\operator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\operator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - Global Startup: Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe

--
End of file - 2909 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 12 January 2010 - 06:25 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    %userprofile%\Desktop\*.*
    %userprofile%\Desktop\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#3
rytie16
Posted 12 January 2010 - 11:42 PM

rytie16

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 1/13/2010 12:13:06 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\operator\My Documents\downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

319.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 60.00% Memory free
774.00 Mb Paging File | 436.00 Mb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 480 960 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.36 Gb Total Space | 0.83 Gb Free Space | 8.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-2CD9DC
Current User Name: operator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/13 00:10:44 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\operator\My Documents\downloads\OTL.exe
PRC - [2010/01/04 17:24:20 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\operator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/12/12 08:35:17 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/12 08:35:15 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/10 08:53:03 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/29 18:30:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/27 22:32:18 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/27 22:32:15 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/27 22:31:42 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/27 22:31:37 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 09:18:38 | 01,736,704 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
PRC - [2007/10/29 22:34:58 | 00,352,338 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe


========== Modules (SafeList) ==========

MOD - [2010/01/13 00:10:44 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\operator\My Documents\downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/29 18:30:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/27 22:31:42 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/27 22:31:37 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/10/29 22:34:58 | 00,352,338 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Running] -- C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV - [2009/11/27 22:34:15 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/27 22:33:39 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/27 22:33:35 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 08:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/26 03:20:36 | 00,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/08/28 20:46:02 | 00,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2006/11/28 20:46:20 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/08/12 06:03:49 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 05:28:02 | 00,701,386 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WDHAALBA.sys -- (WDHAALBA)
DRV - [2001/08/17 04:48:40 | 00,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)
DRV - [2001/08/17 04:19:48 | 00,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es198x.sys -- (maestro) ESS Maestro 3 Audio Driver (WDM)
DRV - [2001/08/17 04:10:56 | 00,055,999 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EL556ND5.sys -- (EL556ND5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\operator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe (Belkin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\operator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\operator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/27 02:30:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/27 02:28:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/12 18:57:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/12 12:18:03 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/01/12 12:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/01/12 12:06:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/01/12 12:06:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/01/12 12:03:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/09 13:38:48 | 00,000,000 | ---D | C] -- C:\Program Files\USBTrace
[2010/01/04 17:23:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\operator\Application Data\SanDisk
[2009/12/23 08:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/23 08:21:25 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/23 07:17:57 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/16 03:15:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/16 03:15:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/16 02:51:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/12/16 02:48:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/12/16 02:48:00 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/12/16 02:22:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\operator\Local Settings\Application Data\Adobe
[2009/12/16 02:22:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\operator\Local Settings\Application Data\nos
[2009/12/16 02:18:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/12/15 06:44:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\operator\Application Data\Malwarebytes
[2009/12/15 06:44:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/15 06:44:00 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 20:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/27 22:26:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/27 22:26:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003/07/08 02:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/12 17:27:31 | 47,748,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/12 17:26:20 | 00,138,938 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/12 15:16:40 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\operator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 14:59:19 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/01/12 14:02:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/12 14:02:09 | 00,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\PRLRCYVA.job
[2010/01/12 14:02:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/12 14:01:59 | 33,498,7264 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 12:57:48 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\operator\NTUSER.DAT
[2010/01/12 12:57:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\operator\ntuser.ini
[2010/01/12 12:57:20 | 04,248,686 | -H-- | M] () -- C:\Documents and Settings\operator\Local Settings\Application Data\IconCache.db
[2010/01/12 12:18:57 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\operator\Desktop\Windows Media Player.lnk
[2010/01/12 12:17:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 12:17:10 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/12 12:17:10 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/12 12:16:21 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/12 12:07:06 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/01/12 12:03:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/12 12:00:08 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RegistryPC Scan.job
[2010/01/11 03:13:38 | 00,000,412 | ---- | M] () -- C:\Documents and Settings\operator\My Documents\spider.sav
[2010/01/09 13:39:40 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\utinfo.dat
[2009/12/23 09:29:27 | 00,013,104 | ---- | M] () -- C:\Documents and Settings\operator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/16 02:56:19 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/12 15:16:40 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\operator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 14:59:19 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/01/12 14:04:56 | 00,000,788 | ---- | C] () -- C:\Documents and Settings\operator\Desktop\Windows Media Player.lnk
[2010/01/12 12:07:06 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/01/09 13:39:40 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\utinfo.dat
[2009/12/16 02:56:17 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/12/13 22:01:38 | 00,132,096 | RHS- | C] () -- C:\WINDOWS\System32\comrepli.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/03/27 02:30:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/27 02:18:02 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/03/27 02:30:04 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/12 14:01:59 | 33,498,7264 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/27 02:30:04 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/27 02:30:04 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 06:02:33 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/11/28 19:10:56 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/12 14:01:57 | 50,331,6480 | -HS- | M] () -- C:\pagefile.sys


< MD5 for: AGP440.SYS >
[2004/08/12 06:06:15 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/28 18:56:29 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/28 18:56:29 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 15:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 15:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/12 06:06:15 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/28 18:56:29 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/28 18:56:29 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/12 05:55:51 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 05:57:17 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/12 06:11:50 | 00,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/12 06:02:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/12 06:04:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/12/13 22:01:38 | 00,132,096 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\comrepli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/01/12 14:02:09 | 00,000,316 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\PRLRCYVA.job

< %PROGRAMFILES%\*. >
[2009/12/16 02:48:00 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/27 22:31:16 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/07/23 19:32:22 | 00,000,000 | ---D | M] -- C:\Program Files\Belkin
[2009/12/08 21:13:49 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/27 02:23:34 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/12/15 02:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/07/23 19:34:26 | 00,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2009/12/09 12:45:01 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/29 18:29:57 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/12/23 07:39:51 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 19:45:15 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/27 02:30:37 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/11/28 19:31:53 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2003/07/07 23:22:12 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/27 02:21:42 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/11/28 19:20:49 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/11/27 22:53:10 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/11/28 19:55:59 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/12/08 21:13:32 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/01/12 18:57:14 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/12/23 07:17:57 | 00,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2009/03/27 02:48:41 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/01/09 13:40:35 | 00,000,000 | ---D | M] -- C:\Program Files\USBTrace
[2009/12/13 00:30:20 | 00,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2010/01/12 12:15:41 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/01/12 12:15:33 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/11/28 19:20:26 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/27 02:26:25 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/03/27 02:30:37 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

< %userprofile%\Desktop\*.* >
[2009/07/06 17:21:09 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\operator\Desktop\Internet.lnk
[2010/01/12 12:18:57 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\operator\Desktop\Windows Media Player.lnk

< %userprofile%\Desktop\*. >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-09 20:49:40
< End of report >
  • 0

#4
rytie16
Posted 12 January 2010 - 11:44 PM

rytie16

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Extras logfile created on: 1/13/2010 12:13:06 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\operator\My Documents\downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

319.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 60.00% Memory free
774.00 Mb Paging File | 436.00 Mb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 480 960 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.36 Gb Total Space | 0.83 Gb Free Space | 8.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-2CD9DC
Current User Name: operator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{E3935FBB-53C6-48BB-B9C4-1407AAD34523}" = Belkin Wireless G Cardbus Adapter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{E3935FBB-53C6-48BB-B9C4-1407AAD34523}" = Belkin Wireless G Cardbus Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/7/2009 3:02:55 PM | Computer Name = COMPUTER-2CD9DC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module directdrawvideooutput.dll, version 3.1.1.13, fault address 0x00003138.

Error - 12/8/2009 2:09:35 AM | Computer Name = COMPUTER-2CD9DC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2009 4:26:49 AM | Computer Name = COMPUTER-2CD9DC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module directdrawvideooutput.dll, version 3.1.1.13, fault address 0x00003138.

Error - 12/8/2009 5:22:30 AM | Computer Name = COMPUTER-2CD9DC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module directdrawvideooutput.dll, version 3.1.1.13, fault address 0x00003138.

Error - 12/8/2009 6:50:04 AM | Computer Name = COMPUTER-2CD9DC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module directdrawvideooutput.dll, version 3.1.1.13, fault address 0x000022de.

Error - 12/8/2009 6:52:39 AM | Computer Name = COMPUTER-2CD9DC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module directdrawvideooutput.dll, version 3.1.1.13, fault address 0x000022de.

Error - 12/8/2009 6:55:09 AM | Computer Name = COMPUTER-2CD9DC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module directdrawvideooutput.dll, version 3.1.1.13, fault address 0x000022de.

Error - 12/8/2009 9:47:53 AM | Computer Name = COMPUTER-2CD9DC | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
kerberos.dll, version 5.1.2600.5834, fault address 0x00001c51.

Error - 12/8/2009 9:48:34 AM | Computer Name = COMPUTER-2CD9DC | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 12/8/2009 9:52:08 AM | Computer Name = COMPUTER-2CD9DC | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
kerberos.dll, version 5.1.2600.5834, fault address 0x00001c51.

[ System Events ]
Error - 1/12/2010 11:52:09 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:09 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:09 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:09 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:09 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:09 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:10 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:10 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:10 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/12/2010 11:52:10 PM | Computer Name = COMPUTER-2CD9DC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
  • 0

#5
Rorschach112
Posted 13 January 2010 - 07:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/01/12 14:02:09 | 00,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\PRLRCYVA.job
[2010/01/09 13:39:40 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\utinfo.dat
[2009/12/13 22:01:38 | 00,132,096 | RHS- | C] () -- C:\WINDOWS\System32\comrepli.dll

:Files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:Services

:Reg



:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#6
rytie16
Posted 13 January 2010 - 03:29 PM

rytie16

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hi so i ran otl runfix here is the log after i rebooted



All processes killed
========== OTL ==========
C:\WINDOWS\tasks\PRLRCYVA.job moved successfully.
C:\WINDOWS\system32\utinfo.dat moved successfully.
C:\WINDOWS\system32\comrepli.dll moved successfully.
========== FILES ==========
Unable to replace file: C:\WINDOWS\system32\drivers\atapi.sys with C:\WINDOWS\ServicePackFiles\i386\atapi.sys without a reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: operator
->Temp folder emptied: 1431832363 bytes
->Temporary Internet Files folder emptied: 889178899 bytes
->Java cache emptied: 25826917 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 811356 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1510 bytes

Total Files Cleaned = 2,241.00 mb


OTL by OldTimer - Version 3.1.24.0 log created on 01132010_161706

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#7
rytie16
Posted 13 January 2010 - 04:38 PM

rytie16

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hi here is the log after i ran combo fix



ComboFix 10-01-13.07 - operator 01/13/2010 17:09:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.319.75 [GMT -8:00]
Running from: c:\documents and settings\operator\My Documents\downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 23:04 . 2010-01-13 23:04 -------- d-----w- C:\_OTL
2010-01-13 10:54 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 02:57 . 2010-01-13 02:57 -------- d-----w- c:\program files\Trend Micro
2010-01-12 20:19 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-12 20:15 . 2010-01-12 20:15 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-12 20:06 . 2010-01-12 22:59 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-12 20:06 . 2010-01-12 20:06 -------- d-----w- c:\windows\system32\LogFiles
2010-01-09 21:38 . 2010-01-09 21:40 -------- d-----w- c:\program files\USBTrace
2010-01-05 01:24 . 2010-01-05 01:24 354744 ----a-w- c:\documents and settings\operator\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-01-05 01:24 . 2010-01-05 01:24 79872 ----a-w- c:\documents and settings\operator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2010-01-05 01:24 . 2010-01-05 01:24 574344 ----a-w- c:\documents and settings\operator\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2010-01-05 01:23 . 2010-01-05 01:23 -------- d-----w- c:\documents and settings\operator\Application Data\SanDisk
2009-12-23 16:22 . 2009-12-23 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-23 16:21 . 2009-12-09 05:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-23 15:17 . 2009-12-23 15:17 -------- d-----w- c:\program files\TrendMicro
2009-12-19 16:16 . 2009-12-19 16:14 294656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-16 11:15 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-16 11:15 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 10:48 . 2009-12-16 10:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-16 10:22 . 2009-12-16 11:46 -------- d-----w- c:\documents and settings\operator\Local Settings\Application Data\Adobe
2009-12-16 10:22 . 2009-12-16 11:03 -------- d-----w- c:\documents and settings\operator\Local Settings\Application Data\nos
2009-12-16 10:21 . 2009-12-16 10:21 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-16 10:18 . 2009-12-16 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-15 14:44 . 2009-12-15 14:44 -------- d-----w- c:\documents and settings\operator\Application Data\Malwarebytes
2009-12-15 14:44 . 2009-12-15 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-15 14:44 . 2009-12-23 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 17:29 . 2009-06-29 02:23 13104 -c--a-w- c:\documents and settings\operator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 18:21 . 2009-12-12 16:36 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-22 18:16 . 2009-11-28 23:11 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-15 10:19 . 2009-11-28 10:48 -------- d-----w- c:\program files\DivX
2009-12-13 08:30 . 2009-12-13 08:30 -------- d-----w- c:\program files\Veoh Networks
2009-11-30 02:30 . 2009-11-28 23:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 02:29 . 2009-11-30 02:29 -------- d-----w- c:\program files\Java
2009-11-30 02:28 . 2009-11-30 02:28 152576 ----a-w- c:\documents and settings\operator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-30 02:24 . 2009-11-30 02:24 79488 ----a-w- c:\documents and settings\operator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-28 13:05 . 2009-11-28 13:05 -------- d-----w- c:\documents and settings\operator\Application Data\DivX
2009-11-28 06:34 . 2009-11-28 06:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-28 06:34 . 2009-11-28 06:34 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-28 06:33 . 2009-11-28 06:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-28 06:33 . 2009-11-28 06:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 06:31 . 2009-11-28 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-28 06:31 . 2009-07-24 01:00 -------- d-----w- c:\program files\AVG
2009-10-29 07:45 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-12 14:06 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-12 13:57 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-12 13:57 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\operator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-05 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-10 2033432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Cardbus Adapter Utility.lnk - c:\program files\Belkin\F5D7010v8\Belkinwcui.exe [2008-2-27 1736704]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/27/2009 10:33 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/27/2009 10:34 PM 360584]
R3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [3/26/2009 6:14 PM 281600]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [7/23/2009 7:29 PM 57344]
R3 maestro;ESS Maestro 3 Audio Driver (WDM);c:\windows\system32\drivers\es198x.sys [3/26/2009 6:13 PM 174464]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;c:\windows\system32\drivers\WDHAALBA.sys [3/26/2009 6:12 PM 701386]
S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\windows\system32\drivers\EL556ND5.sys [3/26/2009 6:13 PM 55999]
S3 utdrv;utdrv;\??\c:\windows\system32\drivers\utdrv.sys --> c:\windows\system32\drivers\utdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 17:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\operator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?latform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_content&?n-t

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Atievxx.exe
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Belkin\F5D7010v8\jswpsapi.exe
.
**************************************************************************
.
Completion time: 2010-01-13 17:32:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 01:32

Pre-Run: 3,202,691,072 bytes free
Post-Run: 3,185,721,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B5DC416C2EC645AB25186C1CA9BF2B7F
  • 0

#8
Rorschach112
Posted 13 January 2010 - 04:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#9
Rorschach112
Posted 18 January 2010 - 07:34 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP