Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

C:\WINDOWS\system32\x

Started by katzo , Nov 10 2010 03:11 PM

  • Please log in to reply

#1
katzo
Posted 10 November 2010 - 03:11 PM

katzo

    New Member

  • Member
  • Pip
  • 2 posts
hello and thank you all for your hard work

i got internet cafe with a 20 networked computers,today something strang happened after i started up
the main computer which i work on,as i got free avast antivirus a popup message comes out every few minutes
about a discovered threat in "c:\windows\system32\x" and the program has Neutralize it,also i get a wierd message every now and then about "Generic Host Error".
also i cant access to network computers.
i also downloaded and installed Maleware byte antimalewar and updated it today,the program found like 21 malewares and deleted it and restarted the computer but the same problem exist.

here is the OTL report:

OTL logfile created on: 11/11/2010 10:48:23 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.00 Gb Total Space | 219.50 Gb Free Space | 94.61% Space Free | Partition Type: NTFS
Drive D: | 232.00 Gb Total Space | 231.64 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive E: | 232.50 Gb Total Space | 232.14 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive F: | 235.01 Gb Total Space | 231.87 Gb Free Space | 98.67% Space Free | Partition Type: NTFS

Computer Name: MASTER | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 10:39:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2010/10/14 14:42:09 | 006,699,424 | ---- | M] (Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti) -- C:\Program Files\handyCafe\Server\hndserver.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 10:39:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mrnkk.sys -- (asc3360pr)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/23 03:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/21 03:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/10/06 11:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/29 12:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 22:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 22:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 20:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/08 09:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "91.144.44.68"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "91.144.44.68"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "91.144.44.68"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "91.144.44.68"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "91.144.44.68"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/06 15:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/10 18:06:20 | 000,000,000 | ---D | M]

[2010/10/06 15:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2010/10/26 01:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\j88pyhuy.default\extensions
[2010/10/10 15:25:32 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\j88pyhuy.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/10/26 01:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/10 15:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/10 15:44:06 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ipcln] C:\Program Files\handyCafe\Filter Server\iplcln.exe (Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/06 14:35:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{19acf3ea-d242-11df-a9bf-40618666aa49}\Shell - "" = AutoRun
O33 - MountPoints2\{19acf3ea-d242-11df-a9bf-40618666aa49}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b22ff70-d15c-11df-9270-806d6172696f}\Shell\Option1\Command - "" = H:\HBCD\Wintools\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 10:39:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/11/11 08:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2010/11/11 08:56:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/11 08:56:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/11 08:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 08:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/06 12:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\ACCOUNTS
[2010/11/04 03:50:12 | 013,283,744 | ---- | C] (Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti) -- C:\Documents and Settings\All Users\Documents\HandySetup_v3.exe
[2010/11/01 10:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Media Player Classic
[2010/10/26 09:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Cradle_of_Fear_Rus(Camo).Srt
[2010/10/26 08:47:59 | 000,421,346 | ---- | C] ( ) -- C:\Documents and Settings\All Users\Documents\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2010/10/26 08:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/10/26 08:45:43 | 002,228,534 | ---- | C] ( ) -- C:\Documents and Settings\All Users\Documents\audacity-win-1.2.6.exe
[2010/10/26 01:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/10/26 01:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/10/26 01:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/10/26 01:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/10/26 01:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/10/26 00:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/10/24 10:57:14 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2010/10/24 10:57:13 | 000,458,752 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PAC7302.SYS
[2010/10/24 10:57:13 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_071029.dll
[2010/10/24 10:57:11 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP7302.AX
[2010/10/24 10:57:11 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P7302USD.dll
[2010/10/24 10:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\ANC
[2010/10/24 10:57:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2010/10/24 10:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC7302
[2010/10/16 21:57:17 | 005,044,640 | ---- | C] (Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti) -- C:\Documents and Settings\admin\My Documents\handycafe_filter_v3.exe
[2010/10/13 22:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\EurekaLog
[2010/10/13 20:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\.AnywherePEViewer
[2010/10/13 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Resource Tuner
[2010/10/13 20:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Tuner
[2010/10/13 19:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSG32
[2010/10/13 19:49:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\sagkl
[2010/10/13 12:12:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/11 10:41:36 | 003,907,327 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2010/11/11 10:39:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/11/11 10:22:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/11 09:12:09 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\admin\Desktop\~$تشرين الثاني.xlsx
[2010/11/11 09:07:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/11 09:07:14 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/11 09:07:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 08:56:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 07:20:06 | 000,067,488 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\تشرين الثاني.xlsx
[2010/11/10 23:38:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/07 22:07:09 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT
[2010/11/04 23:51:14 | 000,065,821 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\accounts.xlsx
[2010/11/01 10:32:52 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 00:50:10 | 000,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/29 00:50:10 | 000,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/27 08:33:16 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\admin\PUTTY.RND
[2010/10/26 13:17:28 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/26 08:48:09 | 000,421,346 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Documents\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2010/10/26 08:46:03 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Audacity.lnk
[2010/10/26 08:45:43 | 002,228,534 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Documents\audacity-win-1.2.6.exe
[2010/10/26 01:41:30 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/10/26 01:40:27 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/10/19 11:22:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/16 21:57:17 | 005,044,640 | ---- | M] (Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti) -- C:\Documents and Settings\admin\My Documents\handycafe_filter_v3.exe
[2010/10/14 14:42:13 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\handyCafe Server.lnk
[2010/10/13 00:24:00 | 000,659,268 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\mksup2.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/11 10:41:36 | 003,907,327 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2010/11/11 09:12:09 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\admin\Desktop\~$تشرين الثاني.xlsx
[2010/11/11 08:56:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 22:07:09 | 000,921,632 | ---- | C] () -- C:\PA7302.DAT
[2010/11/01 10:32:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 08:46:03 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Audacity.lnk
[2010/10/26 01:41:30 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/10/25 03:42:00 | 000,506,368 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\u999.exe
[2010/10/24 10:57:14 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/10/24 10:57:11 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2010/10/24 05:22:02 | 000,506,368 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\u999.exe
[2010/10/14 14:42:13 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\handyCafe Server.lnk
[2010/10/13 00:23:56 | 000,659,268 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\mksup2.jpg
[2010/10/10 22:31:21 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/10/08 12:41:57 | 000,284,160 | R--- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2010/10/07 21:56:00 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\swscale-0.7.2.dll
[2010/10/07 21:55:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\avformat-52.46.0.dll
[2010/10/07 21:55:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avutil-50.7.0.dll
[2010/10/07 21:55:55 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\avdevice-52.2.0.dll
[2010/10/07 21:55:54 | 000,877,056 | ---- | C] () -- C:\WINDOWS\System32\avcodec-52.45.0.dll
[2010/10/07 21:55:54 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2010/10/07 21:55:54 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_JPEG.dll
[2010/10/07 21:55:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_SCALE.dll
[2010/10/07 21:55:51 | 000,877,568 | ---- | C] () -- C:\WINDOWS\System32\avcodec-52.dll
[2010/10/07 21:55:51 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\Deinterlace.dll
[2010/10/07 21:55:51 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\swscale-0.dll
[2010/10/07 21:55:51 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\avformat-52.dll
[2010/10/07 21:55:51 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\avutil-50.dll
[2010/10/07 21:55:51 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\avdevice-52.dll
[2010/10/07 21:31:01 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AVC_H264.dll
[2010/10/07 21:31:01 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\AVC_JPEG.dll
[2010/10/06 16:20:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/06 15:53:51 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/06 15:53:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/06 15:53:48 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/06 15:53:48 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/06 15:53:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/06 15:02:01 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/01 09:48:16 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini

========== LOP Check ==========

[2010/10/13 22:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\EurekaLog
[2010/10/07 19:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\GetRightToGo
[2010/10/10 17:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PriceGong
[2010/10/13 20:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Resource Tuner
[2010/10/07 17:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/13 19:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSG32

========== Purity Check ==========



< End of report >

thank you in advance for any help offered.
  • 0

Advertisements

#2
katzo
Posted 11 November 2010 - 06:27 AM

katzo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
i googled around and found a solution at symantic,the problem is gone

thank you
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP