Help Netsky and InternetSecurity2010 viruses and maybe more

View previous topic View next topic Go down

Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Fri Jan 22, 2010 4:12 pm

to start did manage to install HijackThis - not sure whether scan should happen in safe mode startup or ordinary start-up (when that is possible - "please wait windows is starting up" banner - otherwise screen is kind of split - quarter screen with "folder task" "other places" "details") -

have shut down Internet access on notebook b/c when things are looking up (so essentially do not have net access and need to rely on flash drive to upload or install any programs, etc.) - receive messages "install updates and shut down" - that seems to have precipitated things going topsy turvy again after getting them down to a mild roar - my best guess is that while a virus may already have been lurking - those update installs set things off big time - at present time have gotten them to go away so that it would seem they are not instaling upon logging off or logging on

another noticeable icon is on bottom bar in right corner - icon looks like it might be some type of screen but is overlaid with round red circle with line through it - like you might see for a "no smoking" area, etc. - this icon is in addition to the regular icons that present themselves on ordinary start up

CANNOT install Malwarebytes - click twice and nothing happens -

so if you could provide some guidance for this internet security challenged person - it would be appreciate - generally if I could get my Jpg files off (pictures for work and my beloved rescue dogs) - would be fine doing a clean install manufacturer recovery disk after transferring files - at present time it seems to freeze in process -

system is running Windows XP SP3 - task manager is grayed out - defrag is not available -

why do file names appear all in CAPS, other Initial Caps and others small case - does that mean anything?

Please help - it is much appreciated - doggies need me to get back to working for them -

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Fri Jan 22, 2010 8:58 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Fri Jan 22, 2010 10:16 pm

from safe mode or start mode when it cooperates

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Fri Jan 22, 2010 11:47 pm

in ordinary mode

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:24:42 PM, on 1/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: [You must be registered and logged in to see this link.] = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {2D50EBEC-75A8-4E8F-A1B4-05AA8997916C} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O9 - Extra button: Help - {57518906-2F73-4F52-926D-7FEC97214243} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {801ABAAB-4EF7-428E-A0D4-77A0525AE8FE} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - [You must be registered and logged in to see this link.]
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: libvyv.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 10013 bytes

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Sat Jan 23, 2010 1:41 am

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: libvyv.dll


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Sat Jan 23, 2010 2:28 am

should I remove these two lines and then resend a log?

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Sat Jan 23, 2010 2:29 am

will that allow me to run Malwarebyte? -- while I was able to install it -- it does not seem to open and run - HELP, pretty please

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Sat Jan 23, 2010 4:36 am

here is another log - still cannot get Malwarebyte to run - does it require Internet access?

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:30:38 PM, on 1/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: [You must be registered and logged in to see this link.] = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {2D50EBEC-75A8-4E8F-A1B4-05AA8997916C} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O9 - Extra button: Help - {57518906-2F73-4F52-926D-7FEC97214243} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {801ABAAB-4EF7-428E-A0D4-77A0525AE8FE} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - [You must be registered and logged in to see this link.]
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 9835 bytes

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Sat Jan 23, 2010 11:03 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Sun Jan 24, 2010 2:03 am

both seem to fit -- anxiously awaiting your next directive -- many thanks for your help

here is the first

OTL Extras logfile created on: 1/23/2010 8:19:21 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.06 Gb Total Space | 124.79 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 963.70 Mb Total Space | 804.42 Mb Free Space | 83.47% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: nek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0D6C6128-EA06-41AE-82BB-56FFA497B6D8}" = EASEUS Data Recovery Wizard Professional 3.3.4 Demo
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 16
"{2B34414C-14FB-11D6-A329-0050045C24B2}" = DVD@ccess 2.0.3
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A08615A-6113-46F9-8819-5BA66B6600FD}" = Toshiba Hotkey Utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A44C8FAB-DEED-42A0-959D-492998EE58CE}" = TaxCut Pennsylvania 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6F2C4FD-149A-4BA0-A95D-2A80F10EE751}" = OverDrive Media Console
"{D8C68D85-E7C4-4F1A-974E-3293342E006D}" = Building Homes of Our Own
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{F8E8BF1C-5AE4-4B36-8ACC-6DF7ED2D409F}" = TaxCut Pennsylvania 2007
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"BroadJump Client Foundation" = BroadJump Client Foundation
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
"ComcastSUPPORT" = ComcastSUPPORT
"ComcastToolbar" = Comcast Toolbar
"CutePDF Writer Installation" = CutePDF Writer 2.6
"DeductionPro 2006" = DeductionPro 2006
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GCA Xerox DocuPrint P12" = Printer Xerox DocuPrint P12
"HPOCR" = OCR Software by I.R.I.S 7.0
"I.I.I. Home Inventory" = I.I.I. Home Inventory 3.08
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Financial House" = My Financial House 1.01
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Readerware" = Readerware
"SmartUndelete_is1" = SmartUndelete
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxCut Premium 2006" = TaxCut Premium 2006
"TOSHIBA Game Console" = TOSHIBA Game Console
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"WILLPower" = WILLPower v6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinUndelete" = WinUndelete
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2007 1:46:39 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16414, faulting
module unknown, version 0.0.0.0, fault address 0x60b47930.

Error - 3/16/2007 9:02:20 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2007 6:45:09 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16414, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 3/27/2007 8:21:04 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16414, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2007 8:21:04 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16414, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.


< End of report >


____________________________

here is the second

OTL Extras logfile created on: 1/23/2010 8:19:21 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.06 Gb Total Space | 124.79 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 963.70 Mb Total Space | 804.42 Mb Free Space | 83.47% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: nek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0D6C6128-EA06-41AE-82BB-56FFA497B6D8}" = EASEUS Data Recovery Wizard Professional 3.3.4 Demo
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 16
"{2B34414C-14FB-11D6-A329-0050045C24B2}" = DVD@ccess 2.0.3
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A08615A-6113-46F9-8819-5BA66B6600FD}" = Toshiba Hotkey Utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A44C8FAB-DEED-42A0-959D-492998EE58CE}" = TaxCut Pennsylvania 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6F2C4FD-149A-4BA0-A95D-2A80F10EE751}" = OverDrive Media Console
"{D8C68D85-E7C4-4F1A-974E-3293342E006D}" = Building Homes of Our Own
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{F8E8BF1C-5AE4-4B36-8ACC-6DF7ED2D409F}" = TaxCut Pennsylvania 2007
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"BroadJump Client Foundation" = BroadJump Client Foundation
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
"ComcastSUPPORT" = ComcastSUPPORT
"ComcastToolbar" = Comcast Toolbar
"CutePDF Writer Installation" = CutePDF Writer 2.6
"DeductionPro 2006" = DeductionPro 2006
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GCA Xerox DocuPrint P12" = Printer Xerox DocuPrint P12
"HPOCR" = OCR Software by I.R.I.S 7.0
"I.I.I. Home Inventory" = I.I.I. Home Inventory 3.08
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Financial House" = My Financial House 1.01
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Readerware" = Readerware
"SmartUndelete_is1" = SmartUndelete
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxCut Premium 2006" = TaxCut Premium 2006
"TOSHIBA Game Console" = TOSHIBA Game Console
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"WILLPower" = WILLPower v6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinUndelete" = WinUndelete
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2007 1:46:39 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16414, faulting
module unknown, version 0.0.0.0, fault address 0x60b47930.

Error - 3/16/2007 9:02:20 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2007 6:45:09 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16414, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 3/27/2007 8:21:04 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16414, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2007 8:21:04 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16414, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.


< End of report >

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Sun Jan 24, 2010 2:18 am

Hello.
You posted extra.txt twice, please post the other log too.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Sun Jan 24, 2010 3:02 am

test

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Sun Jan 24, 2010 3:02 am

part 1

[2008/12/15 17:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nek\Application Data\Mozilla\Extensions
[2010/01/19 11:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\extensions
[2010/01/19 09:48:33 | 00,000,000 | ---D | M] (IObitCom Toolbar) -- C:\Documents and Settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
[2009/05/14 11:26:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\extensions\OberonGameHost@OberonGames.com
[2010/01/19 11:33:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/09 15:24:24 | 00,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe (Apple Computer)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 10 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} [You must be registered and logged in to see this link.] (Citrix ICA Client)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [You must be registered and logged in to see this link.] (ActiveScan 2.0 Installer Class)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnMdASl) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/27 13:59:07 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\Shell - "" = AutoRun
O33 - MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d8f2e534-053e-11df-8702-0018de46544d}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{f7104cee-729f-11db-9d2c-00038a000015}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\WINDOWS\1954359.exe \??\C:\WINDOWS\1954359.dat) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Sun Jan 24, 2010 3:10 am

========== Files/Folders - Created Within 30 Days ==========


[2010/01/23 20:06:54 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\nek\My Documents\My Safe
[2010/01/22 23:50:38 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\nek\Recent
[2010/01/22 16:57:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 14:34:16 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/01/21 23:33:38 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/21 14:26:09 | 01,184,768 | ---- | C] (SPIA - System Software Solutions) -- C:\Program Files\NTFS-FileRestorer.exe
[2010/01/21 12:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/01/21 09:17:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Desktop\Unused Desktop Shortcuts
[2010/01/20 11:37:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/01/20 11:35:37 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2010/01/20 11:32:49 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/01/20 11:32:49 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/01/20 11:32:22 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010/01/20 11:32:10 | 01,846,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/01/19 13:23:17 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/19 13:23:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/19 12:37:21 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/19 09:48:35 | 00,000,000 | ---D | C] -- C:\Program Files\IObitCom
[2010/01/19 09:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Local Settings\Application Data\IObitCom
[2010/01/19 09:48:35 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/01/19 09:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Local Settings\Application Data\Conduit
[2010/01/19 09:48:28 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/01/19 09:48:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Application Data\IObit
[2010/01/19 09:34:31 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/18 01:39:01 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/18 01:38:58 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/18 01:38:58 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/18 01:38:34 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/18 01:38:01 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/18 01:38:01 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/18 01:37:25 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/18 01:36:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/18 01:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/18 01:36:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/18 01:36:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Application Data\PC Tools
[2010/01/18 01:23:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/17 22:03:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/01/13 23:38:19 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/01/13 16:24:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/01/13 13:13:12 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/13 13:13:11 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/13 12:25:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2010/01/13 12:23:42 | 00,000,000 | ---D | C] -- C:\EZFirewall
[2010/01/13 10:33:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Local Settings\Application Data\NOS
[2010/01/12 15:45:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1101000.013
[2010/01/12 15:44:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/01/10 22:35:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/01/10 22:02:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Local Settings\Application Data\Threat Expert
[2010/01/10 22:01:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/10 15:57:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Local Settings\Application Data\Tific
[2010/01/10 15:57:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Application Data\Tific
[2010/01/10 15:43:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/01/10 15:40:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/01/10 10:27:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/10 10:27:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/10 10:27:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/10 10:27:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/09 14:32:38 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2010/01/09 14:32:38 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\XceedCry.dll
[2010/01/09 14:32:38 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\XceedBkp.dll
[2010/01/09 14:32:38 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2010/01/09 14:32:38 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2010/01/09 14:32:37 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2010/01/09 14:32:37 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2010/01/09 00:16:07 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2010/01/08 12:59:06 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/01/08 12:59:06 | 00,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/01/08 09:45:59 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/01/08 09:45:59 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/01/08 09:45:59 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/01/08 09:45:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/01/08 09:45:57 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/01/08 09:45:57 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/01/08 09:45:56 | 00,000,000 | ---D | C] -- C:\145ccbfa89461bc045c4bbaca6
[2010/01/07 20:47:57 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\nek\IECompatCache
[2010/01/07 20:46:55 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\nek\PrivacIE
[2010/01/07 20:42:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/07 20:42:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\nek\IETldCache
[2010/01/07 20:33:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/01/07 20:26:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/01/07 20:04:40 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/07 19:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Application Data\AVG8
[2010/01/07 09:57:26 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/12/28 21:37:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Application Data\Printer Info Cache
[2009/10/06 10:03:53 | 00,393,216 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XText.dll
[2009/10/06 10:03:52 | 00,905,216 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XSLT.dll
[2009/10/06 10:03:52 | 00,516,096 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XPath.dll
[2009/10/06 10:03:51 | 00,831,488 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XMLEngine.dll
[2009/10/06 10:03:51 | 00,163,840 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XMLSupport.dll
[2009/10/06 10:03:50 | 00,204,800 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XGrfx.dll
[2009/10/06 10:03:49 | 00,561,152 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XFC.dll
[2009/10/06 10:03:49 | 00,245,760 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XercesParserLiaison.dll
[2009/10/06 10:03:48 | 01,568,768 | ---- | C] (Apache Software Foundation) -- C:\Program Files\Xerces.dll
[2009/10/06 10:03:47 | 00,446,464 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XDraw.dll
[2009/10/06 10:03:46 | 00,212,992 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XalanSourceTree.dll
[2009/10/06 10:03:46 | 00,122,880 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XalanTransformer.dll
[2009/10/06 10:03:46 | 00,094,208 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\XCore.dll
[2009/10/06 10:03:46 | 00,065,536 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XalanDOM.dll
[2009/10/06 10:03:46 | 00,032,256 | ---- | C] (Apache Software Foundation) -- C:\Program Files\XalanExtensions.dll
[2009/10/06 10:03:45 | 01,486,848 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\Support.dll
[2009/10/06 10:03:44 | 00,159,744 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\ssleay32.dll
[2009/10/06 10:03:43 | 00,540,672 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\ProofReader.dll
[2009/10/06 10:03:43 | 00,270,336 | ---- | C] (Apache Software Foundation) -- C:\Program Files\PlatformSupport.dll
[2009/10/06 10:03:43 | 00,022,016 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\OmniThread.dll
[2009/10/06 10:03:42 | 01,216,512 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\OmniORB4.dll
[2009/10/06 10:03:41 | 01,505,280 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\OmniDynamic4.dll
[2009/10/06 10:03:40 | 00,057,344 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\NSViews.dll
[2009/10/06 10:03:37 | 05,935,104 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\MyStory.exe
[2009/10/06 10:03:32 | 00,811,008 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\libeay32.dll
[2009/10/06 10:03:32 | 00,114,688 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\MFCX.dll
[2009/10/06 10:03:31 | 00,512,000 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\HBAM.dll
[2009/10/06 10:03:29 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\GdiPlus.dll
[2009/10/06 10:03:29 | 00,122,880 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMWrapper.dll
[2009/10/06 10:03:28 | 00,499,712 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMUserModel.dll
[2009/10/06 10:03:28 | 00,487,424 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMscript.dll
[2009/10/06 10:03:23 | 08,151,040 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMRSRC.dll
[2009/10/06 10:03:23 | 00,114,688 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMOLE.dll
[2009/10/06 10:03:22 | 00,299,008 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FMLayout.dll
[2009/10/06 10:03:22 | 00,106,496 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\FML10.dll
[2009/10/06 10:02:34 | 00,049,152 | ---- | C] (Apache Software Foundation) -- C:\Program Files\DOMSupport.dll
[2009/10/06 10:02:33 | 02,736,128 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\DBEngine.dll
[2009/10/06 10:02:32 | 00,315,392 | ---- | C] (FileMaker, Inc.) -- C:\Program Files\DBConverter.dll
[2009/01/29 14:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/01/29 14:21:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/01/29 14:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/01/29 14:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2008/11/22 18:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/06/12 08:11:19 | 20,677,344 | ---- | C] (eBay ) -- C:\Program Files\setupUS.exe
[2006/11/13 14:32:35 | 03,214,976 | ---- | C] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\EasyLink_Connect.exe

========== Files - Modified Within 30 Days ==========

[2010/01/23 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/01/23 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/01/23 21:00:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\ugxrcrxv.job
[2010/01/23 20:06:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/23 20:06:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/23 20:06:35 | 21,455,70816 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 23:56:00 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\nek\NTUSER.DAT
[2010/01/22 23:56:00 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\nek\ntuser.ini
[2010/01/22 23:55:53 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\nek\Local Settings\Application Data\IconCache.db
[2010/01/22 23:49:37 | 00,002,437 | ---- | M] () -- C:\Documents and Settings\nek\Desktop\HiJackThis.lnk
[2010/01/22 16:58:05 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/22 14:08:10 | 00,074,616 | ---- | M] () -- C:\Documents and Settings\nek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/22 11:40:04 | 01,574,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/22 11:31:37 | 00,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/22 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/01/22 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/01/22 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/01/22 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/01/22 00:26:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/01/22 00:17:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/22 00:17:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/01/22 00:13:08 | 00,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/21 23:16:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/21 23:16:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/21 23:16:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/21 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/01/21 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/01/21 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/01/21 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/01/21 14:59:33 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/21 14:59:33 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/21 14:59:33 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/21 14:51:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/21 14:30:35 | 00,000,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/01/21 14:26:09 | 01,184,768 | ---- | M] (SPIA - System Software Solutions) -- C:\Program Files\NTFS-FileRestorer.exe
[2010/01/21 14:26:09 | 00,001,026 | ---- | M] () -- C:\Program Files\FileRecovery.dat
[2010/01/21 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/01/21 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/01/20 12:17:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/20 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/01/20 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/01/19 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/01/19 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/01/19 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/01/19 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/01/19 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/01/19 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/01/19 10:27:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/19 10:11:11 | 00,405,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/19 10:11:11 | 00,346,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/19 10:11:11 | 00,054,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/19 10:07:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/19 09:47:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/19 09:34:32 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\nek\Desktop\CCleaner.lnk
[2010/01/19 09:27:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/19 09:07:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/19 08:26:57 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/19 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/01/19 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/01/18 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/01/18 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/01/17 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/01/17 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/01/17 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/01/17 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/01/17 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/01/17 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/01/17 18:00:00 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/01/17 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/01/17 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/01/16 20:13:15 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\nek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 18:17:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/16 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/01/16 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/01/16 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/01/16 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/01/16 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/01/16 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/01/16 06:17:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/16 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/01/16 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/01/16 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/01/16 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/01/16 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/01/16 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/01/16 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/01/16 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/01/16 00:17:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/15 14:00:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/15 13:40:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/15 13:20:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/15 13:00:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/15 12:40:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/15 12:20:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/13 16:25:11 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/13 16:12:12 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B0A1F988-49A3-4A14-9294-45F3C361FEC6}.job
[2010/01/13 13:13:14 | 00,677,574 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2010/01/12 14:03:06 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/01/10 19:10:43 | 00,000,849 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2010/01/10 10:38:34 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/10 10:38:34 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/09 19:01:21 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/09 15:24:24 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/08 12:59:06 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/01/08 12:59:06 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 17:16:30 | 53,714,011 | ---- | M] () -- C:\whole.rwd.script
[2010/01/06 17:16:30 | 00,098,304 | ---- | M] () -- C:\whole.rwd.script.new
[2010/01/06 16:47:38 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\nek\Local Settings\Application Data\prvlcl.dat

========== Files Created - No Company Name ==========

[2010/01/22 23:57:11 | 21,455,70816 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/22 16:58:05 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 23:33:38 | 00,002,437 | ---- | C] () -- C:\Documents and Settings\nek\Desktop\HiJackThis.lnk
[2010/01/21 14:59:37 | 00,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/21 14:59:37 | 00,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
[2010/01/21 14:59:37 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
[2010/01/21 14:59:37 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/01/21 14:30:35 | 00,000,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/01/21 14:26:09 | 00,001,026 | ---- | C] () -- C:\Program Files\FileRecovery.dat
[2010/01/21 12:49:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/19 09:34:32 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\nek\Desktop\CCleaner.lnk
[2010/01/18 01:39:02 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/18 01:39:01 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/18 01:39:01 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/18 01:39:01 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/01/18 01:39:00 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/01/18 01:38:34 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/18 01:38:01 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/18 01:38:01 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/18 01:37:25 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/17 20:50:22 | 00,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/16 21:04:28 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/15 17:03:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/14 20:28:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/14 20:08:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/14 19:48:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/14 19:28:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/14 19:08:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/14 18:48:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/14 18:28:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/14 18:08:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/13 16:25:10 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/12 15:51:34 | 00,677,574 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2010/01/10 21:56:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/10 20:10:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/10 17:36:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/10 17:16:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/10 10:39:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/10 10:38:42 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/09 14:32:37 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2010/01/09 14:32:37 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2010/01/09 00:18:16 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/09 00:18:16 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/09 00:18:16 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/09 00:18:16 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/06 17:16:30 | 00,098,304 | ---- | C] () -- C:\whole.rwd.script.new
[2010/01/06 13:18:38 | 00,000,849 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2010/01/06 13:15:10 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/17 10:41:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\nek\Local Settings\Application Data\prvlcl.dat
[2009/10/06 10:09:51 | 00,000,058 | ---- | C] () -- C:\WINDOWS\presntr.ini
[2009/10/06 10:03:23 | 00,038,368 | ---- | C] () -- C:\Program Files\FMPA Acknowledgements.pdf
[2009/10/06 10:02:13 | 33,914,880 | ---- | C] () -- C:\Program Files\Data.USR
[2009/10/06 10:00:43 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/05 08:35:09 | 01,559,395 | -HS- | C] () -- C:\WINDOWS\System32\nqprdruj.ini
[2009/02/04 08:10:19 | 01,558,007 | -HS- | C] () -- C:\WINDOWS\System32\xwsrbrxp.ini
[2009/02/02 19:44:25 | 01,530,092 | -HS- | C] () -- C:\WINDOWS\System32\twdyfrbh.ini
[2009/02/01 18:20:18 | 01,465,183 | -HS- | C] () -- C:\WINDOWS\System32\tahijgkn.ini
[2009/01/31 19:37:38 | 01,465,201 | -HS- | C] () -- C:\WINDOWS\System32\ngxfogfg.ini
[2009/01/31 18:15:45 | 00,088,731 | -HS- | C] () -- C:\WINDOWS\System32\lSAdMnpo.ini
[2009/01/31 18:15:45 | 00,088,715 | -HS- | C] () -- C:\WINDOWS\System32\lSAdMnpo.ini2
[2008/04/25 10:51:46 | 00,012,970 | ---- | C] () -- C:\Documents and Settings\nek\Application Data\Microsoft Excel.CAL
[2008/04/14 21:27:19 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/04/14 12:18:11 | 00,007,625 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/14 10:18:06 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/14 09:40:27 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\nek\Local Settings\Application Data\fusioncache.dat
[2008/04/06 18:32:19 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/03/09 23:54:06 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/09 23:54:06 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/09 22:56:35 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/03/09 22:56:35 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/03/09 22:56:35 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/03/09 22:56:35 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/26 10:07:08 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/08 15:09:53 | 01,598,986 | ---- | C] () -- C:\Program Files\cdtomp3freeware.exe
[2008/01/17 16:45:21 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2008/01/17 16:45:21 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/01/17 16:45:21 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2007/09/25 17:07:18 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2007/05/02 13:14:51 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2007/03/26 12:42:12 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/26 12:41:54 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/22 20:36:19 | 00,301,321 | ---- | C] () -- C:\Program Files\Office 2003 Editions 60 Day Trial.exe
[2006/12/10 20:28:42 | 08,225,589 | ---- | C] () -- C:\Program Files\dQ0t8IaqNqcOaX2iJSGTFuL0quh_Yr2m.mp4
[2006/12/08 09:40:18 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/12/08 09:40:17 | 00,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/12/06 11:45:48 | 00,820,760 | ---- | C] () -- C:\Program Files\freeundelete.exe
[2006/12/02 20:50:45 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\SID2HEWN.DLL
[2006/12/02 20:50:45 | 00,004,025 | ---- | C] () -- C:\WINDOWS\SIDUNINS.INI
[2006/12/02 20:50:45 | 00,002,432 | ---- | C] () -- C:\WINDOWS\System32\XCPGMON.INI
[2006/11/15 11:29:11 | 05,254,656 | ---- | C] () -- C:\Program Files\converter.exe
[2006/11/15 11:22:14 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/11/15 11:21:37 | 02,064,128 | ---- | C] () -- C:\Program Files\CuteWriter.exe
[2006/11/14 10:01:12 | 00,000,410 | ---- | C] () -- C:\Documents and Settings\nek\Application Data\wklnhst.dat
[2006/11/12 12:30:45 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\nek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/16 15:34:40 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/16 15:33:12 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/16 15:33:12 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/16 15:33:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/16 15:33:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/16 15:33:12 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/16 15:33:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/02 13:54:05 | 00,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/02 13:54:05 | 00,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/02/16 10:34:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/16 10:34:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/16 10:34:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/16 10:34:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/16 10:34:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/16 10:34:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/27 17:02:20 | 00,000,249 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/27 17:00:11 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/27 16:58:12 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/12/27 16:58:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/12/27 16:58:12 | 00,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/12/27 16:58:12 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/12/27 14:54:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/12/27 14:43:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/12/27 14:05:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/27 12:39:35 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/16 12:35:12 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 14:56:50 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 23:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/23 00:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 21:46:00 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2FFC7FB
< End of report >

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Sun Jan 24, 2010 5:47 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnMdASl) - File not found
    O33 - MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\Shell - "" = AutoRun
    O33 - MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{d8f2e534-053e-11df-8702-0018de46544d}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
    O33 - MountPoints2\{f7104cee-729f-11db-9d2c-00038a000015}\Shell\AutoRun\command - "" = setupSNK.exe
    [2010/01/19 09:48:35 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/01/19 09:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nek\Local Settings\Application Data\Conduit
    [2010/01/21 14:51:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/19 10:27:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2010/01/19 10:07:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2010/01/19 09:47:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2010/01/19 09:27:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2010/01/19 09:07:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2010/01/15 14:00:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
    [2010/01/15 13:40:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
    [2010/01/15 13:20:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
    [2010/01/15 13:00:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
    [2010/01/15 12:40:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2010/01/15 12:20:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2010/01/10 19:10:43 | 00,000,849 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll
    [2010/01/10 10:38:34 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
    [2010/01/17 20:50:22 | 00,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
    [2010/01/16 21:04:28 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
    [2010/01/15 17:03:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
    [2010/01/14 20:28:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
    [2010/01/14 20:08:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
    [2010/01/14 19:48:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
    [2010/01/14 19:28:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
    [2010/01/14 19:08:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
    [2010/01/14 18:48:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
    [2010/01/14 18:28:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
    [2010/01/14 18:08:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
    [2010/01/10 21:56:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
    [2010/01/10 20:10:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
    [2010/01/10 17:36:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
    [2010/01/10 17:16:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/10 10:39:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
    [2010/01/10 10:38:42 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
    [2009/02/05 08:35:09 | 01,559,395 | -HS- | C] () -- C:\WINDOWS\System32\nqprdruj.ini
    [2009/02/04 08:10:19 | 01,558,007 | -HS- | C] () -- C:\WINDOWS\System32\xwsrbrxp.ini
    [2009/02/02 19:44:25 | 01,530,092 | -HS- | C] () -- C:\WINDOWS\System32\twdyfrbh.ini
    [2009/02/01 18:20:18 | 01,465,183 | -HS- | C] () -- C:\WINDOWS\System32\tahijgkn.ini
    [2009/01/31 19:37:38 | 01,465,201 | -HS- | C] () -- C:\WINDOWS\System32\ngxfogfg.ini
    [2009/01/31 18:15:45 | 00,088,731 | -HS- | C] () -- C:\WINDOWS\System32\lSAdMnpo.ini
    [2009/01/31 18:15:45 | 00,088,715 | -HS- | C] () -- C:\WINDOWS\System32\lSAdMnpo.ini2
    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Tue Jan 26, 2010 3:58 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31c7d459-9cc3-44f2-9dca-fc11795309b4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31C7D459-9CC3-44F2-9DCA-FC11795309B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31C7D459-9CC3-44F2-9DCA-FC11795309B4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\opnMdASl deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{545e3f0e-108a-11de-82f3-0018de46544d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{545e3f0e-108a-11de-82f3-0018de46544d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{545e3f0e-108a-11de-82f3-0018de46544d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{545e3f0e-108a-11de-82f3-0018de46544d}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8f2e534-053e-11df-8702-0018de46544d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8f2e534-053e-11df-8702-0018de46544d}\ not found.
File E:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7104cee-729f-11db-9d2c-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7104cee-729f-11db-9d2c-00038a000015}\ not found.
File setupSNK.exe not found.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\nek\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\nek\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\nek\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\nek\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\nek\Local Settings\Application Data\Conduit folder moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\krl32mainweq.dll moved successfully.
C:\WINDOWS\system32\winlogon32.exe moved successfully.
C:\WINDOWS\system32\warning.html moved successfully.
C:\WINDOWS\system32\smss32.exe moved successfully.
C:\WINDOWS\system32\helper32.dll moved successfully.
File C:\WINDOWS\System32\23281.exe not found.
File C:\WINDOWS\System32\28145.exe not found.
File C:\WINDOWS\System32\5705.exe not found.
File C:\WINDOWS\System32\24464.exe not found.
File C:\WINDOWS\System32\26962.exe not found.
File C:\WINDOWS\System32\29358.exe not found.
File C:\WINDOWS\System32\11478.exe not found.
File C:\WINDOWS\System32\15724.exe not found.
File C:\WINDOWS\System32\19169.exe not found.
File C:\WINDOWS\System32\26500.exe not found.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
C:\WINDOWS\system32\41.exe moved successfully.
File C:\WINDOWS\System32\winlogon32.exe not found.
C:\WINDOWS\system32\nqprdruj.ini moved successfully.
C:\WINDOWS\system32\xwsrbrxp.ini moved successfully.
C:\WINDOWS\system32\twdyfrbh.ini moved successfully.
C:\WINDOWS\system32\tahijgkn.ini moved successfully.
C:\WINDOWS\system32\ngxfogfg.ini moved successfully.
C:\WINDOWS\system32\lSAdMnpo.ini moved successfully.
C:\WINDOWS\system32\lSAdMnpo.ini2 moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.

OTL by OldTimer - Version 3.1.26.0 log created on 01262010_105229

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Tue Jan 26, 2010 6:06 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Wed Jan 27, 2010 3:13 pm

ComboFix 10-01-26.06 - nek 01/27/2010 9:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1707 [GMT -5:00]
Running from: C:\Combo-Fix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\program files\Common Files\System\Uninstall
c:\recycler\S-1-5-21-3525035880-16201089-3567605124-500
C:\Thumbs.db
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\drivers\H8SRTlpyfddmhql.sys
c:\windows\system32\H8SRTakbynaccol.dll
c:\windows\system32\H8SRTgetxswolmq.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTlsrferjbqo.dat
c:\windows\system32\H8SRTrhoytyyfmn.dll
c:\windows\system32\H8SRTwurutfqhbo.dll
c:\windows\system32\IS15.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\twain_32.dll
c:\windows\Tasks\ugxrcrxv.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2015-06-01 13:28 . 2015-06-01 13:28 -------- d-----w- c:\windows\Readerware
2015-06-01 13:28 . 2010-01-06 19:24 -------- d-----w- c:\program files\Readerware
2010-01-27 13:58 . 2010-01-27 14:01 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-01-22 21:57 . 2010-01-23 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 19:34 . 2010-01-22 21:48 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-01-22 04:33 . 2010-01-22 04:33 -------- d-----w- c:\program files\TrendMicro
2010-01-21 19:30 . 2010-01-21 19:30 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-21 19:26 . 2010-01-21 19:26 1184768 ----a-w- c:\program files\NTFS-FileRestorer.exe
2010-01-21 19:26 . 2010-01-21 19:26 1026 ----a-w- c:\program files\FileRecovery.dat
2010-01-21 17:35 . 2010-01-21 17:39 -------- d-----w- c:\program files\a-squared Free
2010-01-20 16:37 . 2010-01-20 16:37 -------- d-----w- c:\program files\Microsoft.NET
2010-01-20 16:36 . 2008-04-14 00:12 132096 ----a-w- c:\windows\system32\wkssvc.dll
2010-01-20 16:35 . 2008-04-14 00:11 343040 ----a-w- c:\windows\system32\localspl.dll
2010-01-20 16:32 . 2009-02-06 11:06 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-20 16:32 . 2009-02-06 10:32 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-20 16:32 . 2009-02-09 12:10 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-01-20 16:32 . 2008-04-13 18:31 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-01-20 16:32 . 2009-02-09 11:13 1846784 ----a-w- c:\windows\system32\win32k.sys
2010-01-19 18:23 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 18:23 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 18:19 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-19 14:48 . 2010-01-22 14:08 -------- d-----w- c:\program files\IObitCom
2010-01-19 14:48 . 2010-01-19 17:16 -------- d-----w- c:\documents and settings\nek\Local Settings\Application Data\IObitCom
2010-01-19 14:48 . 2010-01-19 14:48 -------- d-----w- c:\documents and settings\nek\Application Data\IObit
2010-01-19 14:48 . 2010-01-19 14:48 -------- d-----w- c:\program files\IObit
2010-01-19 14:34 . 2010-01-19 14:34 -------- d-----w- c:\program files\CCleaner
2010-01-18 06:39 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-18 06:39 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-18 06:39 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-01-18 06:39 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-18 06:38 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-18 06:38 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-18 06:38 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-18 06:38 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-18 06:38 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-18 06:37 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-18 06:36 . 2010-01-18 06:36 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-18 06:36 . 2010-01-18 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-18 06:36 . 2010-01-19 15:05 -------- d-----w- c:\program files\Spyware Doctor
2010-01-18 06:36 . 2010-01-18 06:36 -------- d-----w- c:\documents and settings\nek\Application Data\PC Tools
2010-01-18 06:23 . 2010-01-18 06:23 -------- dc----w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 03:03 . 2010-01-18 03:06 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-14 04:38 . 2010-01-12 19:03 5115824 ----a-w- C:\mbam-setup.exe
2010-01-13 21:25 . 2010-01-13 21:25 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-13 21:24 . 2010-01-14 04:28 -------- d-----w- c:\windows\Internet Logs
2010-01-13 18:13 . 2009-10-29 07:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-13 18:13 . 2009-10-29 07:46 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-01-13 17:25 . 2010-01-13 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2010-01-13 17:23 . 2010-01-13 17:23 -------- d-----w- C:\EZFirewall
2010-01-13 15:33 . 2010-01-13 15:33 -------- d-----w- c:\documents and settings\nek\Local Settings\Application Data\NOS
2010-01-12 20:44 . 2010-01-13 15:20 -------- d-----w- c:\windows\system32\drivers\NIS
2010-01-11 03:35 . 2010-01-11 03:35 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-11 03:02 . 2010-01-11 03:02 -------- d-----w- c:\documents and settings\nek\Local Settings\Application Data\Threat Expert
2010-01-10 20:57 . 2010-01-10 20:58 -------- d-----w- c:\documents and settings\nek\Local Settings\Application Data\Tific
2010-01-10 20:57 . 2010-01-10 20:57 -------- d-----w- c:\documents and settings\nek\Application Data\Tific
2010-01-10 20:43 . 2010-01-13 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-10 20:40 . 2010-01-13 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-09 19:32 . 2004-05-11 15:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2010-01-09 19:32 . 2003-11-19 19:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2010-01-09 19:32 . 2000-07-15 11:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-01-09 05:16 . 2010-01-11 03:01 -------- d-----w- c:\program files\Google
2010-01-08 17:59 . 2010-01-08 17:59 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-08 17:59 . 2010-01-08 17:59 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-08 16:47 . 2010-01-08 16:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-08 14:47 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-08 14:45 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-08 14:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-08 14:45 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-08 14:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-08 14:45 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-08 14:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-08 14:45 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-08 14:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-08 14:45 . 2010-01-08 14:47 -------- d-----w- C:\145ccbfa89461bc045c4bbaca6
2010-01-08 01:47 . 2010-01-08 01:47 -------- d-sh--w- c:\documents and settings\nek\IECompatCache
2010-01-08 01:46 . 2010-01-08 01:46 -------- d-sh--w- c:\documents and settings\nek\PrivacIE
2010-01-08 01:42 . 2010-01-08 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-08 01:42 . 2010-01-08 01:42 -------- d-sh--w- c:\documents and settings\nek\IETldCache
2010-01-08 01:42 . 2010-01-08 01:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-08 01:34 . 2008-04-13 18:53 264832 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-08 01:33 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-08 01:33 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-08 01:33 . 2010-01-21 18:53 -------- d-----w- c:\windows\ie8updates
2010-01-08 01:33 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-08 01:04 . 2010-01-08 01:04 -------- d-----w- c:\program files\AVG
2010-01-08 00:54 . 2010-01-08 00:54 -------- d-----w- c:\documents and settings\nek\Application Data\AVG8
2010-01-07 14:57 . 2009-09-11 14:18 136192 -c--a-w- c:\windows\system32\dllcache\msv1_0.dll
2009-12-29 02:37 . 2009-12-29 02:37 -------- d-----w- c:\documents and settings\nek\Application Data\Printer Info Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 21:48 . 2009-05-15 12:48 -------- d-----w- c:\program files\ComcastToolbar
2010-01-22 19:08 . 2006-11-12 17:31 74616 ----a-w- c:\documents and settings\nek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-22 16:34 . 2005-12-27 19:33 -------- d-----w- c:\program files\Toshiba
2010-01-22 16:33 . 2005-12-27 22:00 -------- d-----w- c:\program files\Common Files\Intuit
2010-01-22 16:31 . 2005-12-27 22:00 -------- d-----w- c:\program files\Quicken
2010-01-22 14:37 . 2006-12-06 17:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-22 04:33 . 2010-01-22 04:33 388096 ----a-r- c:\documents and settings\nek\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-20 16:37 . 2009-07-16 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-19 19:01 . 2010-01-20 14:52 313874 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-01-18 04:33 . 2005-12-27 22:09 -------- d-----w- c:\program files\Yahoo!
2010-01-18 03:18 . 2008-04-06 23:49 -------- d-----w- c:\program files\HP
2010-01-18 03:17 . 2008-04-14 17:37 -------- d-----w- c:\program files\Common Files\HP
2010-01-18 02:50 . 2009-07-16 23:44 -------- d-----w- c:\program files\MSBuild
2010-01-14 06:03 . 2006-11-12 17:30 -------- d-----w- c:\documents and settings\nek\Application Data\toshiba
2010-01-13 21:46 . 2008-05-10 02:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 15:34 . 2005-12-27 21:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-10 22:01 . 2009-02-06 15:24 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-10 15:32 . 2009-11-29 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-09 20:28 . 2008-09-19 12:04 -------- d-----w- c:\documents and settings\nek\Application Data\Yahoo!
2010-01-09 05:15 . 2008-02-01 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-08 20:48 . 2008-06-11 17:47 -------- d-----w- c:\program files\Coupons
2010-01-08 00:44 . 2009-03-26 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo
2010-01-08 00:41 . 2008-12-23 17:33 -------- d-----w- c:\program files\Virtual Earth 3D
2010-01-07 05:33 . 2010-01-05 05:33 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-06 21:47 . 2009-12-17 15:41 0 ----a-w- c:\documents and settings\nek\Local Settings\Application Data\prvlcl.dat
2009-12-29 02:36 . 2009-03-14 18:21 -------- d-----w- c:\documents and settings\nek\Application Data\U3
2009-12-20 03:34 . 2010-01-19 14:48 52224 ----a-w- c:\documents and settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2009-12-20 03:34 . 2010-01-19 14:48 101376 ----a-w- c:\documents and settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
2009-12-06 22:44 . 2007-01-17 15:52 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-04 21:49 . 2010-01-19 14:48 635664 ----a-w- c:\documents and settings\nek\Application Data\IObit\Common\TB_Helper.exe
2009-10-08 13:17 . 2009-10-06 15:02 33914880 ----a-w- c:\program files\Data.USR
2009-10-06 15:02 . 2009-10-06 15:02 49152 ----a-w- c:\program files\DOMSupport.dll
2009-10-06 15:02 . 2009-10-06 15:02 2736128 ----a-w- c:\program files\DBEngine.dll
2009-10-06 15:02 . 2009-10-06 15:02 315392 ----a-w- c:\program files\DBConverter.dll
2008-02-08 20:10 . 2008-02-08 20:09 1598986 ----a-w- c:\program files\cdtomp3freeware.exe
2007-06-12 13:11 . 2007-06-12 13:11 20677344 ----a-w- c:\program files\setupUS.exe
2006-12-11 01:28 . 2006-12-11 01:28 8225589 ----a-w- c:\program files\dQ0t8IaqNqcOaX2iJSGTFuL0quh_Yr2m.mp4
2006-12-06 16:45 . 2006-12-06 16:45 820760 ----a-w- c:\program files\freeundelete.exe
2006-11-15 16:29 . 2006-11-15 16:29 5254656 ----a-w- c:\program files\converter.exe
2006-11-15 16:21 . 2006-11-15 16:21 2064128 ----a-w- c:\program files\CuteWriter.exe
2006-11-13 19:35 . 2006-11-13 19:32 3214976 ----a-w- c:\program files\EasyLink_Connect.exe
2003-11-03 20:52 . 2007-01-23 01:36 301321 ----a-w- c:\program files\Office 2003 Editions 60 Day Trial.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-05 1589248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2001-12-17 483394]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]
[You must be registered and logged in to see this link.] - c:\program files\Apple Computer\DVD@ccess\DVDAccess.exe [2008-2-26 888832]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-27 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
""= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 04:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\windows\1954359.exe \??\c:\windows\1954359.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"spupdsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/7/2009 6:16 AM 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/18/2010 1:38 AM 207792]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2/26/2008 10:03 AM 29156]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/21/2005 11:55 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/21/2005 11:55 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/21/2005 11:25 PM 3456]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/8/2010 12:59 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/8/2010 12:59 PM 30104]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [3/9/2008 10:41 PM 3768]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/18/2010 1:36 AM 359624]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/18/2010 1:39 AM 112592]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{B0A1F988-49A3-4A14-9294-45F3C361FEC6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\nek\Application Data\Mozilla\Firefox\Profiles\sgsp1j45.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-27 09:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3348485863-49304129-1497627467-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
.
**************************************************************************
.
Completion time: 2010-01-27 09:58:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 14:58

Pre-Run: 133,733,834,752 bytes free
Post-Run: 133,706,248,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1ED2681A775B6C03B453205F0476F066

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Wed Jan 27, 2010 9:26 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Wed Jan 27, 2010 11:17 pm

things appear to be a bit better - actually see the Task Manager again - outstanding issues remain with screen still have bar down side (will try to send jpg of it) - icon on quick launch bar is still present (one that looks like a computer screen with a circle with a red line through it --

will write again after I have complete this instruction - should I be sending anything again? - should I be able to reinstall Malwarebyte and AVG and Ad-ware?

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Wed Jan 27, 2010 11:54 pm

should I be able to reinstall Malwarebyte and AVG and Ad-ware?

Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Thu Jan 28, 2010 6:44 pm

DISASTER strikes again --

think that Combo was uninstalled correctly --
ran Malwarebytes
installed AVG and then got into trouble -
wanted spydoctor removed but could not remove it through the programs interface
asked about firewalls and chose AVG - should have it remained as MS?

NOW - no START button or bar along bar -- still have the other bar on the side though - that is what I was trying to get rid of -- HELP - please

here is latest Hijack This log -


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:25:57 PM, on 1/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\QTTask.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: [You must be registered and logged in to see this link.] = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {2D50EBEC-75A8-4E8F-A1B4-05AA8997916C} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O9 - Extra button: Help - {57518906-2F73-4F52-926D-7FEC97214243} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {801ABAAB-4EF7-428E-A0D4-77A0525AE8FE} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - [You must be registered and logged in to see this link.]
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 10554 bytes

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Thu Jan 28, 2010 6:57 pm

also forgot to say that I also tried to remove AVG but do not think that it was successful - weird thing about the lack of a START button is that is really there but more or less become overlaid with this other screen that is void of the start button - how can I get back the MS firewall? -

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Fri Jan 29, 2010 12:16 am

Did you remove AVG AFTER that Hijack This log was taken?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Fri Jan 29, 2010 2:02 am

do not remember - however think that I have worked certain issues out as now all three are installed and appear to be running with MS firewall instead -- only outstanding issues that remain are bar on the side and no wireless internet access - only wired is working --

after I get my jpgs off - do you think that I should abandon things and do a complete reinstall?

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Fri Jan 29, 2010 2:14 am

Upto you if you choose to do a reforamt and re-install.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by betsyg on Fri Jan 29, 2010 1:11 pm

while things seem better with that bar on the side -- wondering whether or not some shred of a virus may not be growing again -- especially since I do not have the wireless up yet -- when I get that running will be back in touch for additional reinforcement -- did the last HJT look okay?

betsyg
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-21
OS OS : windows xp professional
Points Points : 25368
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Netsky and InternetSecurity2010 viruses and maybe more

Post by Belahzur on Fri Jan 29, 2010 5:50 pm

Yes it did. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum