Computer infected and don't know what it is

View previous topic View next topic Go down

Computer infected and don't know what it is

Post by MJ1 on 28th January 2010, 12:54 am

Hello, Thanks for being here. I have tried for days to get rid of this computer infection and run every type of antimalware and and antivirus and it is still there.

Symptoms:
1.Turns off antivirus - AVG has been turned off (and won't let me delete it ) and Avast worked once and now won't
2. It takes over both firefox and I.E browsers and tries to stop me downloading antivirus and anti malware
3. If i get the antimalware, rootkits downloaded and run once, they usually won't run again
4. It lights up only one program icon on my desktop and will only open that particular one - if I go into the start menu then programs, I can get programs to start. (Any folder I finally get open - only one icon gets highlighted and opened, all others won't)
5. It is infected even in safe mode
6. I have run combofix several times and it now won't run
7. I have run anti-malwarebytes several times and it now comes up with no problems showing up
7. I put on process guard and it seems to hold back some changes that this virus, malware, trojan? tries to make and allows me to get some things opened
8. I can't seem to delete the AVG9IDS Agent from my computer (I tried)

Here is my HiJack this file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:38, on 1/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\32788R22FWJFW\n.pif
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\n.pif
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: DiamondCS ProcessGuard Service v3.500 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)

--
End of file - 4733 bytes

Hope you can tell me what this is and if it can be eliminated?
Thanks very much!

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26026
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer infected and don't know what it is

Post by Belahzur on 28th January 2010, 5:52 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer infected and don't know what it is

Post by MJ1 on 29th January 2010, 10:33 am

Sorry for the delay.

There was a problem. When scanning OTL just stops at: scanning driver WS2IFSL and just hangs and won't fo any further. So the best I could do was run the scan without the drivers.

________________________________________________
OTL logfile created on: 1/29/2010 2:30:37 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 198.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.59 Gb Total Space | 5.08 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/29 00:36:06 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/01/21 00:34:19 | 05,832,712 | R--- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/01/04 17:22:06 | 00,685,392 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/01/04 17:02:10 | 01,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/07/25 13:22:52 | 00,031,744 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\DCSUserProt.exe
PRC - [2008/07/25 13:11:58 | 00,120,832 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\pgaccount.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/20 22:05:53 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2004/03/26 15:39:12 | 00,892,928 | ---- | M] () -- C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe
PRC - [2003/06/24 16:32:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe


========== Modules (SafeList) ==========

MOD - [2010/01/29 00:36:06 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TCPIPManagingService)
SRV - File not found [Auto | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/21 00:34:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/21 00:34:19 | 05,832,712 | R--- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/04 17:02:10 | 01,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/12/13 14:12:18 | 00,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/07/25 13:22:52 | 00,031,744 | ---- | M] (DiamondCS) [Auto | Running] -- C:\Program Files\ProcessGuard\dcsuserprot.exe -- (DCSPGSRV)
SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/21 22:32:12 | 00,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/06/24 16:32:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2002/07/23 03:45:12 | 00,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {1b8cc170-8c85-11db-b606-0800200c9a66}:3.4.1
FF - prefs.js..keyword.URL: "http://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/22 01:12:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 01:23:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 14:00:56 | 00,000,000 | ---D | M]

[2009/09/20 13:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/01/25 10:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions
[2010/01/22 01:13:07 | 00,000,000 | ---D | M] (ShareThis) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}
[2009/11/04 09:35:17 | 00,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/01/22 01:13:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions\firefox-extension@shareaholic.com
[2009/10/13 06:28:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions\seoquake-plugin-delicious@seoquake.com
[2009/10/13 06:28:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2009/10/13 06:28:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions\seoquake-plugin-technorati@seoquake.com
[2010/01/22 01:13:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions\firefox-extension@shareaholic.com\chrome
[2010/01/22 01:13:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\c80032hz.default\extensions\firefox-extension@shareaholic.com\defaults
[2010/01/25 10:28:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 19:21:00 | 03,883,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2009/12/11 01:52:17 | 00,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [You must be registered and logged in to see this link.] (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\Shell - "" = AutoRun
O33 - MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\Shell\AutoRun\command - "" = F:\PdtGuide.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 00:34:38 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/01/25 23:03:23 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/25 22:58:24 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010/01/25 11:07:31 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HJTInstall.exe
[2010/01/25 11:06:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\User\My Documents\HJTInstall.exe
[2010/01/25 03:01:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/25 03:01:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/25 03:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/25 03:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/25 00:30:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Pavark
[2010/01/24 23:55:35 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010/01/24 23:55:33 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010/01/24 22:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sunbelt
[2010/01/24 22:06:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/24 22:04:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/01/24 13:58:28 | 00,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/01/24 01:26:29 | 00,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys
[2010/01/24 01:26:28 | 00,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2010/01/24 01:19:52 | 00,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
[2010/01/24 01:19:19 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2010/01/24 00:58:32 | 00,044,544 | ---- | C] (DiamondCS) -- C:\WINDOWS\System32\procguard.dll
[2010/01/24 00:58:32 | 00,026,688 | ---- | C] (DiamondCS) -- C:\WINDOWS\System32\drivers\procguard.sys
[2010/01/24 00:58:30 | 00,000,000 | ---D | C] -- C:\Program Files\ProcessGuard
[2010/01/24 00:06:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RootkitRevealer
[2010/01/23 23:27:16 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/23 23:25:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/01/23 23:09:55 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/01/22 21:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer
[2010/01/22 20:44:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\kill2me
[2010/01/22 20:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/22 19:55:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\dcleaner
[2010/01/22 18:55:32 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/01/22 18:35:12 | 00,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\34910972.sys
[2010/01/22 18:35:10 | 00,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\3491097.sys
[2010/01/22 18:35:10 | 00,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\34910971.sys
[2010/01/22 18:34:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Virus Removal Tool
[2010/01/22 17:51:05 | 00,407,680 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\User\Desktop\aswclnr.exe
[2010/01/22 03:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\Softwin
[2010/01/22 03:32:36 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/01/22 03:32:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\a-squared Free
[2010/01/22 00:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/22 00:30:31 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/01/22 00:02:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/21 23:51:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/21 23:50:46 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/21 23:36:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/21 23:34:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/21 22:24:19 | 00,151,696 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\User\Desktop\FxSasser.exe
[2010/01/21 21:44:22 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup227.exe
[2010/01/21 00:36:18 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/21 00:36:17 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/01/21 00:36:16 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/01/21 00:36:12 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/21 00:35:59 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/21 00:35:56 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/21 00:35:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/20 23:10:34 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\User\My Documents\avg_free_stb_all_9_40_cnet.exe
[2010/01/13 01:55:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/01/11 09:54:10 | 00,000,000 | ---D | C] -- C:\Program Files\NetworkDLS
[2010/01/10 01:24:45 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup
[2010/01/10 01:23:44 | 00,000,000 | ---D | C] -- C:\CtfmonRemoverEN-v2.3
[2010/01/04 17:02:22 | 00,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/01/02 13:28:36 | 00,000,000 | ---D | C] -- C:\Microsoft Office XP Publisher 2004
[2007/08/13 16:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/29 02:52:30 | 00,061,884 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2010/01/29 00:37:18 | 06,553,600 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/01/29 00:36:06 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/01/29 00:28:57 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/29 00:28:54 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{41022F21-EB4B-4A06-8087-E7DA520507BE}.job
[2010/01/29 00:28:43 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/29 00:26:31 | 00,008,266 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/01/29 00:26:28 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B9E820CD-1B60-4576-8F8A-EF2E689FFF43}
[2010/01/29 00:26:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/29 00:25:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/29 00:25:55 | 53,587,5584 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/26 00:05:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User\NTUSER.INI
[2010/01/26 00:05:09 | 04,846,870 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/01/25 23:11:04 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/01/25 13:07:42 | 00,117,700 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2010/01/25 11:40:21 | 03,835,974 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/01/25 11:07:32 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HJTInstall.exe
[2010/01/25 11:07:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\User\My Documents\HJTInstall.exe
[2010/01/25 09:13:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/25 03:00:24 | 00,140,288 | ---- | M] () -- C:\Documents and Settings\User\Desktop\vcleaner.exe
[2010/01/25 02:23:25 | 00,005,429 | ---- | M] () -- C:\Documents and Settings\User\Desktop\newhijackthis
[2010/01/25 00:40:30 | 00,001,262 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/01/24 22:05:02 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
[2010/01/24 11:44:51 | 01,728,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\McafeeRootkitDetective.zip
[2010/01/24 01:26:32 | 00,000,633 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SanityCheck.lnk
[2010/01/24 01:19:35 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Registrar Registry Manager.lnk
[2010/01/24 00:58:53 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ProcessGuard.lnk
[2010/01/24 00:04:44 | 00,231,390 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RootkitRevealer.zip
[2010/01/23 23:25:58 | 00,089,672 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/01/23 23:23:35 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\User\Desktop\WindowsDefender.msi
[2010/01/23 23:10:10 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SpywareBlaster.lnk
[2010/01/22 19:54:16 | 03,152,725 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dcleaner.zip
[2010/01/22 19:21:24 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2010/01/22 18:02:23 | 08,465,408 | ---- | M] () -- C:\Documents and Settings\User\Desktop\pqremove.com
[2010/01/22 17:51:13 | 00,407,680 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\User\Desktop\aswclnr.exe
[2010/01/22 03:33:28 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/01/22 01:18:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/22 01:18:56 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010/01/22 00:30:00 | 01,709,408 | ---- | M] () -- C:\Documents and Settings\User\Desktop\taskmanager17.exe
[2010/01/21 22:24:19 | 00,151,696 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\User\Desktop\FxSasser.exe
[2010/01/21 21:44:36 | 03,357,024 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup227.exe
[2010/01/21 21:27:28 | 54,493,657 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/21 00:36:19 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/01/21 00:36:18 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/21 00:36:17 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/01/21 00:36:16 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/01/21 00:36:13 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/21 00:35:59 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/21 00:35:56 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/21 00:35:56 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/21 00:35:27 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/21 00:35:27 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/21 00:35:26 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/20 23:10:42 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\User\My Documents\avg_free_stb_all_9_40_cnet.exe
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/10 15:46:31 | 00,316,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/10 01:24:45 | 00,024,064 | ---- | M] (Gerhard Schlager) -- C:\WINDOWS\System32\ctfmon.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 08:48:21 | 00,002,429 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Publisher.lnk
[2010/01/04 17:02:22 | 00,027,984 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/01/02 13:46:14 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/02 13:18:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\User\Desktop\~$indit3 .doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/25 11:40:17 | 03,835,974 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/01/25 11:08:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/01/25 03:00:08 | 00,140,288 | ---- | C] () -- C:\Documents and Settings\User\Desktop\vcleaner.exe
[2010/01/25 02:23:25 | 00,005,429 | ---- | C] () -- C:\Documents and Settings\User\Desktop\newhijackthis
[2010/01/24 22:05:01 | 00,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
[2010/01/24 11:44:47 | 01,728,150 | ---- | C] () -- C:\Documents and Settings\User\My Documents\McafeeRootkitDetective.zip
[2010/01/24 11:39:19 | 00,117,700 | ---- | C] () -- C:\WINDOWS\System32\pguard.dat
[2010/01/24 11:39:19 | 00,061,884 | ---- | C] () -- C:\WINDOWS\System32\pghash.dat
[2010/01/24 01:26:32 | 00,000,633 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SanityCheck.lnk
[2010/01/24 01:19:35 | 00,000,684 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Registrar Registry Manager.lnk
[2010/01/24 01:19:21 | 00,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2010/01/24 01:19:21 | 00,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2010/01/24 00:58:53 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ProcessGuard.lnk
[2010/01/24 00:04:39 | 00,231,390 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RootkitRevealer.zip
[2010/01/23 23:23:32 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\User\Desktop\WindowsDefender.msi
[2010/01/23 23:10:10 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SpywareBlaster.lnk
[2010/01/22 19:54:08 | 03,152,725 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dcleaner.zip
[2010/01/22 19:21:15 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2010/01/22 18:02:16 | 08,465,408 | ---- | C] () -- C:\Documents and Settings\User\Desktop\pqremove.com
[2010/01/22 03:33:28 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/01/22 01:20:46 | 53,587,5584 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/22 00:29:59 | 01,709,408 | ---- | C] () -- C:\Documents and Settings\User\Desktop\taskmanager17.exe
[2010/01/21 23:51:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/21 23:51:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/21 00:36:19 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/01/21 00:35:55 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/21 00:35:27 | 54,493,657 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/21 00:35:27 | 00,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/21 00:35:26 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/21 00:35:17 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/02 13:56:21 | 00,002,429 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Microsoft Publisher.lnk
[2010/01/02 13:18:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\User\Desktop\~$indit3 .doc
[2009/12/04 12:11:18 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2008/09/26 23:23:40 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2008/09/26 23:23:40 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007/02/10 18:57:35 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2007/01/30 22:10:43 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/01/28 01:36:16 | 00,040,060 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys
[2006/11/01 18:31:36 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7C.DLL
[2006/11/01 01:57:24 | 01,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/03/21 22:29:42 | 00,103,424 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/26 02:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/09/05 17:53:37 | 00,003,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/08/09 15:13:31 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 15:13:31 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 15:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/27 10:32:39 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/04/05 20:51:01 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\tmpid.dll
[2005/03/06 17:36:31 | 00,025,601 | ---- | C] () -- C:\WINDOWS\System32\pi2idis.dll
[2004/12/26 07:22:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/11/22 16:45:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SpeedyCD.INI
[2004/08/21 03:23:38 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 21:55:52 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2004/01/23 09:33:26 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2004/01/23 09:30:57 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/12/16 03:45:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/12/16 03:37:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/12/16 03:27:48 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/16 02:52:40 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/07/31 23:48:12 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2000/01/28 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/07/23 12:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A81F9CE
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26026
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer infected and don't know what it is

Post by MJ1 on 29th January 2010, 10:35 am

Here is the extras file (again without the drivers)
__________________________________________________

OTL Extras logfile created on: 1/29/2010 2:30:37 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 198.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.59 Gb Total Space | 5.08 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\tek9.exe" = C:\tek9.exe:*:Enabled:Server -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}" = OpenMG Secure Module 3.1
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23236FC2-648D-4ACF-AD16-68492D0F0AC9}" = FileBox eXtender
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45863598-2FD2-47A5-95F7-3DA77768D1E3}" = Keyword Fisher
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6D9C3D0A-4240-4A9A-9602-1FF431B2B85D}" = CounterSpy
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7BEF8E43-094D-4C07-9684-EAEBE79BFA04}" = DustBuster XP
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DD62878E-7631-4D9D-9983-6F30DA4D7FF8}" = Canon iP6220D Memory Card Utility
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}" = QuickTax 2006
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"a-squared Free_is1" = a-squared Free 4.5
"AVG9Uninstall" = AVG 9.0
"CANONBJ_Deinstall_CNMCP7C.DLL" = Canon iP6220D
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"Content Magnet Article Extractor_is1" = Content Magnet Article Extractor 1.0
"DiamondCS ProcessGuard_is1" = DiamondCS ProcessGuard v3.500
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileBox eXtender" = FileBox eXtender
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IBP11_is1" = IBP 11.6
"ie8" = Windows Internet Explorer 8
"IndeoŽ software" = IndeoŽ software
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Keyword Pad_is1" = Keyword Pad v1.0.112706
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micro Solutions" = Backpack Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MS Access 97 SP2" = MS Access 97 SP2
"Niche Research Commando_is1" = Niche Research Commando Ver 1.1.3
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OpenMG HotFix3.1-02-08-09-01" = OpenMG Limited Patch 3.1-02-12-04-01
"OpenMG HotFix3.1-02-08-15-01" = OpenMG Limited Patch 3.1-02-10-22-01
"OpenMG HotFix3.1-02-10-08-01" = OpenMG Limited Patch 3.1-02-10-22-02
"Registrar_is1" = Registrar Registry Manager 6.50
"RegScrubXP_is1" = RegScrubXP 3.25
"SanityCheck_is1" = SanityCheck 2.00
"Search Automator Pro" = Search Automator Pro 2.0
"Security Task Manager" = Security Task Manager 1.7h
"Shockwave" = Shockwave
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics TouchPad
"SystemInfo_is1" = SystemInfo 1.0.1.9
"TreeSize Free_is1" = TreeSize Free V1.77
"WarriorPDF_is1" = WarriorPDF 5.0.0.614
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 4.71
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.82
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/10/2009 2:29:58 PM | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\FEEDS\FEEDSSTORE.FEEDSDB-MS
failed, 00000005.

Error - 12/11/2009 12:13:37 AM | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 12/11/2009 12:31:00 AM | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 12/11/2009 12:33:00 AM | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 12/12/2009 4:16:54 PM | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 1/21/2010 2:51:56 AM | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 1/22/2010 4:47:03 AM | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

[ Application Events ]
Error - 1/22/2010 2:53:55 AM | Computer Name = LAPTOP | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 1/22/2010 2:53:55 AM | Computer Name = LAPTOP | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/24/2010 2:26:00 AM | Computer Name = LAPTOP | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: LAPTOP\User Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 1/24/2010 2:26:00 AM | Computer Name = LAPTOP | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: LAPTOP\User Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

Error - 1/24/2010 3:37:56 AM | Computer Name = LAPTOP | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: LAPTOP\User Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 1/24/2010 3:37:56 AM | Computer Name = LAPTOP | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: LAPTOP\User Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

Error - 1/24/2010 2:38:20 PM | Computer Name = LAPTOP | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: LAPTOP\User Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 1/24/2010 2:38:21 PM | Computer Name = LAPTOP | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: LAPTOP\User Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

Error - 1/24/2010 5:02:04 PM | Computer Name = LAPTOP | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: LAPTOP\User Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 1/24/2010 5:02:05 PM | Computer Name = LAPTOP | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: LAPTOP\User Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

[ System Events ]
Error - 1/26/2010 1:38:14 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 1/26/2010 1:38:14 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The TCPIP Managing Service service failed to start due to the following
error: %%2

Error - 1/26/2010 1:38:26 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 1/29/2010 3:26:35 AM | Computer Name = LAPTOP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 1/29/2010 3:27:07 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The BulkUsb.Sys Pine MP3 Player Driver service failed to start due
to the following error: %%1058

Error - 1/29/2010 3:27:07 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 1/29/2010 3:27:07 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 1/29/2010 3:27:07 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 1/29/2010 3:27:07 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The TCPIP Managing Service service failed to start due to the following
error: %%2

Error - 1/29/2010 3:27:21 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26026
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer infected and don't know what it is

Post by Belahzur on 29th January 2010, 5:44 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
    O33 - MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\Shell - "" = AutoRun
    O33 - MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\Shell\AutoRun\command - "" = F:\PdtGuide.exe -- File not found
    [2010/01/22 18:35:12 | 00,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\34910972.sys
    [2010/01/22 18:35:10 | 00,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\3491097.sys
    [2010/01/22 18:35:10 | 00,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\34910971.sys


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer infected and don't know what it is

Post by MJ1 on 29th January 2010, 9:51 pm

OK - Here it is
___________________

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96352e1b-ab8f-11de-9501-001e589bf16c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96352e1b-ab8f-11de-9501-001e589bf16c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96352e1b-ab8f-11de-9501-001e589bf16c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96352e1b-ab8f-11de-9501-001e589bf16c}\ not found.
File F:\PdtGuide.exe not found.
C:\WINDOWS\SYSTEM32\DRIVERS\34910972.sys moved successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\3491097.sys moved successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\34910971.sys moved successfully.

OTL by OldTimer - Version 3.1.27.0 log created on 01292010_144921

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26026
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer infected and don't know what it is

Post by Belahzur on 30th January 2010, 5:53 pm

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer infected and don't know what it is

Post by MJ1 on 2nd February 2010, 7:32 am

Thanks so much for all your help. Seems to be gone.

I am still not able to get an antivirus to go on. I have tried to reload AVG and am getting this error:

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Access is denied.

Not sure if that is a virus or just left over problems? Perhaps you could recommend a different free or low cost antivirus to try to put on. counterSpy is running in trial mode but I think that is just a spyware control.

I don't have much but will certainly make a small donation for your very professional help. You have written such clear instructions all the way along that you have made my part easy to do. Thanks!

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26026
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer infected and don't know what it is

Post by Belahzur on 2nd February 2010, 8:12 pm

Hello.
Can you try a different AV? like Avira, cause AVG is known for making/causing problems.

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum