virus showing up as spyware removal site

View previous topic View next topic Go down

virus showing up as spyware removal site

Post by kaygee809 on Sun Feb 28, 2010 11:25 pm

can you help me please. I have a virus that is blocking all programs, access to the control panel, notepad, and everything else that I have tried to open. I am not able to download anything in order to remove it. I am using my computer in safe mode. I am not very computer literate but I will try to follow any advice that you can give to me. Can someone please please please help me get rid of this 2010 virus. Thank you in advance. :sad: :sad:

kaygee809
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-28
Gender Gender : Female
OS OS : windows xp
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus showing up as spyware removal site

Post by Belahzur on Mon Mar 01, 2010 12:07 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus showing up as spyware removal site

Post by kaygee809 on Mon Mar 01, 2010 11:31 am

thank you for responding so fast. I did as you said but I dont no how to send the results to you. I told you that Im not very computer savy!! sorry.

kaygee809
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-28
Gender Gender : Female
OS OS : windows xp
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus showing up as spyware removal site

Post by Belahzur on Mon Mar 01, 2010 8:21 pm

Copy and paste the logs into the text box, then hit send.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus showing up as spyware removal site

Post by kaygee809 on Tue Mar 02, 2010 1:51 am

OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\HelpAssistant\My Documents
Windows XP Professional Edition Service Pack 3, v.5913 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 24.14 Gb Free Space | 32.40% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-471332FE4E
Current User Name: user
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/01 06:27:17 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HelpAssistant\My Documents\OTL.exe
PRC - [2009/12/02 08:52:42 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/03/10 21:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/01/26 00:57:40 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/01 06:27:17 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HelpAssistant\My Documents\OTL.exe
MOD - [2008/01/26 00:58:08 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3300_x-ww_d7ca0dc2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/18 08:01:48 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/12/02 08:52:31 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/02 08:52:29 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/02 08:52:25 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/05/31 11:17:36 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2006/03/17 16:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/02 08:53:01 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/02 08:53:01 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/02 08:53:00 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/02 08:52:52 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2009/12/02 08:52:51 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/12/02 08:52:27 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2009/12/02 08:52:27 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2009/12/02 08:52:26 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2009/12/02 08:52:10 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/12/02 08:52:10 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/20 14:39:04 | 000,339,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/08/20 12:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/02 14:15:26 | 006,008,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/25 23:35:04 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/25 15:26:26 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/06 11:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/12 16:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/23 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.3.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: foxsaver@[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.8
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.0
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: {71398870-486b-11de-8a39-0800200c9a66}:1.0b1
FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="

FF - user.js..browser.startup.homepage: "http://www27.yoog.com/"
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/04 05:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/10 17:02:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/27 12:12:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/27 11:40:48 | 000,000,000 | ---D | M]

[2010/02/01 16:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/02/01 16:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/01 19:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions
[2010/02/23 08:51:53 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/02/28 10:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/09/24 10:19:17 | 000,000,000 | ---D | M] (Googlepedia) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}
[2009/08/03 16:12:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 03:42:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/31 10:25:35 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/02/23 08:51:49 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/02/26 22:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{517ca167-b6e8-4397-a0b4-a0074bbe3d5b}
[2010/02/04 04:04:56 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/04 04:04:45 | 000,000,000 | ---D | M] (Free Game Bar Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296}
[2009/07/19 07:24:20 | 000,000,000 | ---D | M] (Prince of Persia) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{71398870-486b-11de-8a39-0800200c9a66}
[2010/02/23 08:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/02/05 06:57:45 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/31 21:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\anycolor.pavlos256@gmail.com
[2009/11/12 18:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\firefox@kidzui.com
[2010/02/23 08:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\foxsaver@[You must be registered and logged in to see this link.]
[2009/06/22 19:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\iaplayer@instantaction(2).com
[2009/07/01 14:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\smarterwiki@wikiatic(2).com
[2009/07/01 14:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\smarterwiki@wikiatic.com
[2010/02/26 22:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\extensions\textlinks@playsushi.com
[2009/07/11 05:20:35 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\searchplugins\ask.xml
[2009/06/15 19:43:04 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\searchplugins\mywebsearch.xml
[2009/11/19 04:24:23 | 000,002,797 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\searchplugins\world-of-warcraft-armory.xml
[2009/07/07 15:14:57 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\aszanres.default\searchplugins\Yoog Search.xml
[2010/03/01 19:29:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecause Toolbar BHO) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files\Dogpile Toolbar\Toolbar.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} [You must be registered and logged in to see this link.] (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [You must be registered and logged in to see this link.] (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (sevenui.exe) - C:\WINDOWS\System32\sevenui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/31 11:21:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/08 14:43:55 | 000,000,046 | RH-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Installer.exe -- [2009/05/08 14:43:55 | 001,599,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/01 19:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2010/03/01 15:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/01 15:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/01 07:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TheScruffs
[2010/02/28 19:22:18 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup.exe
[2010/02/28 18:44:06 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/28 18:44:06 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/28 18:44:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/28 18:42:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/28 18:41:54 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/28 18:41:54 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/28 18:41:44 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/28 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/28 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/28 18:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PC Tools
[2010/02/28 18:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/28 18:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/02/28 18:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/28 18:33:12 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/28 18:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 18:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/28 18:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Malwarebytes_Anti-Malware_1.44
[2010/02/28 17:09:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/28 12:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG8
[2010/02/28 08:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\opcdjm
[2010/02/26 19:41:44 | 061,395,832 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\user\My Documents\R132886.EXE
[2010/02/26 19:37:31 | 008,254,544 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\All Users\Documents\R132312.EXE
[2010/02/26 19:35:25 | 003,086,672 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\All Users\Documents\R135875.EXE
[2010/02/26 19:30:01 | 002,948,504 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\All Users\Documents\ddup1280.exe
[2010/02/26 19:26:11 | 010,585,496 | ---- | C] (Dell ) -- C:\Documents and Settings\All Users\Documents\DS321PCTweb.exe
[2010/02/25 07:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/02/25 07:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Shockwave.com
[2010/02/24 20:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\5 Spots
[2010/02/19 07:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Curse
[2010/01/31 05:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Deployment
[2010/01/02 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/02 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/02 08:36:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/02 08:36:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/25 21:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/07/08 16:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/08 15:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/01 20:32:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/01 20:31:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 20:30:48 | 002,883,584 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2010/03/01 20:30:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/03/01 20:30:40 | 002,624,656 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/03/01 20:25:26 | 000,146,982 | ---- | M] () -- C:\Documents and Settings\user\Desktop\otl_0.55.tar.gz
[2010/03/01 20:24:00 | 000,146,982 | ---- | M] () -- C:\Documents and Settings\user\My Documents\otl_0.55.tar.gz
[2010/03/01 18:28:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 18:22:18 | 000,149,932 | ---- | M] () -- C:\logfile
[2010/03/01 18:07:24 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/01 15:45:32 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/01 09:10:14 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/03/01 08:23:18 | 056,483,219 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/01 08:11:40 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/28 20:20:14 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jbhguh.sys
[2010/02/28 19:27:12 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 19:22:22 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup.exe
[2010/02/28 18:41:50 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/28 18:31:00 | 008,761,532 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Malwarebytes_Anti-Malware_1.44.zip
[2010/02/28 17:51:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/27 11:40:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/26 21:08:47 | 207,465,552 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Wave-Systems-Corp_EMBASSY-Tr_A04_R217281.exe
[2010/02/26 21:08:43 | 024,762,824 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R132539.exe
[2010/02/26 21:06:06 | 001,549,800 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R260009.exe
[2010/02/26 21:05:53 | 002,852,424 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R220296.exe
[2010/02/26 21:05:32 | 005,761,160 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R161008.EXE
[2010/02/26 21:05:07 | 012,150,160 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R161013.EXE
[2010/02/26 21:03:46 | 008,747,008 | ---- | M] () -- C:\Documents and Settings\user\My Documents\My Downloads List4.ISO
[2010/02/26 19:43:23 | 078,240,680 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R215191.EXE
[2010/02/26 19:43:06 | 000,720,622 | ---- | M] () -- C:\Documents and Settings\user\My Documents\O745-263.exe
[2010/02/26 19:42:54 | 018,400,360 | ---- | M] () -- C:\Documents and Settings\user\My Documents\R189424.exe
[2010/02/26 19:42:40 | 061,395,832 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\user\My Documents\R132886.EXE
[2010/02/26 19:41:29 | 076,181,328 | ---- | M] () -- C:\Documents and Settings\user\My Documents\AMD_RADEON-HD-2400-XT_A05_R179781.exe
[2010/02/26 19:40:29 | 008,828,928 | ---- | M] () -- C:\Documents and Settings\user\My Documents\OPGA5.iso
[2010/02/26 19:40:16 | 008,828,928 | ---- | M] () -- C:\Documents and Settings\user\My Documents\OUGA5.iso
[2010/02/26 19:39:45 | 001,549,800 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R260009.exe
[2010/02/26 19:39:44 | 094,233,336 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Dell_multi-device_A17_R174291.exe
[2010/02/26 19:39:39 | 002,852,424 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R220296.exe
[2010/02/26 19:38:30 | 005,761,160 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R161008.EXE
[2010/02/26 19:38:05 | 012,150,160 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R161013.EXE
[2010/02/26 19:37:38 | 008,254,544 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\All Users\Documents\R132312.EXE
[2010/02/26 19:37:02 | 001,904,904 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R151799.EXE
[2010/02/26 19:35:29 | 003,086,672 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\All Users\Documents\R135875.EXE
[2010/02/26 19:35:17 | 034,628,826 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R164210.exe
[2010/02/26 19:34:28 | 356,389,787 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R149559.exe
[2010/02/26 19:30:05 | 002,948,504 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Documents and Settings\All Users\Documents\ddup1280.exe
[2010/02/26 19:29:52 | 003,892,272 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\CW1337A0.exe
[2010/02/26 19:29:06 | 000,274,064 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R133527.exe
[2010/02/26 19:28:51 | 024,762,824 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R132539.exe
[2010/02/26 19:28:03 | 012,123,816 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\R243724.exe
[2010/02/26 19:26:19 | 010,585,496 | ---- | M] (Dell ) -- C:\Documents and Settings\All Users\Documents\DS321PCTweb.exe
[2010/02/24 21:56:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/24 18:58:01 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/24 05:35:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/19 07:10:44 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/02 03:21:31 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\user\My Documents\tunein-station.pls
[2010/02/01 16:55:44 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/02/01 00:41:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\CurseClientStartup.ccip
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 20:25:26 | 000,146,982 | ---- | C] () -- C:\Documents and Settings\user\Desktop\otl_0.55.tar.gz
[2010/03/01 15:45:32 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/28 20:50:15 | 000,146,982 | ---- | C] () -- C:\Documents and Settings\user\My Documents\otl_0.55.tar.gz
[2010/02/28 20:20:14 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jbhguh.sys
[2010/02/28 18:44:07 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/28 18:44:06 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/28 18:44:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/28 18:44:06 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/28 18:44:06 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/28 18:42:03 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/28 18:41:54 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/28 18:41:54 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/28 18:41:50 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/28 18:41:44 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/28 18:33:16 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 18:31:00 | 008,761,532 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Malwarebytes_Anti-Malware_1.44.zip
[2010/02/27 11:40:48 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/26 21:08:09 | 024,762,824 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R132539.exe
[2010/02/26 21:06:19 | 207,465,552 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Wave-Systems-Corp_EMBASSY-Tr_A04_R217281.exe
[2010/02/26 21:06:03 | 001,549,800 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R260009.exe
[2010/02/26 21:05:49 | 002,852,424 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R220296.exe
[2010/02/26 21:05:06 | 005,761,160 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R161008.EXE
[2010/02/26 21:04:58 | 012,150,160 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R161013.EXE
[2010/02/26 21:03:45 | 008,747,008 | ---- | C] () -- C:\Documents and Settings\user\My Documents\My Downloads List4.ISO
[2010/02/26 19:43:02 | 000,720,622 | ---- | C] () -- C:\Documents and Settings\user\My Documents\O745-263.exe
[2010/02/26 19:42:25 | 018,400,360 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R189424.exe
[2010/02/26 19:42:06 | 078,240,680 | ---- | C] () -- C:\Documents and Settings\user\My Documents\R215191.EXE
[2010/02/26 19:40:42 | 076,181,328 | ---- | C] () -- C:\Documents and Settings\user\My Documents\AMD_RADEON-HD-2400-XT_A05_R179781.exe
[2010/02/26 19:40:22 | 008,828,928 | ---- | C] () -- C:\Documents and Settings\user\My Documents\OPGA5.iso
[2010/02/26 19:40:09 | 008,828,928 | ---- | C] () -- C:\Documents and Settings\user\My Documents\OUGA5.iso
[2010/02/26 19:39:43 | 001,549,800 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R260009.exe
[2010/02/26 19:39:29 | 002,852,424 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R220296.exe
[2010/02/26 19:38:45 | 094,233,336 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Dell_multi-device_A17_R174291.exe
[2010/02/26 19:38:26 | 005,761,160 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R161008.EXE
[2010/02/26 19:37:57 | 012,150,160 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R161013.EXE
[2010/02/26 19:36:59 | 001,904,904 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R151799.EXE
[2010/02/26 19:35:00 | 034,628,826 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R164210.exe
[2010/02/26 19:30:31 | 356,389,787 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R149559.exe
[2010/02/26 19:29:48 | 003,892,272 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\CW1337A0.exe
[2010/02/26 19:29:05 | 000,274,064 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R133527.exe
[2010/02/26 19:28:38 | 024,762,824 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R132539.exe
[2010/02/26 19:27:55 | 012,123,816 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R243724.exe
[2010/02/19 07:09:14 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2010/02/02 03:21:31 | 000,000,219 | ---- | C] () -- C:\Documents and Settings\user\My Documents\tunein-station.pls
[2010/02/01 16:55:44 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/02/01 05:22:25 | 000,154,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/01 00:41:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/01/03 18:20:01 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/17 08:08:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ddres.dll
[2009/11/17 08:08:05 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\expiry.dll
[2009/08/14 06:03:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/04 06:24:33 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009/07/02 14:19:21 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009/07/01 15:01:41 | 000,004,946 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/06/29 13:42:46 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Painter.ini
[2009/05/31 16:57:13 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/31 16:39:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4943.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7DADD8
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4B86AEF
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAC9BB2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD6127BD
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93D985FC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41B3EF33
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD537E5A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:291F3023
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEACDB69
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71B781E2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753A0081
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24DA723
< End of report >

kaygee809
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-28
Gender Gender : Female
OS OS : windows xp
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus showing up as spyware removal site

Post by Belahzur on Tue Mar 02, 2010 1:49 pm

Hello.

Heh, you got yourself a Firefox hijacker, haven't seen this one in a while though, that's what's causing the error.
[You must be registered and logged in to see this link.]

Lets fix it shall we.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus showing up as spyware removal site

Post by kaygee809 on Wed Mar 03, 2010 6:44 pm

im truly sorry that i didn't get back to you sooner. let me bring you up to date. yesterday i bought another computer because i couldn't even log in safe mode. would you please advise me as to me what i should use for protection. right now i have avg and super anti spyware. please tell me how to go about making donations and making them to you (as you are the person who helped me from the start). I want you to know how very grateful i am to you for the time that you took to help me. I am a person that wants to give back when somebody does something for me.
also please tell me what you consider a reasonable amount to be. may i come to you with any problems that i might encounter in the future? you will never know how grateful to you i am since i am self taught as far as computers go!! Thank You!

kaygee809
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-28
Gender Gender : Female
OS OS : windows xp
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus showing up as spyware removal site

Post by Belahzur on Wed Mar 03, 2010 6:48 pm

Hello.
Okay, so what is happening to this infected machine? I saw 2 firefox hijackers, and there was probably more hiding.

For your other machine you just bought, I would add MBAM to the mix, MBAM gets on well with SAS. Right On!

If you have any malware problems, you know where to find me. Smile Donation link in my signature.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum