XP Anti Virus 2010 virus

View previous topic View next topic Go down

XP Anti Virus 2010 virus

Post by abijohnson on 3rd March 2010, 4:03 pm

I recently got this virus on my computer which disables the internet and informs me I have many virus's and must purchase XP Anti Virus 2010 in order to remove them.

I can get rid of the virus using Malware Bytes but it just keeps coming back all the time! So all i can think is maybe its still somewhere on my computer?
It is getting very annoying now and I would really appreciate some help!!

abijohnson
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-03
OS OS : windows XP
Points Points : 24788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by Belahzur on 3rd March 2010, 4:08 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by abijohnson on 3rd March 2010, 6:01 pm

This is the OTL log

OTL logfile created on: 3/3/2010 5:53:03 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\brianj\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 142.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.05 Gb Total Space | 43.99 Gb Free Space | 64.65% Space Free | Partition Type: NTFS
Drive D: | 6.47 Gb Total Space | 0.69 Gb Free Space | 10.68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC144942389585
Current User Name: brianj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/03 17:52:25 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brianj\My Documents\OTL.exe
PRC - [2010/02/04 22:19:19 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/04 22:19:19 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/04 22:19:12 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/04 22:19:12 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/04 22:19:11 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/12 03:58:59 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/28 20:21:22 | 010,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/02/22 20:06:12 | 000,499,712 | ---- | M] () -- C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe
PRC - [2006/02/15 16:16:02 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/02/15 16:14:44 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2005/06/29 19:06:54 | 000,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\asghost.exe


========== Modules (SafeList) ==========

MOD - [2010/03/03 17:52:25 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brianj\My Documents\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/04 22:19:11 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/10/05 22:11:34 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/03/03 05:01:18 | 000,054,016 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\gbgca.sys -- (qveuf)
DRV - [2010/02/04 22:19:24 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/04 22:19:24 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/04 22:19:24 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/14 00:49:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/05/08 14:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 18:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 16:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/21 16:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 21:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/02/11 17:07:00 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/10/01 18:27:40 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/09/15 02:09:44 | 000,213,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/13 15:26:12 | 000,094,976 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007/03/05 07:55:58 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/02/16 07:45:26 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/15 15:59:52 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/02/15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/15 15:54:46 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/02/15 15:51:22 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/02/06 02:00:06 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/01/19 13:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 20:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 20:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/09/09 20:14:16 | 000,280,448 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP) Marvell Libertas 802.11b/g Driver for Windows XP (8335)
DRV - [2005/09/01 16:54:26 | 000,032,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2005/09/01 16:54:12 | 000,007,936 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2005/08/31 12:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/31 12:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/31 12:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/31 12:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/31 12:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/31 12:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/31 12:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/30 10:30:00 | 000,088,752 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/29 14:45:24 | 000,018,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
DRV - [2005/08/25 19:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 19:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 12:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/10 06:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/08/04 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 19:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [21508] C:\Documents and Settings\brianj\Local Settings\Temp\vjwmmsku.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alice Automatic Updates Agent.lnk = C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\t-mobile {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\Program Files\T-Mobile\HotSpot Locator\TMobileExplorerPlugin.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\brianj\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\brianj\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2e5f8218-fe5e-11dd-a294-0019d2122457}\Shell - "" = AutoRun
O33 - MountPoints2\{2e5f8218-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e5f8218-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2e5f8223-fe5e-11dd-a294-0019d2122457}\Shell - "" = AutoRun
O33 - MountPoints2\{2e5f8223-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e5f8223-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2e5f8224-fe5e-11dd-a294-0019d2122457}\Shell - "" = AutoRun
O33 - MountPoints2\{2e5f8224-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e5f8224-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2e5f8236-fe5e-11dd-a294-0019d2122457}\Shell - "" = AutoRun
O33 - MountPoints2\{2e5f8236-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e5f8236-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2e5f8237-fe5e-11dd-a294-0019d2122457}\Shell - "" = AutoRun
O33 - MountPoints2\{2e5f8237-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e5f8237-fe5e-11dd-a294-0019d2122457}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e52709da-fddc-11dd-a293-0019d2122457}\Shell - "" = AutoRun
O33 - MountPoints2\{e52709da-fddc-11dd-a293-0019d2122457}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e52709da-fddc-11dd-a293-0019d2122457}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/03 17:52:08 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\brianj\My Documents\OTL.exe
[2010/03/02 02:20:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/17 19:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/10 16:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/08 22:44:37 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/04 23:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brianj\Application Data\Malwarebytes
[2010/02/04 23:05:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/04 23:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/04 23:05:23 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/04 23:04:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\brianj\Desktop\mbam-setup.exe
[2010/02/04 22:19:43 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/04 22:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/04 22:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/02/04 22:16:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/04 22:16:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/04 22:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/04 22:14:14 | 097,229,360 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\brianj\Desktop\avg_free_stf_all_90_730a1834.exe
[2010/01/12 10:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/04/14 11:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/19 08:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/03 17:52:25 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brianj\My Documents\OTL.exe
[2010/03/03 14:31:03 | 056,595,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/03 14:25:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/03 14:24:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/03 14:24:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/03 14:24:51 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/03 05:01:18 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gbgca.sys
[2010/03/03 04:55:57 | 000,011,240 | -HS- | M] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\2542G16705fU
[2010/03/03 01:35:19 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\brianj\NTUSER.DAT
[2010/03/03 01:35:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\brianj\ntuser.ini
[2010/03/03 00:39:03 | 000,012,192 | -HS- | M] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\CMa57a2rBB
[2010/02/22 13:40:05 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/20 23:52:01 | 000,011,736 | -HS- | M] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\aPkcl667
[2010/02/19 01:37:50 | 000,012,482 | -HS- | M] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\NLF6AMiFd8F
[2010/02/19 01:35:37 | 000,001,384 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2010/02/19 01:28:44 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2010/02/19 01:19:11 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/19 01:18:12 | 000,010,763 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/19 01:18:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\_VOIDlkafkttttj.dll
[2010/02/19 01:18:02 | 000,032,256 | ---- | M] () -- C:\WINDOWS\System32\_VOIDlcmduvskdx.dll
[2010/02/19 01:17:59 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System32\_VOIDviwjcjaldq.dat
[2010/02/19 01:17:13 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\_VOIDuocpublgxv.dll
[2010/02/19 01:16:41 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\_VOIDlyruccrrnr.sys
[2010/02/19 01:15:31 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/18 23:20:05 | 001,630,281 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Crookers ft Kardinal Offishall - Hands on me.mp3
[2010/02/18 23:08:51 | 004,810,115 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Beyonce - Video Phone.mp3
[2010/02/18 22:45:38 | 004,810,115 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Crookers Megamix.mp3
[2010/02/18 22:33:24 | 001,760,476 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Colby O'Donis - She didn't go, she didn't leave.mp3
[2010/02/18 22:26:44 | 001,760,476 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Jay Sean ft Sway - I wont tell.mp3
[2010/02/18 22:09:51 | 001,670,614 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Jay Sean - Tonight.mp3
[2010/02/18 22:03:15 | 001,962,977 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Lloyd - Girls all around the world.mp3
[2010/02/18 21:55:23 | 001,696,110 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Lloyd - Get it shawty.mp3
[2010/02/18 21:48:34 | 002,121,174 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\The Dream - i luv your gurl.mp3
[2010/02/18 21:29:35 | 002,073,945 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Pharell - Change Clothes.mp3
[2010/02/18 21:20:57 | 002,465,573 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Lil Wayne - Die For You.mp3
[2010/02/18 21:12:55 | 001,935,183 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\Bedrock Part 2.mp3
[2010/02/18 20:44:24 | 004,205,260 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\01 Everyone Nose.mp3
[2010/02/18 19:22:20 | 007,191,845 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\The-Dream_Rockin_That_Shit.mp3
[2010/02/18 19:22:20 | 006,055,256 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\02 Love King[2].mp3
[2010/02/17 13:23:44 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\brianj\My Documents\international law.doc
[2010/02/12 10:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/10 17:05:20 | 000,001,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/02/10 16:41:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/05 17:44:46 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/04 23:05:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\brianj\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 23:03:26 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\brianj\Desktop\mbam-setup.exe
[2010/02/04 22:35:48 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\brianj\Desktop\exefix.reg
[2010/02/04 22:31:08 | 000,010,206 | -HS- | M] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\Wdam7C13N
[2010/02/04 22:19:25 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/04 22:19:24 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/04 22:19:24 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/04 22:19:24 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/04 22:19:24 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/04 22:19:24 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/04 22:11:28 | 097,229,360 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\brianj\Desktop\avg_free_stf_all_90_730a1834.exe
[2010/02/04 21:57:54 | 004,812,128 | -H-- | M] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\IconCache.db
[2010/02/01 20:12:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/03 05:01:17 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gbgca.sys
[2010/03/03 03:55:32 | 000,011,240 | -HS- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\2542G16705fU
[2010/03/03 00:37:00 | 000,012,192 | -HS- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\CMa57a2rBB
[2010/02/20 22:51:58 | 000,011,736 | -HS- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\aPkcl667
[2010/02/19 01:35:37 | 000,001,384 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2010/02/19 01:28:44 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2010/02/19 01:19:11 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/19 01:18:12 | 000,010,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/19 01:18:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_VOIDlkafkttttj.dll
[2010/02/19 01:18:00 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_VOIDlcmduvskdx.dll
[2010/02/19 01:17:22 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\_VOIDviwjcjaldq.dat
[2010/02/19 01:17:13 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\_VOIDuocpublgxv.dll
[2010/02/19 01:16:41 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\_VOIDlyruccrrnr.sys
[2010/02/19 01:15:31 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/19 01:15:24 | 000,012,482 | -HS- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\NLF6AMiFd8F
[2010/02/18 23:20:05 | 001,630,281 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Crookers ft Kardinal Offishall - Hands on me.mp3
[2010/02/18 23:08:51 | 004,810,115 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Beyonce - Video Phone.mp3
[2010/02/18 22:45:38 | 004,810,115 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Crookers Megamix.mp3
[2010/02/18 22:33:11 | 001,760,476 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Colby O'Donis - She didn't go, she didn't leave.mp3
[2010/02/18 22:26:44 | 001,760,476 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Jay Sean ft Sway - I wont tell.mp3
[2010/02/18 22:09:50 | 001,670,614 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Jay Sean - Tonight.mp3
[2010/02/18 22:03:14 | 001,962,977 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Lloyd - Girls all around the world.mp3
[2010/02/18 21:55:22 | 001,696,110 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Lloyd - Get it shawty.mp3
[2010/02/18 21:48:23 | 002,121,174 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\The Dream - i luv your gurl.mp3
[2010/02/18 21:29:34 | 002,073,945 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Pharell - Change Clothes.mp3
[2010/02/18 21:20:57 | 002,465,573 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Lil Wayne - Die For You.mp3
[2010/02/18 21:12:54 | 001,935,183 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\Bedrock Part 2.mp3
[2010/02/18 20:44:22 | 004,205,260 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\01 Everyone Nose.mp3
[2010/02/18 19:22:05 | 006,055,256 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\02 Love King[2].mp3
[2010/02/18 19:22:04 | 007,191,845 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\The-Dream_Rockin_That_Shit.mp3
[2010/02/15 21:57:58 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\brianj\My Documents\international law.doc
[2010/02/10 17:05:20 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/02/04 23:05:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\brianj\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 22:35:48 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\brianj\Desktop\exefix.reg
[2010/02/04 22:19:25 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/04 21:52:29 | 000,010,206 | -HS- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\Wdam7C13N
[2009/03/25 14:25:18 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 14:48:50 | 000,000,057 | ---- | C] () -- C:\WINDOWS\init.ini
[2009/02/20 07:38:59 | 000,014,812 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2009/02/20 07:37:56 | 000,000,403 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/02/20 07:37:48 | 000,001,091 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/02/20 07:37:37 | 000,196,608 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll
[2009/02/17 14:26:57 | 000,037,703 | ---- | C] () -- C:\Documents and Settings\brianj\Application Data\Comma Separated Values (Windows).ADR
[2009/02/17 14:12:55 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\fusioncache.dat
[2009/02/17 14:12:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\QSwitch.txt
[2009/02/17 14:12:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\DSwitch.txt
[2009/02/17 14:12:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brianj\Local Settings\Application Data\AtStart.txt
[2009/02/17 09:09:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/16 16:32:39 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/15 09:35:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/15 09:35:59 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/15 09:35:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/15 09:35:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/15 09:35:59 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/15 09:35:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/15 21:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2006/08/18 08:53:43 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 08:52:20 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 19:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 13:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 13:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/01 09:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/04/01 16:45:50 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/05/07 02:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
< End of report >

abijohnson
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-03
OS OS : windows XP
Points Points : 24788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by abijohnson on 3rd March 2010, 6:02 pm

This is the extras log:

OTL Extras logfile created on: 3/3/2010 5:53:03 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\brianj\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 142.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.05 Gb Total Space | 43.99 Gb Free Space | 64.65% Space Free | Partition Type: NTFS
Drive D: | 6.47 Gb Total Space | 0.69 Gb Free Space | 10.68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC144942389585
Current User Name: brianj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe" = C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe:*:Disabled:AutoUpdateSrv Application -- ()
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22C28506-B1E0-4050-B0B7-B97AEB061381}" = HP User Guides 0029
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AB2F8DF-F905-44F9-8003-C81FEE95BC2B}" = Communication Center
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80664F8A-117F-4F0C-B8C9-E0E7B112AA7D}" = Odyssey
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{903B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Professional 2002
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}" = HP Notebook Accessories Product Tour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 C3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}" = HP Credential Manager for ProtectTools
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CS Project Lite_is1" = CS Project version 3.4
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driving Test Success - All Tests_is1" = Driving Test Success 2007/8
"DWG TrueView 2008" = DWG TrueView 2008
"EA Download Manager" = EA Download Manager
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OptionPCCardInstaller" = 'Option PC Cards driver package'
"OptionPluss_PCCardInstaller" = Option GT HSDPA driver suite
"RealPlayer 12.0" = RealPlayer
"sem_GCXX" = Sony Ericsson GCXX (75/79/82/83/85/89)
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TMobileHotspotLocator" = HotSpot Locator 1.1
"web'n'walk Manager" = web'n'walk Manager
"web'n'walk USB manager" = web'n'walk USB manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2009 5:18:00 PM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

Error - 4/1/2009 5:18:00 PM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

Error - 4/1/2009 5:18:00 PM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

Error - 4/1/2009 5:24:33 PM | Computer Name = PC144942389585 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/2/2009 2:03:11 AM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

Error - 4/2/2009 2:03:11 AM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

Error - 4/2/2009 2:03:11 AM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

Error - 4/2/2009 2:03:11 AM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

Error - 4/2/2009 2:03:11 AM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

Error - 4/2/2009 2:03:11 AM | Computer Name = PC144942389585 | Source = OCS INVENTORY SERVICE | ID = 20
Description =

[ System Events ]
Error - 2/28/2010 10:43:49 PM | Computer Name = PC144942389585 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 11:05:57 PM | Computer Name = PC144942389585 | Source = PSched | ID = 14103
Description = QoS [Adapter {8CEFAC5C-556E-41C7-A3C2-4586920313E4}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/1/2010 8:06:24 PM | Computer Name = PC144942389585 | Source = PSched | ID = 14103
Description = QoS [Adapter {8CEFAC5C-556E-41C7-A3C2-4586920313E4}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/1/2010 10:19:47 PM | Computer Name = PC144942389585 | Source = PSched | ID = 14103
Description = QoS [Adapter {8CEFAC5C-556E-41C7-A3C2-4586920313E4}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/2/2010 6:03:40 PM | Computer Name = PC144942389585 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 0019D2122457 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/2/2010 9:36:09 PM | Computer Name = PC144942389585 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 0019D2122457 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/2/2010 9:36:12 PM | Computer Name = PC144942389585 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 3/2/2010 9:37:41 PM | Computer Name = PC144942389585 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde PCIIde ViaIde

Error - 3/3/2010 10:29:23 AM | Computer Name = PC144942389585 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{4377DEA6-30F3-48EE-A41D-CB56491D1898}. The
backup browser is stopping.

Error - 3/3/2010 11:33:41 AM | Computer Name = PC144942389585 | Source = PSched | ID = 14103
Description = QoS [Adapter {8CEFAC5C-556E-41C7-A3C2-4586920313E4}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >

abijohnson
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-03
OS OS : windows XP
Points Points : 24788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by Belahzur on 3rd March 2010, 6:24 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by abijohnson on 3rd March 2010, 7:47 pm

ComboFix 10-03-03.02 - brianj 03/03/2010 19:18:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.224 [GMT 0:00]
Running from: c:\documents and settings\brianj\My Documents\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\_VOIDmainqt.dll
c:\documents and settings\All Users\Application Data\mswintmp.dat
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\brianj\Local Settings\Temporary Internet Files\3B0X7.jpg
c:\documents and settings\brianj\Local Settings\Temporary Internet Files\46la8.jpg
c:\documents and settings\brianj\Local Settings\Temporary Internet Files\5n7mXnmba.jpg
c:\documents and settings\brianj\Local Settings\Temporary Internet Files\6O8YK.jpg
c:\documents and settings\brianj\Local Settings\Temporary Internet Files\o6ok56Xyl.jpg
c:\documents and settings\brianj\Local Settings\Temporary Internet Files\P84Ox.jpg
c:\documents and settings\brianj\Local Settings\Temporary Internet Files\xx4bn.jpg
c:\documents and settings\brianj\Local Settings\Temporary Internet Files\Yjx8a8P7.jpg
c:\recycler\S-1-5-21-6854808422-3666011082-794299241-4551
c:\windows\system32\_VOIDlcmduvskdx.dll
c:\windows\system32\_VOIDlkafkttttj.dll
c:\windows\system32\_VOIDuocpublgxv.dll
c:\windows\system32\_VOIDviwjcjaldq.dat
c:\windows\system32\crt.dat
c:\windows\system32\drivers\_VOIDlyruccrrnr.sys
c:\windows\system32\drivers\gbgca.sys
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Legacy__VOIDd.sys
-------\Service__VOIDd.sys
-------\Service_qveuf


((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 18:13 . 2010-03-03 18:13 -------- d-----w- c:\program files\IrfanView
2010-03-02 02:20 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-17 19:50 . 2010-02-17 19:50 1955472 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-17 19:50 . 2010-02-18 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-10 16:30 . 2010-02-10 16:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-08 22:44 . 2010-02-08 22:44 -------- d-----w- C:\found.000
2010-02-05 17:48 . 2010-02-04 22:19 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-05 17:48 . 2010-02-04 22:19 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-04 23:05 . 2010-02-04 23:05 -------- d-----w- c:\documents and settings\brianj\Application Data\Malwarebytes
2010-02-04 23:05 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 23:05 . 2010-02-04 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 23:05 . 2010-02-04 23:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 23:05 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 22:19 . 2010-02-04 22:23 -------- d-----w- C:\$AVG
2010-02-04 22:19 . 2010-02-04 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-04 22:18 . 2010-02-04 22:23 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 23:28 . 2010-01-12 23:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-19 01:41 . 2010-02-19 01:41 296462 ----a-w- c:\windows\~DFF92C.tmp
2010-02-18 16:18 . 2010-01-10 16:03 79488 ----a-w- c:\documents and settings\brianj\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-10 17:05 . 2009-07-08 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-02-10 16:27 . 2009-10-25 21:16 38784 ----a-w- c:\documents and settings\brianj\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-02-04 22:19 . 2009-04-14 11:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-04 22:19 . 2009-04-14 11:37 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-04 22:19 . 2009-04-14 11:37 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-04 22:19 . 2009-04-14 11:37 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-04 22:19 . 2009-04-14 11:36 -------- d-----w- c:\program files\AVG
2010-02-01 20:12 . 2010-01-13 16:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-27 18:09 . 2010-01-06 17:10 -------- d-----w- c:\documents and settings\brianj\Application Data\Apple Computer
2010-01-25 16:43 . 2009-02-17 12:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 16:23 . 2010-01-20 16:23 -------- d-----w- c:\documents and settings\brianj\Application Data\Spotify
2010-01-20 16:23 . 2010-01-20 16:23 -------- d-----w- c:\program files\Spotify
2010-01-18 02:48 . 2010-01-09 22:33 -------- d-----w- c:\program files\DivX
2010-01-14 11:12 . 2010-01-10 00:47 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 00:10 . 2010-01-13 00:10 16 ----a-w- c:\windows\popcinfo.dat
2010-01-12 23:29 . 2010-01-12 23:29 -------- d-----w- c:\documents and settings\brianj\Application Data\SpinTop
2010-01-12 04:26 . 2010-01-12 04:26 -------- d-----w- c:\documents and settings\brianj\Application Data\DivX
2010-01-12 04:15 . 2010-01-09 22:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-12 04:00 . 2010-01-12 03:58 -------- d-----w- c:\program files\Common Files\Real
2010-01-12 03:59 . 2010-01-12 03:59 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-12 03:59 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-12 03:59 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 03:59 . 2010-01-12 03:59 -------- d-----w- c:\program files\Real
2010-01-11 13:04 . 2010-01-06 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-06 17:09 . 2010-01-06 17:08 -------- d-----w- c:\program files\iTunes
2010-01-06 17:09 . 2010-01-06 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-06 17:09 . 2010-01-06 17:09 -------- d-----w- c:\program files\iPod
2010-01-06 17:09 . 2010-01-06 17:05 -------- d-----w- c:\program files\Common Files\Apple
2010-01-06 17:08 . 2010-01-06 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-06 17:08 . 2010-01-06 17:08 -------- d-----w- c:\program files\Bonjour
2010-01-06 17:07 . 2010-01-06 17:07 -------- d-----w- c:\program files\QuickTime
2010-01-06 17:06 . 2010-01-06 17:06 -------- d-----w- c:\program files\Apple Software Update
2010-01-05 10:00 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2004-08-04 08:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 08:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 08:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 08:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-12 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Alice Automatic Updates Agent.lnk - c:\program files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2009-2-27 499712]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-2-15 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-04 22:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\T-Mobile\\Communication Center\\AutoUpdateSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/14/2009 11:37 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/14/2009 11:37 AM 360584]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 8:00 AM 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/4/2010 10:19 PM 285392]
S0 ebbaam;ebbaam; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [10/5/2006 10:11 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-03 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1920)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\HPQ\IAM\bin\asghost.exe
.
**************************************************************************
.
Completion time: 2010-03-03 19:33:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-03 19:33

Pre-Run: 49,719,726,080 bytes free
Post-Run: 50,950,320,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 94E5AEBEB128CCD5E561BD43C2205562

abijohnson
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-03
OS OS : windows XP
Points Points : 24788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by Belahzur on 4th March 2010, 12:30 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\~DFF92C.tmp

    Driver::
    ebbaam

    Folder::
    C:\found.000
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by abijohnson on 4th March 2010, 1:16 am

Hey, i'm guessing this is the right log? Its the only one I could find!

ComboFix 10-03-03.02 - brianj 03/04/2010 0:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.160 [GMT 0:00]
Running from: c:\documents and settings\brianj\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\brianj\My Documents\CFScript.txt

FILE ::
"c:\windows\~DFF92C.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\file0000.chk
c:\windows\~DFF92C.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EBBAAM
-------\Service_ebbaam


((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-03 18:13 . 2010-03-03 18:13 -------- d-----w- c:\program files\IrfanView
2010-03-02 02:20 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-17 19:50 . 2010-02-17 19:50 1955472 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-17 19:50 . 2010-02-18 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-10 16:30 . 2010-02-10 16:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 23:05 . 2010-02-04 23:05 -------- d-----w- c:\documents and settings\brianj\Application Data\Malwarebytes
2010-02-04 23:05 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 23:05 . 2010-02-04 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 23:05 . 2010-02-04 23:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 23:05 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 22:18 . 2010-02-04 22:23 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 23:28 . 2010-01-12 23:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-18 16:18 . 2010-01-10 16:03 79488 ----a-w- c:\documents and settings\brianj\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-10 17:05 . 2009-07-08 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-02-10 16:27 . 2009-10-25 21:16 38784 ----a-w- c:\documents and settings\brianj\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-02-04 22:19 . 2009-04-14 11:36 -------- d-----w- c:\program files\AVG
2010-02-01 20:12 . 2010-01-13 16:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-27 18:09 . 2010-01-06 17:10 -------- d-----w- c:\documents and settings\brianj\Application Data\Apple Computer
2010-01-25 16:43 . 2009-02-17 12:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 16:23 . 2010-01-20 16:23 -------- d-----w- c:\documents and settings\brianj\Application Data\Spotify
2010-01-20 16:23 . 2010-01-20 16:23 -------- d-----w- c:\program files\Spotify
2010-01-18 02:48 . 2010-01-09 22:33 -------- d-----w- c:\program files\DivX
2010-01-14 11:12 . 2010-01-10 00:47 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 00:10 . 2010-01-13 00:10 16 ----a-w- c:\windows\popcinfo.dat
2010-01-12 23:29 . 2010-01-12 23:29 -------- d-----w- c:\documents and settings\brianj\Application Data\SpinTop
2010-01-12 04:26 . 2010-01-12 04:26 -------- d-----w- c:\documents and settings\brianj\Application Data\DivX
2010-01-12 04:15 . 2010-01-09 22:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-12 04:00 . 2010-01-12 03:58 -------- d-----w- c:\program files\Common Files\Real
2010-01-12 03:59 . 2010-01-12 03:59 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-12 03:59 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-12 03:59 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 03:59 . 2010-01-12 03:59 -------- d-----w- c:\program files\Real
2010-01-11 13:04 . 2010-01-06 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-06 17:09 . 2010-01-06 17:08 -------- d-----w- c:\program files\iTunes
2010-01-06 17:09 . 2010-01-06 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-06 17:09 . 2010-01-06 17:09 -------- d-----w- c:\program files\iPod
2010-01-06 17:09 . 2010-01-06 17:05 -------- d-----w- c:\program files\Common Files\Apple
2010-01-06 17:08 . 2010-01-06 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-06 17:08 . 2010-01-06 17:08 -------- d-----w- c:\program files\Bonjour
2010-01-06 17:07 . 2010-01-06 17:07 -------- d-----w- c:\program files\QuickTime
2010-01-06 17:06 . 2010-01-06 17:06 -------- d-----w- c:\program files\Apple Software Update
2010-01-05 10:00 . 2004-08-04 08:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2004-08-04 08:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 08:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 08:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 08:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-04 01:03 . 2010-03-04 01:03 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-12 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Alice Automatic Updates Agent.lnk - c:\program files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2009-2-27 499712]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-2-15 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\T-Mobile\\Communication Center\\AutoUpdateSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 8:00 AM 14336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [10/5/2006 10:11 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-03-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 22:11]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-04 01:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2004)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\HPQ\IAM\bin\asghost.exe
.
**************************************************************************
.
Completion time: 2010-03-04 01:06:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-04 01:06
ComboFix2.txt 2010-03-03 19:33

Pre-Run: 51,050,663,936 bytes free
Post-Run: 51,056,852,992 bytes free

- - End Of File - - DBE2057F6EC27234FD5428F2F2C600A1

abijohnson
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-03
OS OS : windows XP
Points Points : 24788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by Belahzur on 4th March 2010, 1:20 am

Hello.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by abijohnson on 4th March 2010, 1:37 am

It seems ok now thanks, the virus hasn't popped up anymore so everything seems fine! Thankyou!

abijohnson
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-03
OS OS : windows XP
Points Points : 24788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP Anti Virus 2010 virus

Post by Belahzur on 4th March 2010, 1:41 am

Last thing to do.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum