Antispyware virus

View previous topic View next topic Go down

Antispyware virus

Post by amiracle on Tue May 11, 2010 3:29 am

i tried to install the java update (JR 20) as suggested, but was unable. I clicked on 'properties' and then the 'securities' tab to try and give myself full control, but somehow, i can't click on the box to do it. (i am now running in safe mode, but i ran hijack this in normal mode. i can't access the internet in normal mode.

i would appreciate any suggestions!

thanks!

here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:41:44, on 10/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\docume~1\amirkh~1\locals~1\temp\cdm\{297e1012-4312-40c4-a0bd-fd3feb4d3a2b}\STacSV.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Documents and Settings\Amir Khan\Desktop\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
O3 - Toolbar: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\Amir Khan\Application Data\E9E7D140539D1D37BE944390C03CB943\gotnewupdate000.exe
O4 - HKUS\S-1-5-18\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\docume~1\amirkh~1\locals~1\temp\cdm\{297e1012-4312-40c4-a0bd-fd3feb4d3a2b}\STacSV.exe

--
End of file - 8030 bytes

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by Belahzur on Tue May 11, 2010 7:23 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
    O2 - BHO: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
    O3 - Toolbar: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (file missing)
    O4 - HKLM\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe
    O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\Amir Khan\Application Data\E9E7D140539D1D37BE944390C03CB943\gotnewupdate000.exe
    O4 - HKUS\S-1-5-18\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe (User 'Default user')
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)



  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Wed May 12, 2010 3:17 am

awesome! thanks belahzur. i'm already back online in normal mode after following your steps.

the only line i couldn't find in the hijackthis log that i took was this one:


O4 - HKLM\..\Run: [wvymrxbh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku\pitrixotssd.exe


Anyhow, I erased the other ones, then ran malaware, and this was the log i got:


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4091

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/05/2010 23:07:21
mbam-log-2010-05-11 (23-07-21).txt

Scan type: Quick scan
Objects scanned: 136620
Time elapsed: 14 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



look forward to hearing what to do next! thanks again!

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by Belahzur on Wed May 12, 2010 10:32 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Wed May 12, 2010 11:04 pm

cool. alright, here's the OTL.Txt:



OTL logfile created on: 12/05/2010 18:56:29 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Amir Khan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 368.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.26 Gb Total Space | 2.21 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMIR
Current User Name: Amir Khan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 18:55:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amir Khan\Desktop\OTL.exe
PRC - [2010/04/20 12:49:28 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 12:49:13 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 11:18:39 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/12 11:14:53 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 11:14:35 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 11:12:23 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/20 01:41:08 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/18 19:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/15 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 18:55:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amir Khan\Desktop\OTL.exe
MOD - [2008/04/15 00:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/03/12 11:14:35 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/03 21:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Documents and Settings\Amir Khan\Local Settings\Temp\CDM\{297E1012-4312-40C4-A0BD-FD3FEB4D3A2B}\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/05/08 04:08:11 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Administrator\Local Settings\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/08 04:08:11 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Administrator\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/04/20 12:49:15 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 11:14:49 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 11:12:23 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/06/03 21:43:18 | 001,640,131 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/19 16:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/05 02:35:56 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/12/04 18:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/06/27 14:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/15 00:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/15 10:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =



O1 HOSTS File: ([2008/04/15 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk = C:\Documents and Settings\Amir Khan\Local Settings\Temp\mvNat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 18:55:42 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amir Khan\Desktop\OTL.exe
[2010/05/12 17:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\EDraw Flowchart
[2010/05/12 14:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Desktop\CUPE 2626
[2010/05/10 17:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku
[2010/05/10 00:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Desktop\Trend Micro
[2010/05/09 15:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Desktop\Virus Kill
[2010/05/09 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/09 14:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/09 10:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/08 20:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Application Data\SUPERAntiSpyware.com
[2010/05/08 20:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2010/05/08 16:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/07 23:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Application Data\Malwarebytes
[2010/05/07 23:05:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/07 23:05:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/07 23:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/07 23:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/07 23:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/07 22:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/07 22:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/07 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\odqtocaww
[2010/05/07 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Application Data\E9E7D140539D1D37BE944390C03CB943
[2010/05/07 20:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Conduit
[2010/05/07 20:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Radio_Bar_2
[2010/05/03 19:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Edraw Max
[2010/04/29 21:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Tax2009
[2010/04/28 19:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/28 15:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\Windows Live Writer
[2010/04/28 15:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Application Data\Windows Live Writer
[2010/04/28 15:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\My Weblog Posts
[2010/04/27 18:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Random writings
[2010/04/27 18:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Echoes of Modernism
[2010/04/27 18:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Up in the Air
[2010/04/20 13:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\My Documents\Professional Stuff
[2010/04/18 14:34:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Amir Khan\Desktop\*.tmp files -> C:\Documents and Settings\Amir Khan\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 18:55:42 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amir Khan\Desktop\OTL.exe
[2010/05/12 17:51:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/12 17:45:27 | 000,025,888 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\test.pdf
[2010/05/12 17:43:16 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk
[2010/05/12 17:29:14 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Edraw Max.lnk
[2010/05/12 17:09:40 | 000,401,539 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Drawing2.edx
[2010/05/12 17:01:17 | 000,553,399 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\CUPE Chart.pdf
[2010/05/12 16:42:10 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/12 16:42:10 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/12 16:42:08 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/12 16:38:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1649782408-1819595793-3639537972-1006.job
[2010/05/12 16:37:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/12 16:37:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 16:37:47 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 15:50:39 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Amir Khan\NTUSER.DAT
[2010/05/12 15:50:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Amir Khan\ntuser.ini
[2010/05/12 15:50:23 | 003,223,712 | -H-- | M] () -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\IconCache.db
[2010/05/12 14:04:51 | 059,877,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/11 22:35:38 | 000,002,348 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\HiJackThis.lnk
[2010/05/11 21:51:06 | 000,061,184 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\syssvc.exe
[2010/05/09 09:39:53 | 000,000,877 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/05/08 13:19:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1649782408-1819595793-3639537972-1006.job
[2010/05/07 22:04:39 | 000,050,990 | ---- | M] () -- C:\WINDOWS\System32\mlmdwqveeqfmsdkv.exe
[2010/05/07 20:43:37 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\~$ir Khan - RESUME.docx
[2010/05/07 20:39:09 | 000,017,878 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Amir Khan - COVERING LETTER.docx
[2010/05/07 20:38:55 | 000,044,559 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Amir Khan - RESUME.docx
[2010/05/06 23:39:44 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/06 14:46:26 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\My Documents.lnk
[2010/05/05 17:24:39 | 000,010,591 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\POST DOC.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:01:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/28 17:30:27 | 000,020,062 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Bathroom break.docx
[2010/04/27 19:03:32 | 000,011,797 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\DAL.docx
[2010/04/23 14:32:43 | 002,800,754 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Dead Souls - HUNTINGTON.pdf
[2010/04/20 12:49:15 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/18 03:10:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/04/17 00:08:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 23:24:37 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Summer itinerary.doc
[2010/04/13 17:36:52 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Desktop\Interview Questions-LA-Charlton-March06.doc
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Amir Khan\Desktop\*.tmp files -> C:\Documents and Settings\Amir Khan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 17:45:26 | 000,025,888 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\test.pdf
[2010/05/12 17:43:16 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk
[2010/05/12 17:00:53 | 000,553,399 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\CUPE Chart.pdf
[2010/05/12 13:56:52 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/11 21:51:05 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\syssvc.exe
[2010/05/10 11:41:41 | 000,401,539 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Drawing2.edx
[2010/05/10 00:45:30 | 000,002,348 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\HiJackThis.lnk
[2010/05/08 01:26:49 | 000,000,877 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/05/07 22:04:39 | 000,050,990 | ---- | C] () -- C:\WINDOWS\System32\mlmdwqveeqfmsdkv.exe
[2010/05/07 20:43:37 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\~$ir Khan - RESUME.docx
[2010/05/07 20:35:26 | 000,044,559 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Amir Khan - RESUME.docx
[2010/05/06 15:32:44 | 000,017,878 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Amir Khan - COVERING LETTER.docx
[2010/05/06 14:46:15 | 000,000,343 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\My Documents.lnk
[2010/05/05 17:06:29 | 000,010,591 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\POST DOC.docx
[2010/05/03 19:16:38 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Edraw Max.lnk
[2010/04/28 19:57:09 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/27 19:03:31 | 000,011,797 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\DAL.docx
[2010/04/23 14:32:43 | 002,800,754 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Dead Souls - HUNTINGTON.pdf
[2010/04/16 23:09:32 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Summer itinerary.doc
[2010/04/13 17:36:52 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Amir Khan\Desktop\Interview Questions-LA-Charlton-March06.doc
[2010/01/07 21:01:00 | 000,001,840 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/05 02:22:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/24 13:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/15 00:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/15 00:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/15 00:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/15 00:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/15 00:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Wed May 12, 2010 11:17 pm

when i try to post the Extras.Txt log, I am not able. Suddenly my connection is unavailable. Is this because I have to wait for a response before posting a second message?? but then, why is THIS post working???

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Wed May 12, 2010 11:31 pm

okay i ran OTL again, and this time, i don't even get an Extras log. So now, I have my original OTL log (posted above), an Extras log (which I cannot post), and another OTL log, which, I'm assuming is the same as above.

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by Belahzur on Thu May 13, 2010 10:11 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk = C:\Documents and Settings\Amir Khan\Local Settings\Temp\mvNat.exe ()
    [2010/05/10 17:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku
    [2010/05/07 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir Khan\Local Settings\Application Data\odqtocaww
    [2010/05/12 17:43:16 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk
    [2010/05/07 22:04:39 | 000,050,990 | ---- | M] () -- C:\WINDOWS\System32\mlmdwqveeqfmsdkv.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Thu May 13, 2010 11:39 pm

alright! here it is:


========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9BB815EB-3F9F-4E11-9150-CB70E29B40FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB815EB-3F9F-4E11-9150-CB70E29B40FC}\ not found.
C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk moved successfully.
C:\Documents and Settings\Amir Khan\Local Settings\Temp\mvNat.exe moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgpaelsku folder moved successfully.
C:\Documents and Settings\Amir Khan\Local Settings\Application Data\odqtocaww folder moved successfully.
File C:\Documents and Settings\Amir Khan\Start Menu\Programs\Startup\8011.lnk not found.
C:\WINDOWS\system32\mlmdwqveeqfmsdkv.exe moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05132010_193721

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by Belahzur on Fri May 14, 2010 9:27 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Fri May 14, 2010 2:46 pm

okay here's the log. thanks again!


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4100

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/05/2010 10:38:54
mbam-log-2010-05-14 (10-38-54).txt

Scan type: Quick scan
Objects scanned: 149266
Time elapsed: 20 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Amir Khan\Local Settings\Temp\wmpscnfg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by Belahzur on Sat May 15, 2010 12:08 am

Hello.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Sat May 15, 2010 2:45 am

here's the eset log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1bc6fbc6db5ac44ca791903ebf58b710
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-15 02:31:42
# local_time=2010-05-14 10:31:42 (-0500, Eastern Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9332959 9332959 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=26298
# found=2
# cleaned=2
# scan_time=5918
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Portable.Edraw.Max.Professional.v5.1.0.1217\Portable.Edraw.Max.Professional.v5.1.0.1217\Edraw Max Professional v5.1.0.1217\Portable Edraw Max Professional v5.1.0.1217.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05132010_193721\C_Documents and Settings\Amir Khan\Local Settings\Temp\mvNat.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by Belahzur on Sat May 15, 2010 10:33 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Mon May 17, 2010 3:51 am

okay! here's the fix log:

========== FILES ==========
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Portable.Edraw.Max.Professional.v5.1.0.1217\Portable.Edraw.Max.Professional.v5.1.0.1217\Edraw Max Professional v5.1.0.1217 folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Portable.Edraw.Max.Professional.v5.1.0.1217\Portable.Edraw.Max.Professional.v5.1.0.1217 folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Portable.Edraw.Max.Professional.v5.1.0.1217 folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Edraw Max\setup folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Edraw Max\redt folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\Edraw Max folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads\ Microsoft Office Word 2008 + CD KEY folder moved successfully.
C:\Documents and Settings\Amir Khan\My Documents\Azureus Downloads folder moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05162010_234955

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by Belahzur on Mon May 17, 2010 9:32 pm

Hello.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Tue May 18, 2010 10:00 pm

the machine has been running well today. last night it was a bit slow and heating up rather quickly, but sometimes it just does that.

thanks for all your help! i'll be sure to make a donation.

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antispyware virus

Post by amiracle on Thu May 20, 2010 1:58 am

hi, i'm back again.

today i was getting 'resident shield' alerts from my AVG software, so I ran it and it found 78 tracking cookies.

The computer seems to run well otherwise, though it does heat up awfully fast now.

Is there anything else I ought to do?

amiracle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-05-11
OS OS : XP
Points Points : 24153
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum