Antivir - Please Help

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Antivir - Please Help

Post by someonehelp on Sun 01 Aug 2010, 6:12 am

Hi,

I have Antivir on my very old computer and I have tried to follow some of the other instructions posted but with no luck. When I uncheck the proxy button on IE, the 'Apply' button is greyed out, so this doesn't work. I tried to start my computer in safe mode but it reboots itself in the process everytime I try . So I have no way of accessing the internet on that computer.

I hope you can help. Thanks.

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Sun 01 Aug 2010, 6:13 am



Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly .

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Download OTL to your Desktop


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Sun 01 Aug 2010, 7:08 am

Thank you for your quick response. I have copied the files below. Please note that during the scan, a message popped up saying the file sf .bin was infected.

Thanks.

OTL FILE:

OTL logfile created on: 31/07/2010 20:47:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 22.00% Memory free
428.00 Mb Paging File | 302.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.64 Gb Free Space | 41.00% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 249.35 Mb Total Space | 37.35 Mb Free Space | 14.98% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: hidden
Current User Name: hidden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/31 20:42:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/02/23 19:10:38 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2002/09/08 23:07:18 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000/07/06 20:11:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
PRC - [1997/02/14 12:22:42 | 000,195,072 | ---- | M] (Voyetra Technologies Inc.) -- C:\VOYETRA\AS2\AS2TRAY.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/31 20:42:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\hidden.exe
MOD - [2002/09/08 23:09:32 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
MOD - [2002/09/08 23:07:42 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\EngraveLab Educate\CADlink.sys -- (CADlink)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ati6eixx.sys -- (ati6eixx)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:14 | 000,765,884 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRTI.SYS -- (USRTI)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\Extensions\\{845CF37D-D46E-449B-AF12-7507651F8B58}: C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58} [2008/11/20 10:52:26 | 000,000,000 | ---D | M]

[2008/05/31 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Mozilla\Extensions
[2008/05/31 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2006/01/07 19:01:52 | 000,149,441 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 127.0.0.1 adcounter.theglobeandmail.com
O1 - Hosts: 4539 more lines...
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe File not found
O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
O4 - HKLM..\Run: [Kcanum] File not found
O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
O4 - HKLM..\Run: [SystemTray] File not found
O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
O4 - HKLM..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE (Voyetra Technologies Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
O4 - HKCU..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
O4 - HKCU..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: @shdoclc.dll,-866@1033,Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864@1033,Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O29 - HKLM SecurityProviders - (append.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/20 20:44:20 | 000,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/31 16:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2010/07/06 14:27:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/06 14:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/06 14:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/20 17:45:30 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/31 20:53:18 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2010/07/31 20:43:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 20:43:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 20:43:00 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/31 20:41:42 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2010/07/31 20:41:42 | 000,000,250 | -HS- | M] () -- C:\Documents and Settings\hidden\ntuser.ini
[2010/07/31 16:54:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/31 16:01:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/31 15:48:42 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2010/07/06 14:28:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/06 14:28:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 21:57:34 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 20:02:48 | 268,017,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 16:38:31 | 000,283,904 | ---- | C] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/06 14:28:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/02/06 12:23:00 | 001,649,418 | -HS- | C] () -- C:\WINDOWS\System32\ofdovigf.ini
[2009/01/25 18:02:12 | 001,438,325 | -HS- | C] () -- C:\WINDOWS\System32\aslsukgm.ini
[2009/01/18 15:59:57 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\ygvhtbln.ini
[2009/01/18 15:04:39 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\cestjnyi.ini
[2009/01/17 10:25:20 | 001,407,263 | -HS- | C] () -- C:\WINDOWS\System32\koibvywr.ini
[2009/01/16 11:19:38 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\imkpfone.ini
[2009/01/10 12:08:17 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\oheonesi.ini
[2009/01/05 10:57:11 | 001,348,473 | -HS- | C] () -- C:\WINDOWS\System32\qlaebhks.ini
[2009/01/03 11:06:15 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\hnehxalx.ini
[2009/01/02 10:45:21 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\thincvsr.ini
[2008/12/30 12:53:08 | 001,312,223 | -HS- | C] () -- C:\WINDOWS\System32\lfbdrgch.ini
[2008/12/27 17:48:26 | 001,311,238 | -HS- | C] () -- C:\WINDOWS\System32\uxjmesov.ini
[2008/12/26 13:06:27 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini2
[2008/12/26 13:06:26 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini
[2008/11/23 10:57:12 | 001,557,753 | -HS- | C] () -- C:\WINDOWS\System32\inahiwar.ini
[2008/11/22 11:43:40 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ewomirev.ini
[2008/11/21 13:58:08 | 001,553,568 | -HS- | C] () -- C:\WINDOWS\System32\ewakoruz.ini
[2008/11/20 10:48:16 | 001,476,282 | -HS- | C] () -- C:\WINDOWS\System32\ihiyeyem.ini
[2008/06/20 16:01:58 | 002,013,920 | -HS- | C] () -- C:\WINDOWS\System32\hrlkwcfv.ini
[2008/06/19 15:57:21 | 001,639,650 | -HS- | C] () -- C:\WINDOWS\System32\coasxhno.ini
[2008/06/17 20:32:38 | 000,000,235 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/06/17 14:12:12 | 001,588,831 | -HS- | C] () -- C:\WINDOWS\System32\swlivbvy.ini
[2008/06/16 10:39:21 | 001,630,364 | -HS- | C] () -- C:\WINDOWS\System32\tapikatp.ini
[2008/06/16 10:37:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/06/15 16:57:48 | 001,659,661 | -HS- | C] () -- C:\WINDOWS\System32\noathqgw.ini
[2008/06/15 16:56:13 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini2
[2008/06/15 16:56:12 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini
[2008/02/27 15:50:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/02/27 15:35:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/12/17 18:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/04/27 21:31:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/04/14 19:59:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/04/14 19:59:34 | 000,000,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/03/03 12:48:36 | 000,000,549 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/26 17:23:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/26 17:21:10 | 000,000,122 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2006/02/26 17:02:03 | 000,000,827 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2006/02/26 17:02:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\midiplay.ini
[2006/02/26 17:02:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wavplay.ini
[2006/02/26 17:02:02 | 000,000,143 | ---- | C] () -- C:\WINDOWS\audioviw.ini
[2006/02/26 17:02:02 | 000,000,125 | ---- | C] () -- C:\WINDOWS\vuninst.ini
[2006/02/26 17:02:02 | 000,000,110 | ---- | C] () -- C:\WINDOWS\powerbar.ini
[2006/02/26 17:02:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\audiosta.ini
[2006/02/09 15:26:22 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IILDJMM.ini
[2006/02/09 14:53:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/26 14:44:12 | 000,001,039 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/06/26 14:25:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/06/05 18:45:38 | 000,000,579 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2005/03/04 13:26:40 | 000,032,523 | ---- | C] () -- C:\WINDOWS\SGTBoxf.INI
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/02/11 08:18:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/02/11 08:18:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/07/05 21:07:18 | 000,032,411 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/03/27 12:50:46 | 000,905,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/29 21:14:16 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\winnet.ini
[2003/09/13 16:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/06/17 15:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/14 17:36:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\ATLControls.dll
[2003/03/02 13:48:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2003/03/01 12:53:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\msbb.dll
[2003/02/08 12:36:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/08 12:36:19 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/02/02 13:01:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/02/02 13:00:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2003/02/02 12:59:59 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/02/02 12:59:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/02/02 12:57:08 | 000,001,711 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/02/02 12:57:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/02/01 22:20:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 20:20:25 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/02/01 20:20:25 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/02/01 20:20:25 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/02/01 20:20:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/02/01 20:20:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/02/01 20:20:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/02/01 20:20:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/02/01 20:20:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/02/01 20:20:24 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/02/01 20:20:24 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2003/02/01 20:20:24 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2002/09/08 23:08:06 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/20 13:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2003/02/02 09:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/01/07 19:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa
[2008/05/31 21:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/09 20:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 14:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2003/02/02 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Canon
[2003/03/22 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Browser Pal
[2003/11/06 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}
[2007/03/04 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\uTorrent
[2007/03/04 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\MoyeaFLV2Video
[2007/06/24 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\tiny
[2007/12/30 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS
[2007/08/04 15:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Leadertech
[2007/12/14 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS 15.0 for Windows
[2008/03/17 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ApplicationHistory
[2008/04/05 14:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\CutePDF Writer
[2008/04/05 14:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Bullzip
[2008/05/31 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\TomTom
[2008/12/27 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\gadcom
[2008/11/20 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58}
[2009/05/09 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\GetRightToGo
[2010/07/31 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2006/01/07 18:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Kazaa Lite
[2006/02/24 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\.BitTornado
[2006/04/14 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ppStream
[2006/09/02 12:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Defender
[2006/09/17 21:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Cleaner
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/07/31 20:53:18 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

========== Purity Check ==========



========== Custom Scans ==========


< iaStor.sys >

< nvstor.sys >

< nvstor32.sys >

< atapi.sys >

< IdeChnDr.sys >

< viasraid.sys >

< AGP440.sys >

< vaxscsi.sys >

< nvatabus.sys >

< viamraid.sys >

< nvata.sys >

< nvgts.sys >

< iastorv.sys >

< ViPrt.sys >

< eNetHook.dll >

< explorer.exe >

< svchost.exe >

< userinit.exe >

< qmgr.dll >

< ws2_32.dll >

< proquota.exe >

< imm32.dll >

< kernel32.dll >

< ndis.sys >

< autochk.exe >

< spoolsv.exe >

< xmlprov.dll >

< ntmssvc.dll >

< mswsock.dll >

< Beep.SYS >

< ntfs.sys >

< termsrv.dll >

< sfcfiles.dll >

< st3shark.sys >

< ahcix86.sys >

< srsvc.dll >

< nvrd32.sys >

< /md5stop >
Invalid Switch: md5stop

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

Extras file:

OTL Extras logfile created on: 31/07/2010 20:47:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 22.00% Memory free
428.00 Mb Paging File | 302.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.64 Gb Free Space | 41.00% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 249.35 Mb Total Space | 37.35 Mb Free Space | 14.98% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: hidden
Current User Name: hidden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15B25E12-3E5F-4C13-A637-9EC72A55491E}" = SPSS 15.0 for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{8610BEA1-FD76-4340-8326-7946DDC2EE7B}" = iTunes
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AltnetDM" = Peer Points Manager
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"avast5" = avast! Free Antivirus
"InterVideo DirectShow Filter_is1" = InterVideo DirectShow Filter 2.6
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"msbb" = Search Assistant
"Need2FindBar Uninstall" = Need2Find Bar
"oeupdate" = Outlook Express Q823353
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"P2P Networking" = P2P Networking
"Q309521" = Windows XP Hotfix (SP1) [See Q309521 for more information]
"Q311889" = Windows XP Hotfix (SP1) [See Q311889 for more information]
"Q311967" = Windows XP Hotfix (SP1) [See Q311967 for more information]
"Q313450" = Windows XP Hotfix (SP1) [See Q313450 for more information]
"Q314862" = Windows XP Hotfix (SP1) [See Q314862 for more information]
"Q315000" = Windows XP Hotfix (SP1) [See Q315000 for more information]
"Q315403" = Windows XP Hotfix (SP1) [See Q315403 for more information]
"Q317277" = Windows XP Hotfix (SP1) [See Q317277 for more information]
"Q318138" = Windows XP Hotfix (SP1) [See Q318138 for more information]
"Q319580" = Windows XP Application Compatibility Update[Q319580]
"Q323172" = Windows XP Hotfix (SP1) [See Q323172 for more information]
"Q324096" = Windows XP Hotfix (SP1) [See Q324096 for more information]
"Q324380" = Windows XP Hotfix (SP1) [See Q324380 for more information]
"Q326830" = Windows XP Hotfix (SP1) [See Q326830 for more information]
"Q328940" = Windows XP Hotfix (SP1) [See Q328940 for more information]
"Q329048" = Windows XP Hotfix (SP1) [See Q329048 for more information]
"Q329115" = Windows XP Hotfix (SP2) [See Q329115 for more information]
"Q329170" = Windows XP Hotfix (SP1) Q329170
"Q329390" = Windows XP Hotfix (SP1) [See Q329390 for more information]
"Q329441" = Windows XP Hotfix (SP1) [See Q329441 for more information]
"Q329834" = Windows XP Hotfix (SP1) [See Q329834 for more information]
"Q810577" = Windows XP Hotfix (SP1) Q810577
"Q810833" = Windows XP Hotfix (SP1) Q810833
"Q811493" = Windows XP Hotfix (SP1) Q811493
"Q815021" = Windows XP Hotfix (SP1) Q815021
"Q817606" = Windows XP Hotfix (SP1) Q817606
"Q819696" = Windows XP Hotfix (SP1) Q819696
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"RealPlayer 6.0" = RealPlayer
"Tiny soft" = Tiny soft
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/10/2009 10:31:02 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:31:03 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:33:48 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:33:48 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:41:23 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:41:25 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:49:26 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:53:56 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:53:56 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 25/12/2009 12:59:14 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 04/09/2004 13:32:00 | Computer Name = hidden | Source = Application Hang | ID = 1001
Description = Fault bucket 02094221.

Error - 04/09/2004 13:36:07 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 13:36:07 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 13:41:58 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 13:41:59 | Computer Name = hidden | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2600.0, faulting module
ole32.dll, version 5.1.2600.136, fault address 0x0007bcf7.

Error - 04/09/2004 13:58:40 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 14:10:21 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 14:29:16 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/09/2004 07:05:49 | Computer Name = hidden | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x01a4797c.

Error - 06/09/2004 12:27:43 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 8.0.0.4482, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 30/04/2003 11:50:15 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 01/05/2003 12:25:04 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 02/05/2003 09:49:02 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 02/05/2003 10:54:25 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 04/05/2003 07:06:28 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 08/05/2003 15:04:11 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 08/05/2003 15:07:45 | Computer Name = hidden | Source = System Error | ID = 1003
Description = Error code 00000051, parameter1 00000003, parameter2 00000001, parameter3
00ea3000, parameter4 e133ca30.

Error - 10/04/2003 08:56:41 | Computer Name = hidden | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +2591984 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|80.40.12.76:123->207.46.248.43:123) is working
properly.

Error - 18/04/2003 12:17:17 | Computer Name = hidden | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +2591969 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|80.40.12.13:123->207.46.248.43:123) is working
properly.

Error - 21/07/2003 15:29:58 | Computer Name = hidden | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -5270436 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|80.40.7.244:123->207.46.248.43:123) is working
properly.


< End of report >

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Sun 01 Aug 2010, 7:33 am

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Sun 01 Aug 2010, 7:48 am

I downloaded commy.exe to my usb and saved it to the infected pc's desktop but it says the file commy.exe is infected. i've tried renaming it, and saving it again, but i get the same error message...

Thanks.


someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Sun 01 Aug 2010, 8:00 am

Ok. Try this first:

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Sun 01 Aug 2010, 8:09 am

I tried all 3 links but i get the same message for each of them, the file rkill is infected.

Can i run it straight from my usb or does it have to be saved on the desktop?

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Sun 01 Aug 2010, 8:11 am

It has to be on the Desktop. Can you try Safe Mode With Networking please? In order to get to Safe Mode With Networking reboot your PC and hit F8 as the PC boots up. choose Safe Mode With Networking in the menu you are presented with.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Sun 01 Aug 2010, 8:17 am

I have already tried this. It keeps rebooting itself while in the process of starting in safe mode with networking. So I am not able to start in safe mode unfortunately...

Thanks.

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Sun 01 Aug 2010, 8:21 am

Hi,

I'll get back to you on this . I need to do some thinking.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Sun 01 Aug 2010, 9:48 am

Please download and run the following

iExplore.exe or eXplorer.exe

which are renamed copies of rkill.com, and try them instead.

Then Rename ComboFix to firefox.com

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Sun 01 Aug 2010, 10:13 am

Still get the same error messages I'm afraid... It seems like the files get infected as soon as I copy them on to the desktop. The only thing that worked was OTL which was run straight from my usb.

I tried running the above from my usb as well but it still didn't work.

Is anything going to remove this thing?!

Your help is appreciated!

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Sun 01 Aug 2010, 10:32 am

Did you try running combofix as a renamed firefox.com?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Sun 01 Aug 2010, 10:52 am

I have just tried running it but it says it can't find the file, even though I changed in the name of it in the Run box.

I tried it by renaming it to firefox.com and firefox, incase it didn't like the firefox.com.exe in the command.

Not sure what I am doing wrong...

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Sun 01 Aug 2010, 11:43 am

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Sun 01 Aug 2010, 9:45 pm

After OTL has started, there are 3 options for Drivers, None, Use SafeList and All. I cannot see a Non-Microsoft option.

Which one do I choose?

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Mon 02 Aug 2010, 5:13 am

Safe List please

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Mon 02 Aug 2010, 5:43 am

OTL logfile created on: 8/1/2010 8:30:11 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 77.00 Mb Available Physical Memory | 30.00% Memory free
216.00 Mb Paging File | 94.00 Mb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.44 Gb Free Space | 39.93% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- E:\EngraveLab Educate\CADlink.sys -- (CADlink)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati6eixx.sys -- (ati6eixx)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati5xdxx.sys -- (ati5xdxx)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati0mrxx.sys -- (ati0mrxx)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:14 | 000,765,884 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRTI.SYS -- (USRTI)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\hidden_ON_C\..\URLSearchHook: {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - Reg Error: Key error. File not found
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643


FF - HKLM\software\mozilla\Firefox\Extensions\\{845CF37D-D46E-449B-AF12-7507651F8B58}: C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58} [2008/11/20 10:52:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/01/07 19:01:52 | 000,149,441 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 127.0.0.1 adcounter.theglobeandmail.com
O1 - Hosts: 4539 more lines...
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\hidden_ON_C\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\hidden_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe File not found
O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
O4 - HKLM..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE (Voyetra Technologies Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\LocalService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKU\NetworkService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKU\hidden_ON_C..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
O4 - HKU\hidden_ON_C..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
O4 - HKU\hidden_ON_C..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKU\hidden_ON_C..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKU\hidden_ON_C..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
O4 - HKU\hidden_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: @shdoclc.dll,-866@1033,Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864@1033,Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O29 - HKLM SecurityProviders - (append.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/20 20:44:20 | 000,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/01 00:45:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/31 16:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2010/07/06 14:27:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/06 14:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/01 11:21:02 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2010/08/01 01:20:14 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/31 20:43:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 20:43:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 20:43:00 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/31 20:41:46 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2010/07/31 20:41:46 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/07/31 20:41:42 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2010/07/31 20:41:42 | 000,000,250 | -HS- | M] () -- C:\Documents and Settings\hidden\ntuser.ini
[2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/31 16:01:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/31 15:48:42 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2010/07/06 14:28:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 20:02:48 | 268,017,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 16:38:31 | 000,283,904 | ---- | C] () -- C:\Documents and Settings\hidden\file.exe
[2009/02/06 12:23:00 | 001,649,418 | -HS- | C] () -- C:\WINDOWS\System32\ofdovigf.ini
[2009/01/25 18:02:12 | 001,438,325 | -HS- | C] () -- C:\WINDOWS\System32\aslsukgm.ini
[2009/01/18 15:59:57 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\ygvhtbln.ini
[2009/01/18 15:04:39 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\cestjnyi.ini
[2009/01/17 10:25:20 | 001,407,263 | -HS- | C] () -- C:\WINDOWS\System32\koibvywr.ini
[2009/01/16 11:19:38 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\imkpfone.ini
[2009/01/10 12:08:17 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\oheonesi.ini
[2009/01/05 10:57:11 | 001,348,473 | -HS- | C] () -- C:\WINDOWS\System32\qlaebhks.ini
[2009/01/03 11:06:15 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\hnehxalx.ini
[2009/01/02 10:45:21 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\thincvsr.ini
[2008/12/30 12:53:08 | 001,312,223 | -HS- | C] () -- C:\WINDOWS\System32\lfbdrgch.ini
[2008/12/27 17:48:26 | 001,311,238 | -HS- | C] () -- C:\WINDOWS\System32\uxjmesov.ini
[2008/12/26 13:06:27 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini2
[2008/12/26 13:06:26 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini
[2008/11/23 10:57:12 | 001,557,753 | -HS- | C] () -- C:\WINDOWS\System32\inahiwar.ini
[2008/11/22 11:43:40 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ewomirev.ini
[2008/11/21 13:58:08 | 001,553,568 | -HS- | C] () -- C:\WINDOWS\System32\ewakoruz.ini
[2008/11/20 10:48:16 | 001,476,282 | -HS- | C] () -- C:\WINDOWS\System32\ihiyeyem.ini
[2008/06/20 16:01:58 | 002,013,920 | -HS- | C] () -- C:\WINDOWS\System32\hrlkwcfv.ini
[2008/06/19 15:57:21 | 001,639,650 | -HS- | C] () -- C:\WINDOWS\System32\coasxhno.ini
[2008/06/17 20:32:38 | 000,000,235 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/06/17 14:12:12 | 001,588,831 | -HS- | C] () -- C:\WINDOWS\System32\swlivbvy.ini
[2008/06/16 10:39:21 | 001,630,364 | -HS- | C] () -- C:\WINDOWS\System32\tapikatp.ini
[2008/06/16 10:37:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/06/15 16:57:48 | 001,659,661 | -HS- | C] () -- C:\WINDOWS\System32\noathqgw.ini
[2008/06/15 16:56:13 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini2
[2008/06/15 16:56:12 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini
[2008/02/27 15:50:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/02/27 15:35:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2008/01/29 15:55:24 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2008/01/29 15:55:21 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2008/01/29 15:55:21 | 000,090,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2008/01/29 15:55:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2007/06/24 17:24:17 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\xxx.exe
[2006/12/17 18:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/09/08 10:56:07 | 001,420,315 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\Install.dat
[2006/04/27 21:31:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/04/14 19:59:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/04/14 19:59:34 | 000,000,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/03/03 12:48:36 | 000,000,549 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/26 17:23:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/26 17:21:10 | 000,000,122 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2006/02/26 17:02:03 | 000,000,827 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2006/02/26 17:02:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\midiplay.ini
[2006/02/26 17:02:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wavplay.ini
[2006/02/26 17:02:02 | 000,000,143 | ---- | C] () -- C:\WINDOWS\audioviw.ini
[2006/02/26 17:02:02 | 000,000,125 | ---- | C] () -- C:\WINDOWS\vuninst.ini
[2006/02/26 17:02:02 | 000,000,110 | ---- | C] () -- C:\WINDOWS\powerbar.ini
[2006/02/26 17:02:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\audiosta.ini
[2006/02/09 15:26:22 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IILDJMM.ini
[2006/02/09 14:53:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/26 14:44:12 | 000,001,039 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/06/26 14:25:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/06/05 18:45:38 | 000,000,579 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2005/03/27 16:39:21 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\sdi.db
[2005/03/04 13:26:40 | 000,032,523 | ---- | C] () -- C:\WINDOWS\SGTBoxf.INI
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/02/11 08:18:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/02/11 08:18:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/07/05 21:07:18 | 000,032,411 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/03/27 12:50:46 | 000,905,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/29 21:14:16 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\winnet.ini
[2003/09/13 16:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/06/17 15:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/14 17:36:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\ATLControls.dll
[2003/03/02 13:48:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2003/03/01 12:53:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\msbb.dll
[2003/02/08 12:36:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/08 12:36:19 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/02/02 13:01:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/02/02 13:00:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2003/02/02 12:59:59 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/02/02 12:59:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/02/02 12:57:08 | 000,001,711 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/02/02 12:57:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/02/02 12:40:35 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/02/01 22:20:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 22:07:00 | 000,000,250 | -HS- | C] () -- C:\Documents and Settings\hidden\ntuser.ini
[2003/02/01 22:05:32 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2003/02/01 22:05:31 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2003/02/01 22:05:31 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2003/02/01 22:05:31 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.ref.LOG
[2003/02/01 22:05:30 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2003/02/01 22:05:29 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2003/02/01 22:05:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2003/02/01 22:05:29 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.ref.LOG
[2003/02/01 20:20:25 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/02/01 20:20:25 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/02/01 20:20:25 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/02/01 20:20:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/02/01 20:20:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/02/01 20:20:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/02/01 20:20:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/02/01 20:20:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/02/01 20:20:24 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/02/01 20:20:24 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2003/02/01 20:20:24 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2003/02/01 20:20:07 | 007,864,320 | -H-- | C] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2003/02/01 20:20:07 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\hidden\ntuser.dat.LOG
[2003/02/01 18:34:22 | 000,023,357 | -H-- | C] () -- C:\Program Files\folder.htt
[2002/09/08 23:08:06 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/20 13:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2003/02/02 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Canon
[2003/03/22 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Browser Pal
[2003/11/06 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}
[2007/03/04 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\uTorrent
[2007/03/04 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\MoyeaFLV2Video
[2007/06/24 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\tiny
[2007/12/30 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS
[2007/08/04 15:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Leadertech
[2007/12/14 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS 15.0 for Windows
[2008/03/17 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ApplicationHistory
[2008/04/05 14:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\CutePDF Writer
[2008/04/05 14:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Bullzip
[2008/05/31 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\TomTom
[2008/12/27 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\gadcom
[2008/11/20 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58}
[2009/05/09 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\GetRightToGo
[2010/07/31 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2006/01/07 18:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Kazaa Lite
[2006/02/24 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\.BitTornado
[2006/04/14 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ppStream
[2006/09/02 12:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Defender
[2006/09/17 21:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Cleaner
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/08/01 11:21:02 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

========== Purity Check ==========


< End of report >

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Mon 02 Aug 2010, 6:36 am

Hi,

Lots of stuff to fix here!

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
    O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
    O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
    O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
    O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
    O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
    O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
    O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
    O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
    O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
    O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
    O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
    O4 - HKU\LocalService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
    O4 - HKU\NetworkService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
    O4 - HKU\hidden_ON_C..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
    O4 - HKU\hidden_ON_C..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
    O4 - HKU\hidden_ON_C..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
    O4 - HKU\hidden_ON_C..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
    O4 - HKU\hidden_ON_C..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
    O4 - HKU\hidden_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
    O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
    O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
    O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
    O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
    O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
    O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
    O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
    O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
    O29 - HKLM SecurityProviders - (append.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found

    :Commands
    [emptytemp]
    [emptyflash]
    [resethosts]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Mon 02 Aug 2010, 6:57 am

When I click on OTL it says the application failed to start because framedyn.dll was not found....

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Mon 02 Aug 2010, 7:29 am

Ok. Forget that for now.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.



Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Mon 02 Aug 2010, 8:42 am

After I put the command in the Run box it says errors encountered while performing this operation.

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Mon 02 Aug 2010, 12:18 pm

Ok. Try just double clicking it and running the program please

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on Tue 03 Aug 2010, 7:01 am

Hi,

I still get the same error message.

someonehelp

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-08-01
Operating System : xp

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on Wed 04 Aug 2010, 8:15 am

Hi,

I'm currently on vacation. If someone else wants to pick this up for you by all means have at it guys

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Sponsored content Today at 6:17 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum