Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

think i have a virus.please help

  • 28-11-2009 7:29pm
    #1
    cranky bollix
    Registered Users, Registered Users 2 Posts: 583 ✭✭✭


    for some reason my cpu usage is constanly on 50% and a message keeps popping saying
    " files that are required for windows to run properly have been replaced by unrecognized versions.to maintain system stability windows must restore the original versions of these files.

    insert your windows proffessional service pack 3 cd now"

    I dont have the windows cd.

    what can i do?did i get a virus?

    please help, i desperately need the laptop for the next week as I have a lot of work to do, and all the necessary programs are installed on this laptop only.I followed all the steps in the virus sticky and the results are as follows, if someone could take a look I would very much appreciate it


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/27/2009 at 07:06 PM

    Application Version : 4.31.1000

    Core Rules Database Version : 4314
    Trace Rules Database Version: 2177

    Scan type : Complete Scan
    Total Scan Time : 03:40:49

    Memory items scanned : 579
    Memory threats detected : 0
    Registry items scanned : 8762
    Registry threats detected : 0
    File items scanned : 186284
    File threats detected : 43

    Adware.Tracking Cookie
    C:\Documents and Settings\mert\cookies\niall@apmebf[1].txt
    C:\Documents and Settings\mert\cookies\niall@atdmt[2].txt
    C:\Documents and Settings\mert\cookies\niall@mediaplex[1].txt
    C:\Documents and Settings\mert\cookies\niall@hotelscom.122.2o7[2].txt
    C:\Documents and Settings\mert\cookies\niall@fastclick[1].txt
    C:\Documents and Settings\mert\cookies\niall@media6degrees[1].txt
    C:\Documents and Settings\mert\cookies\niall@microsoftwindows.112.2o7[1].txt
    C:\Documents and Settings\mert\cookies\niall@tracking.fastbooking[1].txt
    C:\Documents and Settings\mert\cookies\niall@channel4.112.2o7[1].txt
    C:\Documents and Settings\mert\cookies\niall@overture[1].txt
    C:\Documents and Settings\mert\cookies\niall@eqtracking[2].txt
    C:\Documents and Settings\mert\cookies\niall@msnportal.112.2o7[1].txt
    C:\Documents and Settings\mert\cookies\niall@adrevolver[2].txt
    C:\Documents and Settings\mert\cookies\niall@doubleclick[2].txt
    C:\Documents and Settings\mert\cookies\niall@bluestreak[1].txt
    C:\Documents and Settings\mert\cookies\niall@www.googleadservices[2].txt
    C:\Documents and Settings\mert\cookies\niall@ad.yieldmanager[1].txt
    C:\Documents and Settings\mert\cookies\niall@www.googleadservices[1].txt
    C:\Documents and Settings\mert\cookies\niall@ie-stat.bmmetrix[1].txt
    C:\Documents and Settings\mert\cookies\niall@hitbox[2].txt
    C:\Documents and Settings\mert\cookies\niall@tradedoubler[2].txt
    C:\Documents and Settings\mert\cookies\niall@aerlingus.122.2o7[1].txt
    C:\Documents and Settings\mert\cookies\niall@ehg-upcchellomedia.hitbox[1].txt
    C:\Documents and Settings\mert\cookies\niall@interclick[1].txt
    C:\Documents and Settings\mert\cookies\niall@content.yieldmanager[2].txt
    C:\Documents and Settings\mert\cookies\niall@adbrite[1].txt
    C:\Documents and Settings\mert\cookies\niall@revsci[1].txt
    C:\Documents and Settings\mert\cookies\niall@adtech[1].txt
    C:\Documents and Settings\mert\cookies\niall@media.adrevolver[1].txt
    C:\Documents and Settings\mert\Cookies\niall@myroitracking[2].txt
    C:\Documents and Settings\mert\Cookies\niall@partyaccount[2].txt
    C:\Documents and Settings\mert\Cookies\niall@partypoker[1].txt
    C:\Documents and Settings\mert\Cookies\niall@secure.partyaccount[2].txt
    C:\Documents and Settings\mert\Cookies\niall@serving.adsrevenue.clicksor[2].txt
    C:\Documents and Settings\mert\Cookies\niall@statse.webtrendslive[1].txt
    C:\Documents and Settings\mert\Cookies\niall@www.partypoker[1].txt

    Trojan.Agent/Gen-FDUPX
    C:\DOCUMENTS AND SETTINGS\MERT\57D.TMP
    C:\DOCUMENTS AND SETTINGS\MERT\TEMPORARY INTERNET FILES\CONTENT.IE5\6109FHOS\BOT[1].TXT
    C:\WINDOWS\Prefetch\57D.TMP-335E9FDD.pf

    Trojan.Agent/Gen-FraudLoad
    C:\DOCUMENTS AND SETTINGS\MERT\TEMPORARY INTERNET FILES\CONTENT.IE5\6109FHOS\FILE[1].TXT
    C:\DOCUMENTS AND SETTINGS\MERT\TEMPORARY INTERNET FILES\CONTENT.IE5\LNI0HWOJ\LO[1].TXT

    Trojan.Agent/Gen-HackPatch
    C:\PROGRAM FILES\DU METER\DU.METER.V4.0.BUILD.R3009-PATCH.EXE

    Trojan.SVCHost/Fake
    C:\WINDOWS\TEMP\IEEW.TMP\SVCHOST.EXE


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:49:54, on 28/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\mert\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    R3 - URLSearchHook: Deja Vu Toolbar - {2acf8db1-7e9c-46ec-8107-9de08f39085e} - C:\Program Files\Deja_Vu\tbDej0.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
    O2 - BHO: Deja Vu Toolbar - {2acf8db1-7e9c-46ec-8107-9de08f39085e} - C:\Program Files\Deja_Vu\tbDej0.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0 DIAMOND\Vcs3RT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Deja Vu Toolbar - {2acf8db1-7e9c-46ec-8107-9de08f39085e} - C:\Program Files\Deja_Vu\tbDej0.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [8034] C:\Documents and Settings\mert\57D.tmp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 - HKCU\..\Run: [photo_id] .\57C.tmp
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: @C:\Program Files\IESnap\IESnap.dll,-4 - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O9 - Extra 'Tools' menuitem: &IESnap - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: asp.net (ASP.NET) - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16168 bytes

    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows XP . (5.1.2600) Service Pack 3
    [32_bits] - x86 Family 15 Model 72 Stepping 2, AuthenticAMD
    .
    [wscsvc] (Security Center) RUNNING (state:4)
    [SharedAccess] RUNNING (state:4)
    Windows Firewall -> Disabled !
    .
    Internet Explorer 8.0.6001.18702
    Mozilla Firefox 3.0.15 (en-US)
    .
    C:\ [Fixed-NTFS] .. ( Total:99 Go - Free:14 Go )
    D:\ [Fixed-FAT32] .. ( Total:11 Go - Free:1 Go )
    E:\ [CD_Rom]
    G:\ [CD_Rom]
    .
    Scan : 18:55.04
    Path : C:\Documents and Settings\mert\Desktop\Rooter.exe
    User : Niall ( Administrator -> YES )
    .
    \\ Processes
    .
    Locked [System Process] (0)
    ______ System (4)
    ______ \SystemRoot\System32\smss.exe (1080)
    ______ \??\C:\WINDOWS\system32\csrss.exe (1136)
    ______ \??\C:\WINDOWS\system32\winlogon.exe (1164)
    ______ C:\WINDOWS\system32\services.exe (1224)
    ______ C:\WINDOWS\system32\lsass.exe (1236)
    ______ C:\WINDOWS\system32\svchost.exe (1412)
    ______ C:\WINDOWS\system32\svchost.exe (1488)
    ______ C:\WINDOWS\System32\svchost.exe (1548)
    ______ C:\WINDOWS\system32\svchost.exe (1612)
    ______ C:\WINDOWS\system32\svchost.exe (1748)
    ______ C:\Program Files\AVG\AVG9\avgchsvx.exe (1688)
    ______ C:\Program Files\AVG\AVG9\avgrsx.exe (1804)
    ______ C:\WINDOWS\system32\svchost.exe (1872)
    ______ C:\Program Files\AVG\AVG9\avgcsrvx.exe (1980)
    ______ C:\WINDOWS\Explorer.EXE (780)
    ______ C:\WINDOWS\system32\spoolsv.exe (852)
    ______ C:\WINDOWS\system32\svchost.exe (348)
    ______ C:\WINDOWS\system32\msdtc.exe (580)
    ______ C:\Program Files\uTorrent\uTorrent.exe (768)
    ______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (888)
    ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2112)
    ______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2128)
    ______ C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe (2192)
    ______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (2208)
    ______ C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (2292)
    ______ C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (2332)
    ______ C:\Program Files\Windows Desktop Search\WindowsSearch.exe (2348)
    ______ C:\Program Files\AVG\AVG9\avgwdsvc.exe (2556)
    ______ C:\Program Files\Bonjour\mDNSResponder.exe (2640)
    ______ C:\WINDOWS\eHome\ehRecvr.exe (2928)
    ______ C:\WINDOWS\eHome\ehSched.exe (3152)
    ______ C:\Program Files\AVG\AVG9\avgnsx.exe (3212)
    ______ C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe (3396)
    ______ C:\Program Files\Hotspot Shield\bin\openvpnas.exe (3444)
    ______ C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe (3568)
    ______ C:\WINDOWS\system32\svchost.exe (3640)
    ______ C:\WINDOWS\System32\svchost.exe (3696)
    ______ C:\Program Files\Java\jre6\bin\jqs.exe (3732)
    ______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (3816)
    ______ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (3952)
    ______ C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (4040)
    ______ C:\WINDOWS\System32\svchost.exe (220)
    ______ C:\WINDOWS\system32\nvsvc32.exe (236)
    ______ C:\WINDOWS\System32\svchost.exe (176)
    ______ C:\WINDOWS\system32\PSIService.exe (316)
    ______ C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (1572)
    ______ C:\WINDOWS\system32\svchost.exe (2012)
    ______ C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (2256)
    ______ C:\WINDOWS\system32\svchost.exe (2340)
    ______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (1124)
    ______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (536)
    ______ C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (2716)
    ______ C:\WINDOWS\ehome\mcrdsvc.exe (2976)
    ______ C:\WINDOWS\system32\mqsvc.exe (2900)
    ______ C:\Program Files\Windows Media Player\WMPNetwk.exe (3488)
    ______ C:\WINDOWS\system32\SearchIndexer.exe (3972)
    ______ C:\WINDOWS\system32\mqtgsvc.exe (592)
    ______ C:\WINDOWS\system32\wscntfy.exe (4752)
    ______ C:\WINDOWS\system32\dllhost.exe (5036)
    ______ C:\WINDOWS\System32\alg.exe (5528)
    ______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3828)
    ______ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (4440)
    ______ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (4508)
    ______ C:\Program Files\Mozilla Firefox\firefox.exe (548)
    ______ C:\WINDOWS\system32\SearchProtocolHost.exe (5288)
    ______ C:\WINDOWS\system32\SearchFilterHost.exe (3812)
    ______ C:\Documents and Settings\mert\Desktop\Rooter.exe (5116)
    .
    \\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:106303486464)
    \Device\Harddisk0\Partition2 (Start_Offset:106311744000 | Length:12642255360)
    \Device\Harddisk0\Partition3 (Start_Offset:118953999360 | Length:1077511680)
    .
    \\ Scheduled Tasks
    .
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\Tasks\desktop.ini
    C:\WINDOWS\Tasks\Google Software Updater.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2387919621-520312333-2006614690-1006Core.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2387919621-520312333-2006614690-1006UA.job
    C:\WINDOWS\Tasks\PCConfidential.job
    C:\WINDOWS\Tasks\SA.DAT
    C:\WINDOWS\Tasks\SysSchedule.job
    .
    \\ Registry
    .
    .
    \\ Files & Folders
    .
    \\ Scan completed at 18:57.36
    .
    C:\Rooter$\Rooter_1.txt - (28/11/2009 | 18:57.36)


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


  • #3
    cranky bollix
    Registered Users, Registered Users 2 Posts: 583 ✭✭✭cranky bollix


    thanks that seemed to have done the trick as my cpu is gone back yo normal.im using avg free but this did not detect any of the virus' that i got.what can i do to make sure i dont get infected again.is it possible to set up the recovery console without a windows cd.
    thanks again,
    my log:

    ComboFix 09-11-28.04 - Niall 29/11/2009 13:47.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.441 [GMT 0:00]
    Running from: c:\documents and settings\mert\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\recycler\S-1-5-21-2387919621-520312333-2006614690-1005
    c:\windows\kb913800.exe
    c:\windows\run.log
    c:\windows\system32\_000005_.tmp.dll
    c:\windows\system32\_000006_.tmp.dll

    Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

    .
    ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
    .

    2009-11-29 13:03 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2009-11-29 02:52 . 2009-11-29 02:52
    d
    w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-11-28 18:57 . 2009-11-28 18:57
    d
    w- C:\Rooter$
    2009-11-27 15:13 . 2009-11-27 15:13 117760 ----a-w- c:\documents and settings\mert\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-11-27 15:10 . 2009-11-27 15:10
    d
    w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-11-27 15:09 . 2009-11-27 15:09
    d
    w- c:\program files\SUPERAntiSpyware
    2009-11-27 15:09 . 2009-11-27 15:09
    d
    w- c:\documents and settings\mert\Application Data\SUPERAntiSpyware.com
    2009-11-27 14:22 . 2009-11-27 14:22
    d
    w- c:\documents and settings\mert\Application Data\Malwarebytes
    2009-11-27 14:22 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-27 14:22 . 2009-11-27 14:22
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-27 14:22 . 2009-11-27 14:22
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-11-27 14:22 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-27 01:14 . 2009-11-27 01:14
    d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-11-27 01:02 . 2009-11-27 01:02
    d
    w- c:\documents and settings\All Users\Application Data\5cfecd7
    2009-11-27 00:43 . 2009-11-27 00:43
    d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-11-27 00:43 . 2009-11-27 14:38
    d-sh--w- c:\documents and settings\mert\Application Data\System
    2009-11-27 00:43 . 2009-11-27 00:43
    d
    w- c:\documents and settings\mert\Application Data\Mozilla Firefox
    2009-11-20 11:47 . 2009-11-03 13:33 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2009-11-18 12:56 . 2009-11-18 12:56
    d
    w- c:\documents and settings\NetworkService\Local Settings\Application Data\HP
    2009-11-17 15:44 . 2009-11-24 16:22
    d
    w- c:\documents and settings\mert\Application Data\HpUpdate
    2009-11-17 15:44 . 2009-11-17 15:44
    d
    w- c:\windows\Hewlett-Packard
    2009-11-16 23:56 . 2009-11-16 23:56
    d
    w- c:\documents and settings\mert\Application Data\DivX
    2009-11-12 19:16 . 2009-11-29 02:54 0 ----a-w- c:\documents and settings\mert\Local Settings\Application Data\prvlcl.dat
    2009-11-12 14:02 . 2009-11-09 22:11 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2009-11-12 14:02 . 2009-11-12 14:01 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2009-11-12 14:02 . 2009-11-12 14:01 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2009-11-12 14:02 . 2009-11-09 22:11 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2009-11-12 14:02 . 2009-11-09 22:11 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2009-11-12 14:02 . 2009-11-03 13:33 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
    2009-11-10 18:45 . 2007-05-13 12:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
    2009-11-09 22:11 . 2009-11-03 13:33 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2009-11-09 22:10 . 2009-11-09 22:10 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2009-11-09 22:10 . 2009-11-03 13:33 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
    2009-11-07 03:39 . 2009-09-25 16:42 9464
    w- c:\windows\system32\drivers\cdralw2k.sys
    2009-11-07 03:39 . 2009-09-25 16:42 9336
    w- c:\windows\system32\drivers\cdr4_xp.sys
    2009-11-07 03:39 . 2009-09-25 16:42 129784
    w- c:\windows\system32\pxafs.dll
    2009-11-07 03:38 . 2009-11-07 03:38
    d
    w- c:\program files\Common Files\DivX Shared
    2009-11-06 18:27 . 2009-11-06 18:27
    d
    w- c:\program files\Common Files\xing shared
    2009-11-06 18:20 . 2009-11-23 00:48
    d
    w- c:\documents and settings\mert\Application Data\vlc
    2009-11-04 22:15 . 2009-11-04 22:23
    d
    w- C:\Identity Cloaker
    2009-11-03 21:33 . 2009-11-03 21:33 152576 ----a-w- c:\documents and settings\mert\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-03 13:34 . 2009-11-03 13:42
    d
    w- C:\$AVG
    2009-11-03 13:33 . 2009-11-03 13:33
    d
    w- c:\documents and settings\All Users\Application Data\avg9

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-29 14:16 . 2008-02-23 01:03
    d
    w- c:\documents and settings\mert\Application Data\uTorrent
    2009-11-29 02:55 . 2008-02-13 06:21
    d
    w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-11-28 19:39 . 2008-09-26 13:22
    d
    w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-11-27 19:55 . 2009-05-12 13:11
    d
    w- c:\program files\DU Meter
    2009-11-27 15:09 . 2009-03-22 22:29
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2009-11-27 14:38 . 2009-03-22 21:58
    d
    w- c:\program files\IESnap
    2009-11-27 01:02 . 2009-11-27 01:02 0 ----a-w- c:\documents and settings\mert\57E.tmp
    2009-11-27 01:02 . 2009-11-27 01:02 31744 ----a-w- c:\documents and settings\mert\57B.tmp
    2009-11-27 01:02 . 2009-11-27 01:02 216 ----a-w- c:\documents and settings\mert\578.tmp
    2009-11-27 00:03 . 2008-02-21 18:21
    d
    w- c:\documents and settings\mert\Application Data\skypePM
    2009-11-26 16:40 . 2009-03-03 13:27 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2009-11-26 16:40 . 2009-03-03 13:27 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2009-11-21 22:29 . 2007-08-09 15:23
    d
    w- c:\program files\JetAudio
    2009-11-20 11:41 . 2008-02-21 18:19
    d
    w- c:\documents and settings\mert\Application Data\Skype
    2009-11-17 15:44 . 2006-12-01 03:06
    d
    w- c:\program files\Hewlett-Packard
    2009-11-10 19:14 . 2008-02-26 21:06
    d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-11-10 18:45 . 2008-04-04 12:49
    d
    w- c:\program files\AoA Audio Extractor
    2009-11-10 17:49 . 2009-09-05 14:18
    d
    w- c:\documents and settings\mert\Application Data\DVD Flick
    2009-11-09 22:11 . 2009-04-21 11:04 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-07 03:39 . 2006-12-01 04:12
    d
    w- c:\program files\DivX
    2009-11-06 18:27 . 2007-08-10 15:09
    d
    w- c:\program files\Common Files\Real
    2009-11-06 18:26 . 2008-02-27 15:02
    d
    w- c:\program files\Real
    2009-11-06 18:18 . 2007-08-09 15:25
    d
    w- c:\program files\VideoLAN
    2009-11-06 18:13 . 2008-02-27 21:05
    d
    w- c:\program files\NCH Swift Sound
    2009-11-06 01:57 . 2008-02-29 12:23
    d
    w- c:\program files\AV VCS 3.0 DIAMOND
    2009-11-06 01:56 . 2008-02-29 12:23 16 ----a-w- c:\windows\system32\RgsdData.dat
    2009-11-03 21:34 . 2006-12-01 03:06
    d
    w- c:\program files\Java
    2009-11-03 21:34 . 2009-01-24 15:34 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-03 13:33 . 2009-04-21 11:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-03 13:33 . 2009-04-21 11:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-03 13:33 . 2009-04-21 11:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-03 13:33 . 2009-03-23 14:45
    d
    w- c:\program files\AVG
    2009-11-03 13:27 . 2009-02-03 23:27
    d
    w- c:\documents and settings\All Users\Application Data\Kontiki
    2009-10-28 21:52 . 2006-12-01 03:14 110160 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-28 21:05 . 2008-02-23 00:58
    d
    w- c:\program files\Common Files\Adobe
    2009-10-19 19:09 . 2007-08-09 15:16
    d
    w- c:\documents and settings\mert\Application Data\U3
    2009-10-17 14:07 . 2009-10-17 14:07
    d
    w- c:\documents and settings\All Users\Application Data\TVU Networks
    2009-10-17 14:07 . 2009-01-31 13:31
    d
    w- c:\program files\TVUPlayer
    2009-10-15 14:15 . 2009-10-15 14:13
    d
    w- c:\program files\Sony
    2009-10-15 14:13 . 2008-03-05 12:42
    d
    w- c:\program files\VSTplugins
    2009-10-15 01:22 . 2007-08-10 15:33
    d
    w- c:\documents and settings\All Users\Application Data\nView_Profiles
    2009-10-15 00:41 . 2008-10-21 22:17 8 ----a-w- c:\windows\system32\nvModes.dat
    2009-10-14 17:40 . 2009-10-14 17:40
    dc-h--w- c:\documents and settings\All Users\Application Data\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
    2009-10-14 17:39 . 2009-10-14 17:39
    d
    w- c:\documents and settings\All Users\Application Data\Native Instruments
    2009-10-14 17:39 . 2008-04-01 19:55
    d
    w- c:\program files\Native Instruments
    2009-10-14 17:38 . 2009-10-14 17:38
    dc-h--w- c:\documents and settings\All Users\Application Data\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}
    2009-10-14 17:38 . 2009-10-14 17:38
    dc-h--w- c:\documents and settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
    2009-10-09 19:22 . 2009-10-09 19:22 57344 ----a-r- c:\documents and settings\mert\Application Data\Microsoft\Installer\{0DACDD10-97BE-4C26-AEC1-3CE3F86035C4}\NewShortcut7_7771B2A712EF4ED6B9E64A04820E098E.exe
    2009-10-09 19:22 . 2009-10-09 19:22 57344 ----a-r- c:\documents and settings\mert\Application Data\Microsoft\Installer\{0DACDD10-97BE-4C26-AEC1-3CE3F86035C4}\NewShortcut1_7771B2A712EF4ED6B9E64A04820E098E.exe
    2009-10-09 19:22 . 2009-10-09 19:21
    d
    w- c:\program files\Serato
    2009-09-25 16:42 . 2007-08-09 15:24 120056
    w- c:\windows\system32\pxcpyi64.exe
    2009-09-25 16:42 . 2007-08-09 15:24 118520
    w- c:\windows\system32\pxinsi64.exe
    2009-09-25 16:42 . 2005-04-25 17:03 43528
    w- c:\windows\system32\drivers\pxhelp20.sys
    2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-09-11 14:18 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-08 16:38 . 2009-02-27 17:09 84164 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-09-04 21:03 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-09-03 21:36 . 2009-09-03 21:20 166241 ----a-w- c:\windows\hpoins28.dat
    2008-02-26 21:27 . 2008-02-26 21:27 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
    2008-02-26 21:23 . 2008-02-26 21:23 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
    2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-01-20 19:33 . 2009-01-20 19:33 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2009-03-02 18:01 . 2009-02-28 00:05 88 --sh--r- c:\windows\system32\9806F9EB04.sys
    2009-03-02 18:05 . 2009-02-28 00:05 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2008-02-29 1555480]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-11-17 2166296]
    "{2acf8db1-7e9c-46ec-8107-9de08f39085e}"= "c:\program files\Deja_Vu\tbDej0.dll" [2009-11-17 2166296]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CLASSES_ROOT\clsid\{2acf8db1-7e9c-46ec-8107-9de08f39085e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2008-02-29 23:21 1555480 ----a-w- c:\program files\Freecorder\tbFre1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2acf8db1-7e9c-46ec-8107-9de08f39085e}]
    2009-11-17 18:59 2166296 ----a-w- c:\program files\Deja_Vu\tbDej0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2009-11-17 18:59 2166296 ----a-w- c:\program files\free-downloads.net\tbfre1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-01-20 02:14 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2008-02-29 1555480]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-11-17 2166296]
    "{2acf8db1-7e9c-46ec-8107-9de08f39085e}"= "c:\program files\Deja_Vu\tbDej0.dll" [2009-11-17 2166296]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CLASSES_ROOT\clsid\{2acf8db1-7e9c-46ec-8107-9de08f39085e}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2008-02-29 1555480]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-11-17 2166296]
    "{2ACF8DB1-7E9C-46EC-8107-9DE08F39085E}"= "c:\program files\Deja_Vu\tbDej0.dll" [2009-11-17 2166296]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CLASSES_ROOT\clsid\{2acf8db1-7e9c-46ec-8107-9de08f39085e}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-18 289072]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-10-28 25214]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-25 113664]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-11-03 13:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi1"=ma_cmidn.dll
    "midi2"=ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Documents and Settings\\mert\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Safari\\Safari.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\FilmOn HDi Player\\FilmOn HDi Player.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
    "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Native Instruments\\Traktor\\Traktor.exe"=
    "c:\\Program Files\\Native Instruments\\Traktor DJ Studio 3\\TraktorDJStudio3.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/04/2009 11:04 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/04/2009 11:04 360584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [03/11/2009 13:33 285392]
    R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [29/02/2008 12:23 6852]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [06/03/2008 13:20 33792]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
    S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [29/09/2008 15:31 193840]
    S3 Flash1;Flash1;\??\c:\docume~1\mert\LOCALS~1\Temp\winphlash\Flash1.sys --> c:\docume~1\mert\LOCALS~1\Temp\winphlash\Flash1.sys [?]
    S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
    S3 WinPhlash;WinPhlash;\??\c:\docume~1\mert\LOCALS~1\Temp\winphlash\PHLASHNT.SYS --> c:\docume~1\mert\LOCALS~1\Temp\winphlash\PHLASHNT.SYS [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2007 19:36 722416]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-11-29 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-26 22:37]

    2009-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2387919621-520312333-2006614690-1006Core.job
    - c:\documents and settings\mert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-06 12:31]

    2009-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2387919621-520312333-2006614690-1006UA.job
    - c:\documents and settings\mert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-06 12:31]
    .
    .
    Supplementary Scan
    .
    uInternet Settings,ProxyOverride = 127.0.0.1
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\mert\Application Data\Mozilla\Firefox\Profiles\l726igfk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q=
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\mert\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-8034 - c:\documents and settings\mert\57D.tmp.exe
    AddRemove-Native Instruments Audio 8 DJ Driver - c:\documents and settings\All Users\Application Data\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}\Audio 8 DJ Driver Setup.exe REMOVE=TRUE MODIFY=FALSE
    AddRemove-Native Instruments Service Center - c:\documents and settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}\Service Center Setup.exe REMOVE=TRUE MODIFY=FALSE
    AddRemove-Native Instruments Traktor - c:\documents and settings\All Users\Application Data\{2ED18044-7049-4E7A-A58D-4017348FCDB7}\Traktor Setup.exe REMOVE=TRUE MODIFY=FALSE
    AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
    AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-29 14:12
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ASP.NET]
    "ImagePath"="c:\program files\Common Files\Microsoft Shared\MSINFO\asp.net"
    .
    LOCKED REGISTRY KEYS

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{969D404C-EC53-A9AF-A02B8ED8C194B4B8}\{49CEC6C1-E90A-6C40-7DC9D5345834AD37}\{B3C560DA-C3C9-1298-A5CC78F93CD65657}*]
    "YKBG4FY6MRBLZHWNMN5KORGMPA1"=hex:01,00,01,00,00,00,00,00,da,37,90,89,91,09,97,
    9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*]
    "YKBG4FY6MRBLZHWNMN5KORGMPA1"=hex:01,00,01,00,00,00,00,00,da,37,90,89,91,09,97,
    9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(1160)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(524)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\mqsvc.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\mqtgsvc.exe
    c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
    c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    c:\program files\TechSmith\SnagIt 8\SnagIt32.exe
    c:\program files\Windows Desktop Search\WindowsSearch.exe
    c:\program files\TechSmith\SnagIt 8\TSCHelp.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
    c:\windows\system32\dllhost.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2009-11-29 14:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-11-29 14:30

    Pre-Run: 18,098,020,352 bytes free
    Post-Run: 22,127,972,352 bytes free

    Current=7 Default=7 Failed=5 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
    - - End Of File - - 4183DEDD9FEDAC58F1F85A1F794B3A25


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I will recommend some things at the end

    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes

:Services

:Reg

:Files
c:\documents and settings\mert\57E.tmp
c:\documents and settings\mert\57B.tmp
c:\documents and settings\mert\578.tmp
c:\documents and settings\mert\*.tmp

:Commands
[purity]
[emptytemp]
[Reboot]
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. #5
      cranky bollix
      Registered Users, Registered Users 2 Posts: 583 ✭✭✭cranky bollix


      new problem.

      while i was going through the previous steps, after a reboot.a loud buzzing noise started coming from the laptop.up around the area where the fan is located.its continuous.so i think i may have to bring it to laptop doc


    Advertisement