TheTechGuide Forum
General Category => Tech Clinic => Topic started by: eye_opener on November 22, 2008, 09:22:59 PM
-
i am getting buffer overrun errors
no disk errors
and my pc is running like real slow
i can't open hijack this
or avira or virus protection
please help me
-
See if you can open this file
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
-
Here is the log
Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.0.2195 Service Pack 4
11/24/2008 11:20:10 AM
mbam-log-2008-11-24 (11-20-10).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 106293
Time elapsed: 28 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 33
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 82
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
D:\WINNT\system32\ssqpo.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINNT\system32\pmnmlii.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINNT\system32\indwvm.dll (Trojan.Zlob) -> Delete on reboot.
d:\WINNT\system32\rqrrstq.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08c134d3-087c-4139-a98c-3a078358dfde} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmlii (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{08c134d3-087c-4139-a98c-3a078358dfde} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{debb349c-df19-4483-8437-90919f3ec079} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{debb349c-df19-4483-8437-90919f3ec079} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5adf3862-9e2e-4ad3-86f7-4510e6550cd0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5adf3862-9e2e-4ad3-86f7-4510e6550cd0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{654cd938-45ca-4386-80dd-1ab22911839e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{654cd938-45ca-4386-80dd-1ab22911839e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f6b6fdd-a71f-81ea-1a17-8d8dce56819c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f6b6fdd-a71f-81ea-1a17-8d8dce56819c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8fff6f35-d7f2-42d5-9988-e4bcaa63e0eb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8fff6f35-d7f2-42d5-9988-e4bcaa63e0eb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d17e43d-029f-41e3-aac5-022df8103548} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d17e43d-029f-41e3-aac5-022df8103548} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd3447d4-ca39-4377-8084-30e86331d74c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e12bff69-38a7-406e-a8ef-2738107a7831} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winpfp32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winspd32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gplv3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{08c134d3-087c-4139-a98c-3a078358dfde} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{25b7d2fd-4f71-46d1-801a-7de323e4ec82} (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: d:\winnt\system32\rqrrstq.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\rqrrstq.dll -> Quarantined and deleted successfully.
Folders Infected:
D:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
D:\Program Files\WinPop (Adware.WinPop) -> Quarantined and deleted successfully.
Files Infected:
D:\WINNT\system32\pmnmlii.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINNT\system32\ssqpo.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINNT\system32\opqss.bak1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\opqss.bak2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\opqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\opqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\aobhwkgh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\hgkwhboa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\blgmlpfr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\rfplmglb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\bqujijoe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\eojijuqb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\cxjpkckb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\bkckpjxc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\faaocpfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\ufpcoaaf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\igayfjut.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\tujfyagi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\mxbcuyda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\adyucbxm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\pfcmxmqo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\oqmxmcfp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\qmnptvxu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\uxvtpnmq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\reqjkhpy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\yphkjqer.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\wgnkgebw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\wbegkngw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\xrwacigm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\mgicawrx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\ylyfmsda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\adsmfyly.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\jrdggvrr.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\gdcvusrd.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\nflijvni.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\indwvm.dll (Trojan.Zlob) -> Delete on reboot.
D:\WINNT\system32\ubptrccu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\rjfmuxlg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Admin\Local Settings\Temp\20637715.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Admin\Local Settings\Temp\9996514.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Admin\Local Settings\Temp\win77C.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Chris\Local Settings\Temp\32look.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
D:\Program Files\Common Files\Yazzle1122OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
D:\Program Files\Common Files\orok\orokd\orokc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\serial.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Program Files\WinPop\winpop.exe~ (Adware.Winpop) -> Quarantined and deleted successfully.
D:\WINNT\smgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINNT\system32\j1241132.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
D:\WINNT\system32\syswin.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
D:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
D:\WINNT\system32\winpfp32.dll (Dialer) -> Quarantined and deleted successfully.
D:\WINNT\system32\winspd32.dll (Dialer) -> Quarantined and deleted successfully.
D:\WINNT\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINNT\system32\gebbxwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\gebcbaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\gebccda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\awvts.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\jkhih.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\tuvsqpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\mljijge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\opnljif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\cbxwtrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\cbxxyxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\awvst.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\mllkh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\mllml.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\efcbbaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\ljjjgef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\nnnllkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\ssqnnll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\awtronl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\khfebxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\rqrrstq.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINNT\system32\vtuutqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\yayawvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\Admin\Local Settings\Temp\win467.tmp.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
D:\Documents and Settings\lice\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\lice\Local Settings\Temp\laf13.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\WINNT\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINNT\system32\drivers\core.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
-
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
- Double click on RSIT.exe to launch program.
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Post both those logs please
-
Here are the two logs:
info log
info.txt logfile of random's system information tool 1.04 2008-11-24 14:20:21
======Uninstall list======
-->"D:\Program Files\SBC Yahoo!\umuninst.exe" /S
-->"D:\WINNT\..\Program Files\SBC Yahoo!\Connection Manager\uninst.exe"
-->D:\PROGRA~1\Yahoo!\browser\unyb.exe
-->D:\PROGRA~1\Yahoo!\Common\unwise.exe /S D:\PROGRA~1\Yahoo!\Common\install.log
-->D:\PROGRA~1\Yahoo!\Common\unybase.exe
-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-->D:\PROGRA~1\Yahoo!\PARENT~1\unypc.exe /S
-->D:\WINNT\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\yaddbook.dll
-->D:\WINNT\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\ylogin.dll
-->D:\WINNT\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\ymmapi.dll
-->D:\WINNT\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
-->regsvr32 /s /u D:\PROGRA~1\Yahoo!\Common\YCOMP5~1.DLL
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"
Adobe Flash Player 9 ActiveX-->D:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitTorrent 5.0.7-->"D:\Program Files\BitTorrent\uninstall.exe"
Blender (remove only)-->"I:\Program Files\Blender Foundation\Blender\uninstall.exe"
BroadJump Client Foundation-->D:\WINNT\IsUninst.exe -f"D:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"D:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
DirectX 8.1 Hotfix - KB839643-->D:\WINNT\$NtUninstallKB839643-DirectX81$\spuninst\spuninst.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HOT ALBUM MYBOX-->D:\Program Files\HOTALBUMMyBOX\VUninst.exe /a
Hotfix for MDAC 2.53 (KB927779)-->"D:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
hp deskjet 3320 series (Remove only)-->D:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall
hp deskjet 3320 series-->rundll32 hpzcon07.dll,VendorJettison hp deskjet 3320 series
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LimeWire 4.12.6-->"I:\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MyChanger-->D:\WINNT\unvise32.exe D:\Program Files\Codeuber\MyChanger\uninstal.log
MySpaceIM-->D:\Program Files\MySpace\IM\Uninstall.exe
NCH Tone Generator Uninstall-->D:\Program Files\NCH Swift Sound\ToneGen\uninst.exe
OIN-->"D:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
Pdf995-->D:\Program Files\pdf995\setup.exe uninstall
PhoTags Express -->D:\PROGRA~1\PHOTAG~1\Setup.exe /remove
SBC Yahoo! Applications-->D:\Program Files\SBC Yahoo!\UninstallManager.exe
Security Update for Windows 2000 (KB904706)-->"D:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689)-->"D:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"D:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"D:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"D:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
TaxCut Deluxe 2005-->D:\PROGRA~1\TaxCut05\Program\removetc.exe
TaxCut Premium 2006-->D:\PROGRA~1\TaxCut06\Program\removetc.exe
TaxCut Premium 2007-->MsiExec.exe /X{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}
Update Rollup 1 for Windows 2000 SP4-->"D:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
Visual IP InSight(SBC)-->D:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
WavePad Uninstall-->D:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp (remove only)-->"D:\Program Files\Winamp\UninstWA.exe"
Windows 2000 Hotfix - KB833407-->D:\WINNT\$NtUninstallKB833407$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB842773-->D:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB893756-->"D:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"D:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"D:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"D:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"D:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"D:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"D:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"D:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"D:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"D:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"D:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"D:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"D:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"D:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"D:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"D:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"D:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914389-->"D:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"D:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917422-->"D:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917736-->"D:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917953-->"D:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"D:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"D:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"D:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"D:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"D:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"D:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"D:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923414-->"D:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923694-->"D:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"D:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924191-->"D:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"D:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"D:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925486-->"D:\WINNT\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"D:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"D:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928090-->"D:\WINNT\$NtUninstallKB928090-IE6SP1-20070125.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"D:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB929969-->"D:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"D:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"D:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB932168-->"D:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows Media Player Hotfix [See Q828026 for more information]-->D:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows Media Player system update (9 Series)-->D:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Os2LibPath"=%SystemRoot%\system32\os2\dll;
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=080a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
and here is the log
Logfile of random's system information tool 1.04 (written by random/random)
Run by Chris at 2008-11-24 14:20:03
Microsoft Windows 2000 Professional Service Pack 4
System drive D: has 5 GB (48%) free of 10 GB
Total RAM: 95 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:15 PM, on 11/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
D:\Documents and Settings\Chris\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Chris.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C45B1924-EF5D-4441-834B-058CA202505C} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [j1241132] rundll32 D:\WINNT\system32\j1241132.dll sook
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\winnt\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5689 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll [2003-06-20 209489]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - d:\program files\google\googletoolbar2.dll [2008-01-06 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45B1924-EF5D-4441-834B-058CA202505C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll [2003-06-20 209489]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - D:\WINNT\system32\msdxm.ocx [2005-03-31 844560]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar2.dll [2008-01-06 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"BJCFD"=D:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"IPInSightLAN 02"=D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe [2003-06-11 380928]
"IPInSightMonitor 02"=D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [2003-06-11 122880]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263]
"HPDJ Taskbar Utility"=D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-03 188416]
"j1241132"=rundll32 D:\WINNT\system32\j1241132.dll sook []
"SManager"=smanager.7.exe []
"smgr"=smgr.exe []
"MBBalloon"=D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [2006-12-15 787096]
"avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Malwarebytes Anti-Malware (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"svchost.exe"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINNT\system32\ctfmon.exe [2001-02-20 8192]
"Uniblue RegistryBooster 2"=D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-01-06 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau]
D:\WINNT\system32\nwprovau.dll [2006-08-31 140048]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\DOCUME~1\Admin\LOCALS~1\Temp\win452.tmp.exe"="D:\DOCUME~1\Admin\LOCALS~1\Temp\win452.tmp.exe:*:Enabled:win452.tmp"
"D:\WINNT\TEMP\winC.tmp.exe"="D:\WINNT\TEMP\winC.tmp.exe:*:Enabled:winC.tmp"
"ntdll.dll"="D:\DOCUME~1\Admin\LOCALS~1\Temp\win76C.tmp.exe:*:Enabled:win76C.tmp"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2008-11-24 14:20:03 ----D---- D:\rsit
2008-11-24 11:22:19 ----D---- D:\Avenger
2008-11-24 11:22:19 ----A---- D:\avenger.txt
2008-11-23 20:52:53 ----D---- D:\Documents and Settings\Chris\Application Data\Malwarebytes
2008-11-23 20:38:22 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-23 20:38:09 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 18:08:39 ----D---- D:\Program Files\Avira
2008-11-22 18:08:39 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2008-11-22 17:53:38 ----D---- D:\Program Files\Trend Micro
2008-11-22 17:43:07 ----A---- D:\WINNT\ntbtlog.txt
======List of files/folders modified in the last 1 months======
2008-11-24 14:20:07 ----AD---- D:\WINNT\system32
2008-11-24 14:18:09 ----D---- D:\Program Files\Mozilla Firefox
2008-11-24 11:22:19 ----D---- D:\WINNT
2008-11-24 11:20:08 ----RAD---- D:\Program Files
2008-11-24 08:52:14 ----A---- D:\WINNT\SchedLgU.Txt
2008-11-24 01:43:12 ----HD---- D:\WINNT\inf
2008-11-24 01:43:09 ----AD---- D:\WINNT\Temp
2008-11-23 20:38:51 ----AD---- D:\WINNT\system32\drivers
2008-11-23 20:07:42 ----AD---- D:\WINNT\Debug
2008-11-23 20:04:48 ----SHD---- D:\WINNT\CSC
2008-11-22 20:05:13 ----AC---- D:\WINNT\system32\dfrg.msc
2008-11-22 19:43:29 ----SHD---- D:\WINNT\Installer
2008-11-22 19:08:20 ----D---- D:\WINNT\system32\NtmsData
2008-11-22 17:41:29 ----RASHDC---- D:\WINNT\system32\dllcache
2008-11-22 17:40:47 ----AD---- D:\WINNT\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_2K;Cdr4_2K; D:\WINNT\system32\drivers\Cdr4_2K.sys [2006-11-17 58000]
R1 Cdralw2k;Cdralw2k; D:\WINNT\system32\drivers\Cdralw2k.sys [2006-11-17 23420]
R3 FA311;Netgear FA311 NDIS 5.0 Miniport Driver; D:\WINNT\system32\DRIVERS\FA311ND5.SYS [2000-02-28 21728]
R3 uhcd;Microsoft USB Universal Host Controller Driver; D:\WINNT\system32\DRIVERS\uhcd.sys [2003-07-04 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINNT\system32\DRIVERS\usbhub.sys [2003-07-04 40176]
S1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
S1 avipbb;avipbb; D:\WINNT\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
S1 kbdhid;Keyboard HID Driver; D:\WINNT\system32\DRIVERS\kbdhid.sys [1999-10-04 13744]
S1 ssmdrv;ssmdrv; D:\WINNT\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
S2 Atmuni;ATM Call Manager; D:\WINNT\system32\DRIVERS\atmuni.sys [2003-07-04 331088]
S2 HidUsb;Microsoft HID Class Driver; D:\WINNT\system32\DRIVERS\hidusb.sys [1999-10-04 13904]
S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; D:\WINNT\system32\DRIVERS\nwlnkipx.sys [2003-07-04 91408]
S2 NwlnkNb;NWLink NetBIOS; D:\WINNT\system32\DRIVERS\nwlnknb.sys [2003-07-04 65520]
S2 NwlnkSpx;NWLink SPX/SPXII Protocol; D:\WINNT\system32\DRIVERS\nwlnkspx.sys [2003-07-04 58480]
S2 Rawwan;RAW WAN Driver; D:\WINNT\system32\DRIVERS\rawwan.sys [2003-07-04 35024]
S3 allegro;ESS Allegro Audio Driver (WDM); D:\WINNT\system32\drivers\es198x.sys [2002-05-08 189568]
S3 AtmElan;ATM Emulated LAN; D:\WINNT\system32\DRIVERS\atmlane.sys [2003-07-04 48496]
S3 AtmLane;ATM LAN Emulation; D:\WINNT\system32\DRIVERS\atmlane.sys [2003-07-04 48496]
S3 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 ccdecode;Closed Caption Decoder; D:\WINNT\system32\drivers\ccdecode.sys [1999-10-04 13232]
S3 DLKRCB;D-Link DFE-690TXD CardBus PC Card; D:\WINNT\system32\DRIVERS\DLKRCB.SYS [2001-10-15 25434]
S3 eni25p;Efficient Networks ENI-25P ATM Driver; D:\WINNT\system32\DRIVERS\eni25p.sys [1999-09-24 51152]
S3 i81x;i81x; D:\WINNT\system32\DRIVERS\i81xnt5.sys [2003-06-19 68336]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; D:\WINNT\system32\drivers\msmpu401.sys [1999-09-25 2832]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINNT\system32\drivers\MSTEE.sys [2003-06-19 5168]
S3 NWRDR;NetWare Rdr; D:\WINNT\system32\DRIVERS\nwrdr.sys [2006-08-31 161520]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINNT\System32\Drivers\RootMdm.sys [2003-07-04 6032]
S3 SQTECH905C;DualCamera; D:\WINNT\System32\Drivers\Capt905c.sys [2005-03-24 38937]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINNT\system32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 USBSTOR;USB Mass Storage Driver; D:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINNT\System32\drivers\ws2ifsl.sys [2003-07-04 12016]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S2 HidServ;HID Input Service; D:\WINNT\system32\hidserv.exe [2003-06-19 19728]
S2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 NWCWorkstation;Client Service for NetWare; D:\WINNT\system32\services.exe [2005-04-08 92944]
S2 StiSvc;Still Image Service; D:\WINNT\system32\stisvc.exe [2003-07-04 61712]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-06 138168]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WmdmPmSN;Portable Media Serial Number Service; D:\WINNT\System32\svchost.exe [2003-07-04 7952]
-----------------EOF-----------------
-
Can you do the following
Download > [color=\"red\"]OTMoveIt3[/color] (http://\"http://oldtimer.geekstogo.com/OTMoveIt3.exe\") <[/url] by OldTimer.
- Save it to your desktop.
- Double-click OTMoveIt3.exe to run it.
- Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000FF\"]
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"=-
"IPInSightLAN 02"=-
"IPInSightMonitor 02"=-
"SunJavaUpdateSched"=-
"j1241132"=-
"SManager"=-
"smgr"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"svchost.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\DOCUME~1\\Admin\\LOCALS~1\\Temp\\win452.tmp.exe"=-
"D:\\WINNT\\TEMP\\winC.tmp.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45B1924-EF5D-4441-834B-058CA202505C}]
[/color]
======================================================
- Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".
If prompted on startup to Run OTMoveit again, allow it please
A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
In your case it should be the D: drive
I'll need to see that log later
Before posting that log
Access your Add and REmove programs
With your browser windows closed
Let's first uninstall Older versions of Java
This includes:
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Don't reboot yet, even if prompted
Then, try and remove
OIN
Finally, reboot your computer into Normal Windows
Back in Windows
[color=\"blue\"]Updating Java:[/color]- Download the latest version of Java Runtime Environment (JRE) 10 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
- Click the "Download" button to the right.
- In the Window that opens, In the dropdown box Platform:select Windows,>>Check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
Come back here and run a Fresh Scan and save logfile with Hijackthis and post it please
along with the log from OTMoveit3
NOTE: Your running this computer with minimal RAM
Is it not possible to update?
-
OTMoveIt3 log
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BJCFD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IPInSightLAN 02 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IPInSightMonitor 02 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\j1241132 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\svchost.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\DOCUME~1\Admin\LOCALS~1\Temp\win452.tmp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\WINNT\TEMP\winC.tmp.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45B1924-EF5D-4441-834B-058CA202505C}\\ deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11242008_152903
hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:22 PM, on 11/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINNT\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\WINNT\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINNT\system32\msiexec.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINNT\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\winnt\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5687 bytes
-
Can you do the following please
Open Avira AntiVir by double clicking it's icon by the clock
When the main window opens
Ensure it is right up to date by clicking on start update
After updating can you then run a system scan by clicking on scan system now
Delete or Quarantine anything that Avira finds
When the scan is complete
Can you reboot your computer
Then reopen Avira
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"
A log will open, can you post that log please
Also, let me know how everything is now running
-
Avira AntiVir Personal
Report file date: Monday, November 24, 2008 22:14
Scanning for 1049308 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ALICE
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 10/30/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 16:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 15:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 20:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 00:25:16
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 00:25:25
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 11/23/2008 00:25:29
ANTIVIR3.VDF : 7.1.0.131 53248 Bytes 11/24/2008 00:25:30
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 18:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/25/2008 00:25:53
AESCN.DLL : 8.1.1.5 123251 Bytes 11/25/2008 00:25:51
AERDL.DLL : 8.1.1.3 438645 Bytes 11/25/2008 00:25:50
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/25/2008 00:25:47
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/25/2008 00:25:45
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/25/2008 00:25:43
AEHELP.DLL : 8.1.2.0 119159 Bytes 11/25/2008 00:25:36
AEGEN.DLL : 8.1.1.5 323956 Bytes 11/25/2008 00:25:34
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 18:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 11/25/2008 00:25:32
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 18:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 16:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 17:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/25/2008 00:25:31
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 19:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 16:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 20:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 01:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 20:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 20:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 21:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 21:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Monday, November 24, 2008 22:14
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNo' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb07.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winmgmt.exe' - '1' Module(s) have been scanned
Scan process 'stisvc.exe' - '1' Module(s) have been scanned
Scan process 'mstask.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'hidserv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '54' files ).
Starting the file scan:
Begin scan in 'C:\'
Begin scan in 'D:\'
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\WINNT\system32\aivjibnb.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49a212e8.qua'!
D:\WINNT\system32\aoetvwyv.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '499112f0.qua'!
D:\WINNT\system32\astfqkdb.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49a012f5.qua'!
D:\WINNT\system32\awttr.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a012fc.qua'!
D:\WINNT\system32\besralse.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499f12ed.qua'!
D:\WINNT\system32\bqefivjv.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499112f9.qua'!
D:\WINNT\system32\bxyxdidl.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49a51301.qua'!
D:\WINNT\system32\cdvbwruc.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '49a212ef.qua'!
D:\WINNT\system32\clcplhdv.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498f12fa.qua'!
D:\WINNT\system32\ddawv.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498d12f8.qua'!
D:\WINNT\system32\ddcca.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498f12f9.qua'!
D:\WINNT\system32\dfvwltyc.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49a212fd.qua'!
D:\WINNT\system32\dlfcbeep.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '49921304.qua'!
D:\WINNT\system32\dmcegjcn.dll
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '498f1306.qua'!
D:\WINNT\system32\efebxyx.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49911307.qua'!
D:\WINNT\system32\efedd.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48f97810.qua'!
D:\WINNT\system32\efeed.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49911308.qua'!
D:\WINNT\system32\ewhgkael.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '4994131a.qua'!
D:\WINNT\system32\fbgcxcsc.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49931307.qua'!
D:\WINNT\system32\fccaw.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498f1308.qua'!
D:\WINNT\system32\fccca.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498f1309.qua'!
D:\WINNT\system32\fccyw.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48e77f92.qua'!
D:\WINNT\system32\fcyay.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a5130a.qua'!
D:\WINNT\system32\gdqdwskq.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '499d130d.qua'!
D:\WINNT\system32\gebyw.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498e130e.qua'!
D:\WINNT\system32\geeed.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4991130f.qua'!
D:\WINNT\system32\giwbvgue.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '49a31313.qua'!
D:\WINNT\system32\heayjpwa.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '498d1311.qua'!
D:\WINNT\system32\honqqgkp.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499a131c.qua'!
D:\WINNT\system32\iesplg.dll
[DETECTION] Is the TR/Dldr.Zlob.btq.57 Trojan
[NOTE] The file was moved to '499f1315.qua'!
D:\WINNT\system32\iiifg.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49951319.qua'!
D:\WINNT\system32\iiihe.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4995131a.qua'!
D:\WINNT\system32\iiiig.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48fd7f83.qua'!
D:\WINNT\system32\imxolnyb.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49a41320.qua'!
D:\WINNT\system32\jamdymts.exe
[DETECTION] Is the TR/Agent.anr.1 Trojan
[NOTE] The file was moved to '49991318.qua'!
D:\WINNT\system32\jkhfcbb.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49941323.qua'!
D:\WINNT\system32\jsfffipu.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '4992132b.qua'!
D:\WINNT\system32\jyswseoa.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499f1332.qua'!
D:\WINNT\system32\khfca.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49921323.qua'!
D:\WINNT\system32\khfdd.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48fa7fbc.qua'!
D:\WINNT\system32\khfff.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49921325.qua'!
D:\WINNT\system32\khhhf.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49941324.qua'!
D:\WINNT\system32\kjqtilbd.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499d1326.qua'!
D:\WINNT\system32\ksompbdo.exe
--> Object
[DETECTION] Is the TR/Click.Small.MW Trojan
[NOTE] The file was moved to '499b1330.qua'!
D:\WINNT\system32\lhyqeppl.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '49a51326.qua'!
D:\WINNT\system32\ljhiged.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49941328.qua'!
D:\WINNT\system32\ljjkj.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49961329.qua'!
D:\WINNT\system32\lwdxqepr.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49901338.qua'!
D:\WINNT\system32\lxqitfki.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499d1339.qua'!
D:\WINNT\system32\maefxmqd.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '49911322.qua'!
D:\WINNT\system32\nmhgpgld.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '4994133f.qua'!
D:\WINNT\system32\nnlig.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49981340.qua'!
D:\WINNT\system32\nnllm.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f07fd9.qua'!
D:\WINNT\system32\nnlmn.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49981341.qua'!
D:\WINNT\system32\nnnlj.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499a1341.qua'!
D:\WINNT\system32\oppmk.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499c1350.qua'!
D:\WINNT\system32\oppmlki.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48f47fc9.qua'!
D:\WINNT\system32\oppmn.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499c1351.qua'!
D:\WINNT\system32\oqbbcdjh.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '498e1352.qua'!
D:\WINNT\system32\orwnkwgi.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '49a31354.qua'!
D:\WINNT\system32\osqkwpsm.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499d1357.qua'!
D:\WINNT\system32\pmkki.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49971358.qua'!
D:\WINNT\system32\pmklihi.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ff7fc1.qua'!
D:\WINNT\system32\qaxtcsdx.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '49a41350.qua'!
D:\WINNT\system32\qjufcydn.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49a1135c.qua'!
D:\WINNT\system32\qvhxftfy.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '4994136b.qua'!
D:\WINNT\system32\qyqfoxiu.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499d136f.qua'!
D:\WINNT\system32\rqolj.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499b1370.qua'!
D:\WINNT\system32\rqomj.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499b1371.qua'!
D:\WINNT\system32\rqomjhf.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48f37fea.qua'!
D:\WINNT\system32\rqonl.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499b1372.qua'!
D:\WINNT\system32\rqonm.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48f37feb.qua'!
D:\WINNT\system32\rqopo.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499b1374.qua'!
D:\WINNT\system32\rwkqlhis.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '4997137c.qua'!
D:\WINNT\system32\ryqxfeut.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '499d137e.qua'!
D:\WINNT\system32\scmeamnu.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '4999136b.qua'!
D:\WINNT\system32\snjvxqwd.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49961380.qua'!
D:\WINNT\system32\ssqnk.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499d138a.qua'!
D:\WINNT\system32\sstqr.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a0138b.qua'!
D:\WINNT\system32\sstsq.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48c87f14.qua'!
D:\WINNT\system32\ssttq.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a0138c.qua'!
D:\WINNT\system32\stibolsi.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '4995138d.qua'!
D:\WINNT\system32\sygwclsy.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49931394.qua'!
D:\WINNT\system32\tflpavsh.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49981389.qua'!
D:\WINNT\system32\tusqp.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499f139c.qua'!
D:\WINNT\system32\tustq.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499f139d.qua'!
D:\WINNT\system32\tuvsp.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a2139d.qua'!
D:\WINNT\system32\tuvtq.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a2139e.qua'!
D:\WINNT\system32\tuvtt.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ca7f07.qua'!
D:\WINNT\system32\uediroeo.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '4990138f.qua'!
D:\WINNT\system32\umbfipli.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '498e1399.qua'!
D:\WINNT\system32\urqqq.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '499d13a1.qua'!
D:\WINNT\system32\urspm.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499f13a1.qua'!
D:\WINNT\system32\uueamvxr.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '499113a6.qua'!
D:\WINNT\system32\vtsro.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499f13aa.qua'!
D:\WINNT\system32\vtsrpqn.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48f77f33.qua'!
D:\WINNT\system32\vtssq.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499f13ab.qua'!
D:\WINNT\system32\vturr.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a113ab.qua'!
D:\WINNT\system32\vtuus.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a113ac.qua'!
D:\WINNT\system32\vurrjvdd.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499e13ad.qua'!
D:\WINNT\system32\wsepcnif.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '499113c5.qua'!
D:\WINNT\system32\wvurr.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a113cc.qua'!
D:\WINNT\system32\wvwvt.exe
--> Object
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49a313cd.qua'!
D:\WINNT\system32\xptsuiie.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '49a013c8.qua'!
D:\WINNT\system32\xrkjqbfl.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '499713ca.qua'!
D:\WINNT\system32\xubhjsbk.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '498e13ce.qua'!
D:\WINNT\system32\xxwxy.exe
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a313d1.qua'!
D:\WINNT\system32\yfthvhvj.exe
[DETECTION] Is the TR/Agent.aoy.1 Trojan
[NOTE] The file was moved to '49a013c0.qua'!
D:\WINNT\system32\ymmnmgjb.exe
[DETECTION] Is the TR/Click.Agent.NP Trojan
[NOTE] The file was moved to '499913c7.qua'!
D:\WINNT\Οracle\fast.exe~
[DETECTION] Is the TR/Dldr.Age.70144.2 Trojan
[NOTE] The file was moved to '499f14c0.qua'!
End of the scan: Tuesday, November 25, 2008 09:06
Used time: 10:51:52 Hour(s)
The scan has been done completely.
3258 Scanning directories
187794 Files were scanned
110 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
110 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
187683 Files not concerned
3842 Archives were scanned
1 Warnings
110 Notes
Also everything is running relatively smoothly and faster
my only issue is firefox; it sometimes plays a stop and go game with me.
In other words it sometimes goes not responding for a few seconds and then unfreezes, beside that I have no other issue.
-
Can you do the following
Open Avira again
This time Click on Administration on the left
The Quarantine folder should open
Can you delete all objects in that folder, you should be able to highlight them and use the Trash can icon
Afterwards
===================================
Please download [color=\"#FF0000\"]ATF Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\")[/url] by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
============================================================
Open Malwarebytes Anti-malware again
Check for updates, after updating>>run a scan
Post the log later
Also, just for a double check on Vundo
"[color=\"#4169E1\"]Download VundoFix[/color] (http://\"http://www.atribune.org/ccount/click.php?id=4\")" to your desktop.- Double-click VundoFix.exe to run it.
- When VundoFix opens, click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
[color=\"#2E8B57\"]*****Note: It is possible that VundoFix encountered a file it could not remove.*****
In this case, VundoFix will attempt run on reboot, simply follow the above instructions starting from "Click
the Scan for Vundo button." when VundoFix appears at reboot.[/color]
Vundofix would of saved a log to the following location C:\Vundofix.txt
In your case probably the D: drive
Can you post that log along with one last final fresh Hijackthis log
and the log from MBAM
Edited to include directions with ATF-Cleaner
-
mbam log
Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.0.2195 Service Pack 4
11/25/2008 7:11:38 PM
mbam-log-2008-11-25 (19-11-37).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 84507
Time elapsed: 50 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Vundo
VundoFix V7.0.6
Scan started at 7:14:17 PM 11/25/2008
Listing files found while scanning....
No infected files were found.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:10 PM, on 11/25/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINNT\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\WINNT\system32\taskmgr.exe
D:\WINNT\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\winnt\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5700 bytes
-
That's looking good
Did you manage to run ATF-Cleaner.exe?
I snuck the directions in after I posted
Not sure if you seen the directions before I edited my last reply or not
I may of asked you this before, any chance of you getting more RAM for this computer?
Your running on minimum
Are you behind a Hardware firewall? I don't see no software firewall installed
EDIT again
NOTE: I just noticed you didn't update MalwareBytes' Anti-malware before running it?
Did you check for updates first?
No need right now to do a full scan, a Quick scan would be ok
-
Yes I ran the ATF cleaner no there is frewall
and as for the RAM it will be a while i am a struggling college student.
Here is the log you requested:
Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 5.0.2195 Service Pack 4
11/25/2008 8:28:39 PM
mbam-log-2008-11-25 (20-28-38).txt
Scan type: Quick Scan
Objects scanned: 47390
Time elapsed: 9 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Looks good
You can open Malwarebyte's Anti-malware
Select the Quarantine tab and select ONLY the Delete All button
I would hold onto Malwarebytes, occassionally update and run a quick scan
Your option to hold onto ATF-Cleaner
It will help clean temp files, etc....
Or you can manually delete it
You can delete RSIT.exe and it's folder D:\rsit
Delete OTMoveit3.exe
How's everything running now?
You may want to check for updates with Firefox
Within Firefox, click on Help>>Check for updates
See if you can download version 2.0.0.18
-
Everything is running fairly smooth. I was just wondering what type and how much memory do you recomeded that I get?
-
I assume this computer is quite old
More than likely PC100 or 133 SDRam
Not sure how much Ram your motherboard will accomodate however
What is the Exact Make/model of your computer?
-
i have a Compaq Presario 5000
-
There are so many different models in the 5000 series
Why not try the following
Go to the following link
http://www.crucial.com/systemscanner/ (http://\"http://www.crucial.com/systemscanner/\")
At that page, Check the box to agree to Terms and Conditions
Then click the Download the Scanner button
Save it to desktop
Then run it from Desktop
It will open a browser page and start running a scan
When it's done, it will give info of how much memory you can use and what type
You can link the results page back here if you would like
-
Guaranteed-compatible memory upgrades for your HP - Compaq HP-Compaq 06C0 Motherboard Desktop/PC .
Scan Id: 414C57B531D926C3
drop down arrow
Crucial Recommends
Your system configuration
96MB Total
96MB current memory
64MB
32MB
0 empty slots
performance gain
Our suggested upgrades
512MB Total
96MB current memory removed *
512MB new memory added
*256MB
*256MB
performance gain
US $67.98
[X]
Part No: CT490161
Qty: 2
US $33.99 ea.
Total Price: US $67.98
view all compatible memory upgrades
drop down arrow
Your Crucial Scanner Results HP-Compaq 06C0 Motherboard Specifications
Currently installed memory:
64MB
SDRAM, PC100
32MB
SDRAM, PC133
Each memory slot can hold SDRAM, PC133 with a maximum of 256MB per slot.*
*Not to exceed manufacturer supported memory.
* Maximum Memory Capacity: 512MB
* Currently Installed Memory: 96MB
* Available Memory Slots: 0
* Number of Banks: 2
* Dual Channel Support: No
* CPU Manufacturer: GenuineIntel
* CPU Family: Intel Celeron processor Model 8, Stepping 10
* CPU Speed: 797 MHz
* The name of this model may not exactly match the model description of your system, our system scanner could not identify a specific model name when evaluating your computer. However, it was able to identify the motherboard your system utilizes.
Q: Will my system recognize the maximum upgrade?
A: Possibly
How much memory your Windows OS will recognize depends on which version of Windows you are running. 32-bit versions of Windows will see (and utilize) only 3GB or 3.5GB. To utilize more memory, install a 64-bit version of your OS. More information about OS memory maximums can be found at http://www.crucial.com/kb/answer.aspx?qid=4251 (http://\"http://www.crucial.com/kb/answer.aspx?qid=4251\").
Q: What memory goes into my computer, and can I mix speeds?
A: SDRAM memory with support for SDRAM, PC133 speeds.
Because SDR memory is backward-compatible, you can safely upgrade your system with any of the guaranteed-compatible SDR speeds listed below.
Q: How much memory can my computer handle?
A: 512MB.
Adding the maximum amount of memory will improve performance and help extend the useful life of your system as you run increasingly demanding software applications in the future.
Q: Do I have to install matching pairs?
A: No.
No, you can install modules one at a time, and you can mix different densities of modules in your computer. But if your computer supports dual-channel memory configurations, you should install in identical pairs (preferably in kits) for optimal performance.
Q: Does my computer support dual-channel memory?
A: No.
Your system does not support dual channel.
Q: Does my computer support ECC memory?
A: No.
Your system does not support ECC. Because ECC and non-ECC modules should not be mixed within a system, install the same type of modules that are already in your system.
All Compatibale Parts
Refine my choices
select all|clear
drop down arrow
MEMORY MODULE
We're now showing 1 of 1 compatible upgrades show all
-
As you can see
Your max memory can hold
Each memory slot can hold SDRAM, PC133 with a maximum of 256MB per slot
You should find quite a performance boost if you did upgrade to the 2 sticks of SDRam PC133 mhz 256 mb ram
You don't have to purchase at Crucial, just gives you an idea what your looking at
You may want to check local computer shops, etc
or order elsewhere online
This is all up to you
Go back to Crucial scanner
Check the voltage and CL for the Ram, try and stick within those parameters for compatibility
As eg..
CL=2 • Unbuffered • Non-parity • 133MHz • 3.3V
If you plan on holding onto this computer, it's all your option
I still like my old Windows 2000 computer, so I ensured I have the max Ram for it
In my case, it was 512mb max also, it runs quite well
Let me know what you decide please
Shop around, get the best deal
I know sometimes, like Garage sales,etc.. you can even get lucky and find the sticks for $5 bucks a piece, if your lucky