Member Avatar for Mason313

So...... long story short yesterday.... I was watching TV and saw the commercial for my clean pc where you go online and get a free diagnosis of you pc.... well I download their program... and it totally messed up my pc.

first thing it did was install a virus onto my computer that stole my clicks when I was surfing online...... I primarily use opera. so every time I would type... it sent me to an ad that would pop up in IE.....

so I download nod32....... but that didn't work... download several registry cleaners... that didn't work..... went step by step from a tutorial on another site where someone had the same issue as I... didn't work......


I could not even install certain programs or visit certain sites

took me 12 hours just to install HIJACKthis program to create a log file...

my registry was turned off... and my system restore option vanished

so I managed to turn my registry back on.... but can not restore system restore.... I get an error saying system restore turned off by group policy... even when I am signed as as the owner

in my registry... the same 4 files keep reappearing after deletion...

IE.exe pops up repeatedly when I try to close it..... when I surf the web it eats away at my system resources till it freezes and my fan speed goes bezerk......

I do not wanna reform my computer because I just did it a month ago .....

here is the content of the log file hijackthis created

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:43 PM, on 2/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\ap7svptmbv.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\ap7svptmbv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O4 - HKLM\..\Run: [losunusig] Rundll32.exe "c:\windows\system32\toteduba.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\system32\ap7svptmbv.dll, HUI_proc
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C9B6CE3-4D09-4CB6-A285-BF32D7683053}: NameServer = 83.149.115.157,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6929C329-9D31-40B3-B56F-57B611502DCE}: NameServer = 83.149.115.157,4.2.2.1,68.87.77.134 68.87.72.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C9B6CE3-4D09-4CB6-A285-BF32D7683053}: NameServer = 83.149.115.157,4.2.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\toteduba.dll,zuyahoba.dll
O21 - SSODL: vufitiwaj - {e8400f4c-6e38-4a45-8661-1a2f8deb1187} - c:\windows\system32\toteduba.dll
O22 - SharedTaskScheduler: 7whfiudhf8s7f3oifhif7syfdhsof - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\ap7svptmbv.dll
O22 - SharedTaskScheduler: kupuhivus - {e8400f4c-6e38-4a45-8661-1a2f8deb1187} - c:\windows\system32\toteduba.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

--
End of file - 5968 bytes

  • 2 Contributors
  • 20 Replies
  • 200 Views
  • 5 Days Discussion Span
  • Latest Post Latest Post by crunchie
Member Avatar for crunchie

Hi and welcome to the Daniweb forums :).

==========

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

Post new HJT log.

commented: awesome dude... thank you for attempting to help me...hope it all works out +0
Member Avatar for Mason313

thank you crunchie........

but I am having trouble installing the malware program..... you see.... every time i've tried to install it..... its stalls and does nothing.....

the run screen comes up in the beginning but it does not install.....

I had the same issue with hijackthis at first........ then I downloaded it again and it worked......

*sigh* it was all good just a day ago.... damn tv commercial *shakes fist*

Member Avatar for crunchie

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Try MBA-M again immediately after running the above.

Member Avatar for Mason313

I've tried..........

all four links are not working

I get the following.....

Oops! This link appears to be broken.
Suggestions:
Go to bleepingcomputer . com
Go to sitemap www. bleepingcomputer . com/ sitemap. php
Search on Google:

Member Avatar for crunchie

All working for me ok. Try again as it may have been down when you tried.
If you cannot get them, let me know and I will try and upload them for you.

Member Avatar for Mason313

proly will have to upload it because I tried on IE and Opera.... and Chrome.... all a no go....

Member Avatar for crunchie

<a href="/images/attachments/0/rkill.zip">rkill.zip</a>
There you go.

rkill.zip (1411.21 KB)
Member Avatar for Mason313

Tried all four

didn't work

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Owner on 02/21/2010 at 23:51:03.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
C:\Documents and Settings\Owner\Desktop\rkill.com


Rkill completed on 02/21/2010 at 23:51:11.

this was the message I got every time but with different extensions

Member Avatar for Mason313

I did however notice a bunch of IE processes had opened after using this program... and every time I turn my pc off the registry turns off....

Member Avatar for Mason313

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:59 AM, on 2/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\msinits.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: C:\WINDOWS\system32\ap7svptmbv.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\ap7svptmbv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O4 - HKLM\..\Run: [losunusig] Rundll32.exe "c:\windows\system32\toteduba.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\system32\ap7svptmbv.dll, HUI_proc
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Owner\LOCALS~1\Temp\setup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C9B6CE3-4D09-4CB6-A285-BF32D7683053}: NameServer = 83.149.115.157,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6929C329-9D31-40B3-B56F-57B611502DCE}: NameServer = 83.149.115.157,4.2.2.1,68.87.77.134 68.87.72.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C9B6CE3-4D09-4CB6-A285-BF32D7683053}: NameServer = 83.149.115.157,4.2.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\toteduba.dll,zuyahoba.dll
O21 - SSODL: vufitiwaj - {e8400f4c-6e38-4a45-8661-1a2f8deb1187} - c:\windows\system32\toteduba.dll
O22 - SharedTaskScheduler: kupuhivus - {e8400f4c-6e38-4a45-8661-1a2f8deb1187} - c:\windows\system32\toteduba.dll
O22 - SharedTaskScheduler: 7whfiudhf8s7f3oifhif7syfdhsof - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\ap7svptmbv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

--
End of file - 6067 bytes

Member Avatar for crunchie

Sorry for the late reply. I didn't get email notification.

I want to try a different tool to get rid of those entries. Hopefully it will run.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Member Avatar for Mason313

god this is sucking major

thanks for the reply but tryin to download that program timesout

I get an error message.......

Member Avatar for Mason313

I wasnt able to complete the scan using the stuff u gave me to copy and paste but I did do a quick scan... here it is....

OTL logfile created on: 2/25/2010 5:12:08 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

239.00 Mb Total Physical Memory | 74.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1900 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 5.61 Gb Free Space | 7.86% Space Free | Partition Type: NTFS
Drive D: | 3.16 Gb Total Space | 1.13 Gb Free Space | 35.69% Space Free | Partition Type: FAT32
Drive E: | 317.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CECILDONABY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/25 16:57:38 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/02/25 12:14:57 | 00,200,704 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe
PRC - [2009/12/19 04:33:12 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,095,232 | -HS- | M] () -- C:\WINDOWS\system32\mafolibu.dll
MOD - [2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\system32\zuyahoba.dll
MOD - [2010/02/25 16:57:38 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (YahooAUService)
SRV - [2009/12/19 04:33:12 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/04 01:05:31 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/11/21 01:15:50 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca6a7214dfaea0) Google Update Service (gupdate1ca6a7214dfaea0)
SRV - [2009/11/20 23:01:28 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2004/07/15 11:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/01/05 10:40:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/01/05 10:41:39 | 00,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/21 22:04:12 | 00,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [losunusig] C:\WINDOWS\System32\mafolibu.DLL ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O20 - AppInit_DLLs: (zuyahoba.dll) - C:\WINDOWS\System32\zuyahoba.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\mafolibu.dll) - C:\WINDOWS\system32\mafolibu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: mebovevik - {364de376-9215-46a0-bfd8-45449501cfb3} - C:\WINDOWS\system32\mafolibu.dll ()
O22 - SharedTaskScheduler: {364de376-9215-46a0-bfd8-45449501cfb3} - mujuzedij - C:\WINDOWS\system32\mafolibu.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 13:13:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2009/03/05 20:22:58 | 00,000,025 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{590dca3f-f8e5-11de-800d-001111dc202b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{590dca3f-f8e5-11de-800d-001111dc202b}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{590dca3f-f8e5-11de-800d-001111dc202b}\Shell\phone\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{96fcae65-dd33-11de-bfff-001111dc202b}\Shell - "" = AutoRun
O33 - MountPoints2\{96fcae65-dd33-11de-bfff-001111dc202b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96fcae65-dd33-11de-bfff-001111dc202b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

File not found -- C:\WINDOWS\System32\4DW4R3tyiIpfMelT.dll
[2010/02/25 17:11:23 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/02/25 16:57:38 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/25 02:55:53 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/02/23 03:27:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/22 20:27:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Second.Coming.2009.DvDRiP.XviD-ExtraScene RG
[2010/02/22 20:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Legion.2010.R5.LiNE.Xvid {1337x}-Noir
[2010/02/22 13:08:26 | 01,752,632 | ---- | C] (Safer-Networking Ltd. ) -- C:\Documents and Settings\Owner\Desktop\regalyz-1.6.2.16.exe
[2010/02/21 23:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\R-Kill
[2010/02/21 21:44:39 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2010/02/21 21:44:39 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2010/02/21 21:44:38 | 00,939,368 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2010/02/21 21:44:38 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2010/02/21 21:44:37 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2010/02/21 15:27:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/21 05:00:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/21 00:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/02/20 23:38:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2010/02/20 23:19:25 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/20 22:46:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ESET
[2010/02/20 22:35:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/02/20 22:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/20 20:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/20 20:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/19 13:57:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2009/12/06 23:26:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/21 01:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/21 01:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/21 00:45:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/03/23 13:17:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

File not found -- C:\WINDOWS\System32\4DW4R3tyiIpfMelT.dll
[2099/01/01 12:00:00 | 00,095,232 | -HS- | M] () -- C:\WINDOWS\System32\vozobiya.dll
[2099/01/01 12:00:00 | 00,095,232 | -HS- | M] () -- C:\WINDOWS\System32\mafolibu.dll
[2099/01/01 12:00:00 | 00,094,720 | -HS- | M] () -- C:\WINDOWS\System32\biyiziko.dll
[2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\nitekazu.dll
[2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\lomitete.dll
[2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\hekonala.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\nikalute.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\memovovo.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\gutodayo.dll
[2099/01/01 12:00:00 | 00,070,144 | -HS- | M] () -- C:\WINDOWS\System32\ninegozu.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\zuyahoba.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\hilozepi.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\gabuwuwo.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\System32\dunulaju.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\naluwota.dll
[2099/01/01 12:00:00 | 00,040,960 | -HS- | M] () -- C:\WINDOWS\System32\zurafogu.dll
[2099/01/01 12:00:00 | 00,040,960 | -HS- | M] () -- C:\WINDOWS\System32\rifezufi.dll
[2099/01/01 12:00:00 | 00,040,960 | -HS- | M] () -- C:\WINDOWS\System32\rebawiza.dll
[2099/01/01 12:00:00 | 00,040,960 | -HS- | M] () -- C:\WINDOWS\System32\fayebuzu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\zitosaba.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\yiwuyipa.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\winupita.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\nifodiyu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\gerogije.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\buloboti.dll
[2010/02/25 17:14:35 | 00,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\pcmxu.sys
[2010/02/25 17:10:59 | 00,012,702 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\go8BnXJqTyF4k
[2010/02/25 17:08:04 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wayagugo
[2010/02/25 17:01:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/25 17:01:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/25 17:01:35 | 25,040,0768 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/25 17:00:08 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ieqnlwrj.job
[2010/02/25 16:58:38 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/25 16:57:38 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/25 16:49:33 | 52,428,1856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spartacus-Blood and Sand-1x05-Shadow Games.avi
[2010/02/25 16:01:44 | 00,020,961 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spartacus-Blood and Sand-1x05-Shadow Games.avi-TORRENTZAP.torrent
[2010/02/25 12:14:57 | 00,200,704 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe
[2010/02/25 02:48:46 | 00,010,765 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/24 19:00:41 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/23 23:21:04 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/22 13:08:26 | 01,752,632 | ---- | M] (Safer-Networking Ltd. ) -- C:\Documents and Settings\Owner\Desktop\regalyz-1.6.2.16.exe
[2010/02/22 01:17:09 | 00,036,072 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 22:04:12 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/21 15:27:22 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/02/21 14:30:20 | 00,000,008 | ---- | M] () -- C:\Program Files\wpp.exe
[2010/02/21 12:29:48 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System32\_VOIDwkvwdcwifv.dat
[2010/02/21 04:07:02 | 00,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/21 03:01:30 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Services.lnk
[2010/02/21 02:58:07 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/21 02:44:35 | 00,000,791 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/21 01:55:06 | 00,001,341 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\regtools.vbs
[2010/02/20 22:28:21 | 20,144,698 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Eset.NOD32.Smart.Security.3.0.669.rar
[2010/02/20 20:08:09 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\_VOIDvsdnmseoee.dll
[2010/02/20 20:08:09 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\_VOIDdjjuxbnaki.dll
[2010/02/20 19:52:47 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\_VOIDxdonmyucuh.dll
[2010/02/20 19:52:33 | 00,042,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\_VOIDimhsaqedat.sys
[2010/02/20 19:50:23 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/20 18:24:46 | 00,093,696 | ---- | M] () -- C:\WINDOWS\System32\hisozega.dll
[2010/02/17 21:16:05 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/14 21:16:11 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 20:16:58 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/12 20:16:58 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/11 19:28:54 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,095,232 | -HS- | C] () -- C:\WINDOWS\System32\vozobiya.dll
[2099/01/01 12:00:00 | 00,095,232 | -HS- | C] () -- C:\WINDOWS\System32\mafolibu.dll
[2099/01/01 12:00:00 | 00,094,720 | -HS- | C] () -- C:\WINDOWS\System32\biyiziko.dll
[2099/01/01 12:00:00 | 00,093,696 | -HS- | C] () -- C:\WINDOWS\System32\nitekazu.dll
[2099/01/01 12:00:00 | 00,093,696 | -HS- | C] () -- C:\WINDOWS\System32\lomitete.dll
[2099/01/01 12:00:00 | 00,093,696 | -HS- | C] () -- C:\WINDOWS\System32\hekonala.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\nikalute.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\memovovo.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | C] () -- C:\WINDOWS\System32\gutodayo.dll
[2099/01/01 12:00:00 | 00,070,144 | -HS- | C] () -- C:\WINDOWS\System32\ninegozu.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\zuyahoba.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\hilozepi.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\gabuwuwo.dll
[2099/01/01 12:00:00 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\System32\dunulaju.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\naluwota.dll
[2099/01/01 12:00:00 | 00,040,960 | -HS- | C] () -- C:\WINDOWS\System32\zurafogu.dll
[2099/01/01 12:00:00 | 00,040,960 | -HS- | C] () -- C:\WINDOWS\System32\rifezufi.dll
[2099/01/01 12:00:00 | 00,040,960 | -HS- | C] () -- C:\WINDOWS\System32\rebawiza.dll
[2099/01/01 12:00:00 | 00,040,960 | -HS- | C] () -- C:\WINDOWS\System32\fayebuzu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zitosaba.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yiwuyipa.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\winupita.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nifodiyu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gerogije.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\buloboti.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\wayagugo
[2010/02/25 16:36:00 | 52,428,1856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spartacus-Blood and Sand-1x05-Shadow Games.avi
[2010/02/25 16:01:44 | 00,020,961 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spartacus-Blood and Sand-1x05-Shadow Games.avi-TORRENTZAP.torrent
[2010/02/25 12:14:57 | 00,200,704 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe
[2010/02/25 12:14:57 | 00,012,702 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\go8BnXJqTyF4k
[2010/02/22 14:30:04 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ieqnlwrj.job
[2010/02/22 10:21:02 | 25,040,0768 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/22 01:48:35 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Services.lnk
[2010/02/21 21:44:38 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2010/02/21 21:44:37 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2010/02/21 15:27:22 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/02/21 14:30:20 | 00,000,008 | ---- | C] () -- C:\Program Files\wpp.exe
[2010/02/21 01:55:06 | 00,001,341 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\regtools.vbs
[2010/02/20 22:27:49 | 20,144,698 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Eset.NOD32.Smart.Security.3.0.669.rar
[2010/02/20 19:54:22 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/20 19:53:30 | 00,010,765 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/20 19:53:13 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\_VOIDdjjuxbnaki.dll
[2010/02/20 19:53:12 | 00,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\pcmxu.sys
[2010/02/20 19:53:09 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\_VOIDvsdnmseoee.dll
[2010/02/20 19:52:50 | 00,000,248 | ---- | C] () -- C:\WINDOWS\System32\_VOIDwkvwdcwifv.dat
[2010/02/20 19:52:47 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\_VOIDxdonmyucuh.dll
[2010/02/20 19:52:33 | 00,042,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\_VOIDimhsaqedat.sys
[2010/02/20 19:50:23 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/20 18:24:46 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\hisozega.dll
[2010/02/12 20:16:58 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/12 20:16:58 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/07 16:33:22 | 00,005,018 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/11/21 13:14:29 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/20 23:23:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/20 23:20:35 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/20 21:43:39 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/11/20 21:05:35 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/03/23 23:07:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 11:53:24 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 11:53:24 | 00,000,482 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/03/23 11:52:37 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\fmfdisk.sys
[2004/08/04 00:59:44 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

========== LOP Check ==========

[2010/02/20 22:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/11/20 22:16:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/21 18:50:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/20 23:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/04 01:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Antares
[2009/11/20 22:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Any Video Converter Professional
[2010/02/20 22:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2010/01/20 19:33:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EurekaLog
[2010/01/28 10:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FoxyTunes
[2010/01/22 11:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2009/11/25 00:37:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2009/12/19 04:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/11/21 01:42:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2009/11/20 20:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/12/07 16:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/11/25 01:07:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/02/25 17:00:08 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ieqnlwrj.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


OTL Extras logfile created on: 2/25/2010 5:12:08 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

239.00 Mb Total Physical Memory | 74.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1900 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 5.61 Gb Free Space | 7.86% Space Free | Partition Type: NTFS
Drive D: | 3.16 Gb Total Space | 1.13 Gb Free Space | 35.69% Space Free | Partition Type: FAT32
Drive E: | 317.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CECILDONABY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"18797:TCP" = 18797:TCP:*:Enabled:BitComet 18797 TCP
"18797:UDP" = 18797:UDP:*:Enabled:BitComet 18797 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS" = C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS:*:Enabled:PRISMXL -- (New Boundary Technologies, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2F5006EE-BFE5-4715-B2EC-F82EB2FF130D}" = ArcSoft MediaImpression
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"BitComet" = BitComet 1.18
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Digsby" = Digsby
"ffdshow" = ffdshow (remove only)
"FL Studio 9" = FL Studio 9
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MW Bot_is1" = Uninstall MW Bot
"PoiZone" = PoiZone
"Port Magic" = Pure Networks Port Magic
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Sawer" = Sawer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Toxic Biohazard" = Toxic Biohazard
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2010 8:28:23 AM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 9:27:15 AM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 10:27:11 AM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 11:27:11 AM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 12:27:12 PM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 1:27:12 PM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 2:27:12 PM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 3:27:13 PM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 4:27:13 PM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 5:27:12 PM | Computer Name = CECILDONABY | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2/25/2010 3:49:33 AM | Computer Name = CECILDONABY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/25/2010 3:49:33 AM | Computer Name = CECILDONABY | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 2/25/2010 5:46:33 PM | Computer Name = CECILDONABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2/25/2010 5:46:35 PM | Computer Name = CECILDONABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2/25/2010 5:46:37 PM | Computer Name = CECILDONABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2/25/2010 6:03:19 PM | Computer Name = CECILDONABY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 2/25/2010 6:03:19 PM | Computer Name = CECILDONABY | Source = Service Control Manager | ID = 7023
Description = The Windows Snapshot Provider service terminated with the following
error: %%126

Error - 2/25/2010 6:03:19 PM | Computer Name = CECILDONABY | Source = Service Control Manager | ID = 7000
Description = The Yahoo! Updater service failed to start due to the following error:
%%2

Error - 2/25/2010 6:03:19 PM | Computer Name = CECILDONABY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/25/2010 6:03:19 PM | Computer Name = CECILDONABY | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >

Member Avatar for crunchie

Ok. That's a bit of a mess. Might run another tool which should clean a lot of that up.

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

==============

Please re-run OTL again after the reboot and post the log.

Member Avatar for Mason313

WELL FOR SOME REASON... PROABLY DUE TO THE VIRUS.. I CAN NOT DOWNLOAD FOR EITHER OF THOSE SITES.... i just tried downloading from another site that program and it didnt run at all.... just stalled in the processes....


I check my registry and services and system restore is disabled.. windows update is disabled.. window security center is disabled...

a fake windows security pops up every time I try and download something...... its called av.exe.....

to even view my registry i had to use a script to turn it on cause every time I turn off my computer its disables....

I also noticed the file in question that running all the time changes its name every time I turn on my computer.....

even when I unplug my computer from the net the av .exe still comes on....

I also checked the services and all the srshosts have -k behind them...


anyways... can I get a upload of this combofix program thats is hosted on a upload site like mediafire or senspace...

Member Avatar for crunchie

After you ran Rkill that I uploaded for you, did you try immediately running any of those tools I have asked you to run?
That is the only way to do it.

Combofix is too large a file to upload here. Will try something else when I get home from work.

Member Avatar for Mason313

okay I will try when u upload the file.... I tried downloading it from elsewhere but got the fake version and the malware wont let me download off those two sites...

Member Avatar for Mason313

??

I found a link here; http://b.imagehost.org/dl/2b24498a7d424a0f16986154255c1528/0207/ComboFix.zip

yes I have and it still hasn't worked.....


when I run rkill it makes the screen go blank and when everything pops back up.... its the same processes running.....

I run combo fix but it doesn't install.....

now the security center... all the svhosts are draining my memory.. I hardly can stay online for 10 mins without it freezing...

the programs I use stopped working unless I go directly to the installation folder and run the exe

all the exe's on my desktop don't work anymore... including OTL and HIJACKTHIS......

I check the services on MMC and almost all the services I need to run are disabled and when I try to reenable them.. they quickly switch back to disabled....

I had a question.... would a system recovery solve these issues if I press f11 during startup and did a system restore?

would the virus remain on my HD...?

cause I doubt I could save any of my files I need now....

Member Avatar for crunchie

Looks like we are fighting a losing battle on this one :(. If the pc were restored back to the beginning, it should be clean of the virus.
Might be the way to go now, unfortunately.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.