WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Nasty Virus. Help Appreciated.

3 posters

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 5:32 pm

more_horiz
Do me a favor go to this website:

http://whatismyipaddress.com/

Once there you should see some big bold letters that say "Your IP address is xx.xx

Tell me if the Ip address is this one: 192.168.1.254

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Nasty Virus. Help Appreciated. - Page 2 2wg6fte

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 5:35 pm

more_horiz
great scott it isn't!

it's

Code:

71.137.xxx.xxx

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 5:39 pm

more_horiz
Alright we have something to work with now:

Please run OTListIt2.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Nasty Virus. Help Appreciated. - Page 2 2wg6fte

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 5:41 pm

more_horiz
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!

OTL by OldTimer - Version 3.0.10.7 log created on 08212009_104020

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 5:45 pm

more_horiz
Are you still getting redirected?

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Nasty Virus. Help Appreciated. - Page 2 2wg6fte

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 5:48 pm

more_horiz
yes.

here's one of the sites i got redirected to:

http://206.161.121.82/search.php?id=12886563&token=3833497845

maybe that ip in the address is causing the problem?

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 5:52 pm

more_horiz
Is it just that one or are there more?

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Nasty Virus. Help Appreciated. - Page 2 2wg6fte

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 5:59 pm

more_horiz
i looked at my cookies and there are:

Code:

66.230.188.67

Code:

64.111.196.117

Code:

206.161.121.82

Code:

206.161.121.66

Code:

206.161.121.58

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 6:12 pm

more_horiz
Which browser are you using?

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Nasty Virus. Help Appreciated. - Page 2 2wg6fte

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.21st August 2009, 6:18 pm

more_horiz
firefox 3.5

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 1:57 am

more_horiz
Can you post another OTL log.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Nasty Virus. Help Appreciated. - Page 2 2wg6fte

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 2:29 am

more_horiz
here it is like you asked:

OTL logfile created on: 8/21/2009 7:25:46 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Chelsea\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

445.98 Mb Total Physical Memory | 168.34 Mb Available Physical Memory | 37.75% Memory free
1.03 Gb Paging File | 0.62 Gb Available in Paging File | 60.17% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.82 Gb Total Space | 16.49 Gb Free Space | 31.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHELSEA
Current User Name: Chelsea
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/10/11 10:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/10/11 10:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/12/19 13:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2005/12/19 13:08:40 | 01,200,128 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/08/21 15:15:19 | 01,864,824 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/12 13:22:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/09/22 09:47:54 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/02/20 10:29:08 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2005/12/19 13:08:42 | 01,347,584 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2006/09/22 09:06:26 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/12/09 18:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2009/04/12 13:22:12 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/14 19:52:55 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/01/02 14:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
PRC - [2003/09/10 00:24:00 | 00,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netWaiting.exe
PRC - [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/07/09 13:07:14 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2003/10/29 00:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2004/08/04 03:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2009/02/06 02:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/11/06 10:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/01/02 14:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2009/01/26 15:31:12 | 05,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/07/30 04:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 03:00:00 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dumprep.exe
PRC - [2009/08/21 09:46:24 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chelsea\Desktop\OTL.exe

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 2:29 am

more_horiz
========== Win32 Services (SafeList) ==========

SRV - [2009/08/21 15:15:19 | 01,864,824 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - File not found -- -- (AntipPro2009_100 [Auto | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/10/11 10:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/19 10:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/31 15:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/04/12 13:22:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/12/19 13:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2006/07/01 20:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/08/12 14:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/10/11 10:43:56 | 01,777,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/11/02 17:24:34 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/08/17 11:55:16 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 10:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/08/17 10:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2007/11/14 15:11:46 | 00,395,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 15:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/01 05:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 05:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2005/10/05 02:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2006/09/26 14:29:08 | 00,166,400 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys -- (NWADI [On_Demand | Stopped])
DRV - [2006/09/14 17:45:32 | 00,092,160 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys -- (NWUSBModem [On_Demand | Stopped])
DRV - [2006/09/14 17:45:32 | 00,092,160 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys -- (NWUSBPort [On_Demand | Stopped])
DRV - [2006/09/14 17:45:32 | 00,092,160 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\System32\DRIVERS\nwusbser2.sys -- (NWUSBPort2 [On_Demand | Stopped])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/07/14 21:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008/03/20 07:31:58 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/09/22 09:06:26 | 01,171,464 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/09/22 09:47:52 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2005/10/20 18:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2005/12/01 05:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 2:32 am

more_horiz
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071026
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071026

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.blackle.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dd68c513-9296-4b63-8d8b-8f1c991c8a48}:0.1.7.3
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/12 13:22:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 08:46:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/20 13:32:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/19 09:57:15 | 00,000,000 | ---D | M]

[2009/03/20 17:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Extensions
[2008/06/18 13:40:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/20 17:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/21 16:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions
[2009/08/21 16:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/25 22:44:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/21 15:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/21 15:55:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/04/10 07:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2009/02/04 08:12:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\anycolor.pavlos256@gmail(2).com
[2009/07/23 19:02:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\anycolor.pavlos256@gmail.com
[2009/08/21 16:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\netvideohunter@netvideohunter.com
[2009/07/23 19:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chelsea\Application Data\mozilla\Firefox\Profiles\ljlifddr.default\extensions\youtube2mp3@mondayx.de
[2009/08/21 16:28:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/18 20:07:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/12 13:22:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/30 04:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 04:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/04/12 13:22:13 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2005/12/05 23:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/07/30 04:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/19 09:57:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/19 09:57:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/19 09:57:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/19 09:57:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/19 09:57:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/19 09:57:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/19 09:57:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 00:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 2:32 am

more_horiz
O1 HOSTS File: (2 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 2:33 am

more_horiz
========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\Documents and Settings\Chelsea\My Documents\*.tmp files]
[2009/08/21 19:02:01 | 46,770,9952 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/21 16:36:15 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\orange.lnk
[2009/08/21 13:56:05 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Chelsea\My Documents\ggsbookreview.doc
[2009/08/21 13:55:28 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/21 13:55:08 | 00,000,064 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/08/21 13:55:08 | 00,000,003 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/08/21 13:55:07 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/21 13:53:41 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro
[2009/08/21 10:21:51 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/21 09:46:23 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chelsea\Desktop\OTL.exe
[2009/08/21 09:17:38 | 00,042,496 | ---- | C] () -- C:\WINDOWS\System32\sys.dat
[2009/08/21 08:39:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/21 08:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/21 08:38:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/08/21 08:38:25 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/21 08:37:00 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/21 08:37:00 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/21 08:36:59 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/21 08:36:59 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/21 08:36:59 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/21 08:36:59 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/21 08:36:59 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/21 08:36:58 | 00,000,000 | ---D | C] -- C:\de300158e11208430eaf92334ea806
[2009/08/20 15:49:52 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\Chelsea\My Documents\DrWeb.csv
[2009/08/20 14:39:10 | 06,785,366 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\01 Memories f. KiD CuDi.mp3
[2009/08/20 12:52:07 | 15,676,824 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Chelsea\Desktop\kl.exe
[2009/08/20 11:56:53 | 00,014,061 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\left.jpg
[2009/08/19 17:41:59 | 00,071,680 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\mbr.exe
[2009/08/19 12:37:52 | 01,896,972 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\the way you do it-little brother.mp3
[2009/08/19 12:26:05 | 01,267,735 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\Sa-Ra-And If.mp3
[2009/08/19 12:23:31 | 01,608,789 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\count bass d-neon soul.mp3
[2009/08/19 10:06:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chelsea\Application Data\Apple Computer
[2009/08/19 10:05:41 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/19 10:05:35 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/08/19 10:05:35 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/08/19 10:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/19 10:04:58 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/19 10:04:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/19 10:04:22 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/08/19 10:03:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/08/19 09:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/19 09:56:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/08/18 20:18:23 | 00,014,426 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\SUNP0546-11.jpg
[2009/08/17 13:57:31 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/16 19:13:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/16 15:52:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chelsea\Application Data\LimeWire
[2009/08/16 15:50:51 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/08/16 14:43:22 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/08/15 09:11:16 | 03,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/15 09:11:16 | 02,186,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/15 09:11:16 | 02,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/15 09:11:16 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/15 09:11:16 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/15 09:11:16 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/15 09:11:16 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/15 09:11:16 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/15 09:11:16 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/15 09:11:16 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/15 09:11:16 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/15 09:11:16 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/15 09:11:16 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/15 09:11:16 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/15 09:11:16 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/15 09:11:16 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/15 09:11:16 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/15 09:11:16 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/15 09:11:16 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/15 09:11:16 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/15 09:11:16 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/15 09:11:16 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/15 09:11:16 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/15 09:11:16 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/15 09:11:16 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/15 09:11:16 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/15 09:11:16 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/15 09:11:16 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/15 09:11:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/15 09:11:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/15 09:11:16 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/15 09:11:16 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/15 09:11:16 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/15 09:11:16 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/15 09:11:16 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/15 09:11:16 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/15 09:11:16 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/15 09:11:16 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/15 09:11:16 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/15 09:11:16 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/15 09:11:15 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/15 09:11:15 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/15 09:11:15 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/15 09:11:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/15 09:11:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/14 16:37:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chelsea\Local Settings\Application Data\WinZip
[2009/08/14 15:30:55 | 00,000,089 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/13 11:14:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chelsea\Desktop\clutter
[2009/08/13 09:17:11 | 24,281,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/13 09:15:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/08/12 12:15:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/12 12:14:04 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/08/08 17:41:30 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Chelsea\My Documents\documentunoo.doc
[2009/08/05 14:13:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/05 02:11:47 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 12:08:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chelsea\My Documents\Ableton
[2009/08/03 12:08:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/08/03 12:08:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chelsea\Application Data\Ableton
[2009/08/03 12:06:53 | 00,233,472 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\REX Shared Library.dll
[2009/08/03 12:06:52 | 00,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2009/08/03 12:04:45 | 00,000,000 | ---D | C] -- C:\Program Files\Ableton
[2009/08/02 15:10:20 | 00,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™️ 2 Double Deluxe.lnk
[2009/08/02 14:47:59 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009/08/01 12:42:25 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Chelsea\My Documents\thetourist.doc
[2009/07/27 15:51:13 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Chelsea\My Documents\document1.doc
[2009/07/25 22:59:17 | 00,000,563 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mbam.lnk
[2009/07/25 22:59:13 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/25 22:59:10 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/25 22:59:09 | 00,000,000 | ---D | C] -- C:\Program Files\g
[2009/07/23 15:16:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chelsea\Application Data\Exent Technologies
[2009/07/23 15:16:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chelsea\My Documents\LDW
[2009/07/23 15:10:04 | 00,037,033 | ---- | C] () -- C:\WINDOWS\FRGT.ico
[2009/07/23 15:10:04 | 00,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2009/07/23 15:09:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2009/07/23 12:01:44 | 00,118,047 | ---- | C] () -- C:\Documents and Settings\Chelsea\Desktop\Image0011.jpg
[2009/04/30 20:18:23 | 00,001,205 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/04/05 19:09:55 | 00,000,082 | ---- | C] () -- C:\WINDOWS\mp3spt.ini
[2009/04/05 16:12:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SMMVSplitter.INI
[2009/02/11 20:37:03 | 00,000,272 | -H-- | C] () -- C:\WINDOWS\Picasa.ini
[2009/02/11 08:21:19 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/07 11:54:48 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/27 15:24:06 | 00,000,628 | ---- | C] () -- C:\WINDOWS\HEGAMES.INI
[2008/08/02 17:58:54 | 00,058,904 | ---- | C] () -- C:\WINDOWS\System32\sysfolderazipcnt.dll
[2008/08/02 17:58:54 | 00,058,904 | ---- | C] () -- C:\WINDOWS\System32\azipcontmn.dll
[2008/05/07 20:55:29 | 00,000,609 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/05 20:10:25 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/03/20 07:31:56 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/11/12 18:55:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2007/11/06 15:30:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/26 02:04:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/26 01:14:08 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/10/26 01:14:02 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/10/26 01:13:38 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 11:12:05 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:51:28 | 00,000,707 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 10:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 10:51:09 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 2:34 am

more_horiz
========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\Documents and Settings\Chelsea\My Documents\*.tmp files]
[2009/08/21 19:02:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/21 19:02:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/21 19:02:01 | 46,770,9952 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/21 16:36:15 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\orange.lnk
[2009/08/21 15:59:02 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/21 14:04:00 | 00,000,064 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/08/21 14:04:00 | 00,000,003 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/08/21 13:56:06 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Chelsea\My Documents\ggsbookreview.doc
[2009/08/21 13:55:28 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/21 13:55:07 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/21 10:21:51 | 00,000,002 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/21 09:46:24 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chelsea\Desktop\OTL.exe
[2009/08/21 09:38:22 | 00,043,544 | ---- | M] () -- C:\Documents and Settings\Chelsea\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/21 09:37:51 | 00,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/21 09:17:38 | 00,042,496 | ---- | M] () -- C:\WINDOWS\System32\sys.dat
[2009/08/21 09:00:22 | 00,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/21 09:00:22 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/21 09:00:22 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/20 15:49:52 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\Chelsea\My Documents\DrWeb.csv
[2009/08/20 14:39:32 | 06,785,366 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\01 Memories f. KiD CuDi.mp3
[2009/08/20 12:53:25 | 15,676,824 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Chelsea\Desktop\kl.exe
[2009/08/20 11:56:53 | 00,014,061 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\left.jpg
[2009/08/19 17:42:01 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\mbr.exe
[2009/08/19 15:01:26 | 04,303,686 | -H-- | M] () -- C:\Documents and Settings\Chelsea\Local Settings\Application Data\IconCache.db
[2009/08/19 12:38:35 | 01,896,972 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\the way you do it-little brother.mp3
[2009/08/19 12:26:58 | 01,608,789 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\count bass d-neon soul.mp3
[2009/08/19 12:26:29 | 01,267,735 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\Sa-Ra-And If.mp3
[2009/08/19 09:44:29 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/19 08:21:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/18 20:18:27 | 00,014,426 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\SUNP0546-11.jpg
[2009/08/18 20:07:21 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/15 18:30:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/14 15:43:28 | 00,000,563 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mbam.lnk
[2009/08/14 15:30:55 | 00,000,089 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/08 17:41:31 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Chelsea\My Documents\documentunoo.doc
[2009/08/05 02:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 02:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/02 15:10:20 | 00,001,994 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™️ 2 Double Deluxe.lnk
[2009/08/02 14:39:21 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Chelsea\My Documents\document1.doc
[2009/08/01 12:42:26 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Chelsea\My Documents\thetourist.doc
[2009/07/29 17:49:16 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/27 15:40:13 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/25 23:25:02 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\ruvirolu
[2009/07/24 09:33:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/23 15:10:04 | 00,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
[2009/07/23 12:07:04 | 00,118,047 | ---- | M] () -- C:\Documents and Settings\Chelsea\Desktop\Image0011.jpg
< End of report >

umm,

also. i downloaded spybot and apparently i have a lot of bad things in my registry(i.e. Smitfraud-C, myway.mywebsearch,etc.), only problem is, spybot stops the scan on a certain product and i have to end it otherwise it won't work. what do you think?

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 5:20 pm

more_horiz
I see, please do the following:

I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Nasty Virus. Help Appreciated. - Page 2 2wg6fte

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 6:23 pm

more_horiz
SDFix: Version 1.240
Run by Chelsea on Sat 08/22/2009 at 11:03 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\141687~1 - Deleted
C:\WINDOWS\system32\es.dat - Deleted
C:\WINDOWS\system32\sys.dat - Deleted



Folder C:\Temp\maxsv15 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 11:19:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 1381
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 1381
disk error: C:\Documents and Settings\Chelsea\ntuser.dat, 1381
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft Works\\MSWorks.exe"="C:\\Program Files\\Microsoft Works\\MSWorks.exe:*:Disabled:Microsoft Works Task Launcher"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 7 Apr 2009 0 A..H. --- "C:\Program Files\SpiralFrog\BIT2A.tmp"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 13 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 13 Nov 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Mon 13 Apr 2009 22,528 ...H. --- "C:\Documents and Settings\Chelsea\My Documents\~WRL0005.tmp"
Tue 10 Feb 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Thu 22 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 27 Apr 2008 20,992 ...H. --- "C:\Documents and Settings\Chelsea\My Documents\fruits of my imagination\Poems\~WRL3601.tmp"
Tue 13 Nov 2007 4,348 ...H. --- "C:\Documents and Settings\Chelsea\My Documents\My Music\License Backup\drmv1key.bak"
Tue 13 Nov 2007 401 A..H. --- "C:\Documents and Settings\Chelsea\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 13 Nov 2007 312 A.SH. --- "C:\Documents and Settings\Chelsea\My Documents\My Music\License Backup\drmv2key.bak"
Thu 22 Nov 2007 8 A..H. --- "C:\Documents and Settings\Chelsea\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 22 Nov 2007 8 A..H. --- "C:\Documents and Settings\Chelsea\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 22 Nov 2007 8 A..H. --- "C:\Documents and Settings\Chelsea\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 22 Nov 2007 8 A..H. --- "C:\Documents and Settings\Chelsea\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 7 Feb 2009 8 A..H. --- "C:\Documents and Settings\Chelsea\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Mon 12 May 2008 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 12 May 2008 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 12 May 2008 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 12 May 2008 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 6:25 pm

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:11 AM, on 8/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071026
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6450 bytes

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.22nd August 2009, 6:27 pm

more_horiz
Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Nasty Virus. Help Appreciated. - Page 2 2wg6fte

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.24th August 2009, 9:16 pm

more_horiz
umm,

i keep getting a blue screen whenever i try to run kaspersky.

should i do this in safe mode?

descriptionNasty Virus. Help Appreciated. - Page 2 EmptyRe: Nasty Virus. Help Appreciated.

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum