WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


infected with xp antispyware

2 posters

descriptioninfected with xp antispyware Emptyinfected with xp antispyware5th March 2010, 2:31 am

more_horiz
I have scanned my computer with malwarebytes and I am still infected with xp antispyware. Help!!

descriptioninfected with xp antispyware EmptyRe: infected with xp antispyware5th March 2010, 8:29 pm

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
infected with xp antispyware DXwU4
infected with xp antispyware VvYDg

descriptioninfected with xp antispyware EmptyRe: infected with xp antispyware5th March 2010, 9:00 pm

more_horiz
OTL logfile created on: 3/5/2010 3:56:32 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.70 Gb Total Space | 200.60 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.95 Gb Total Space | 0.25 Gb Free Space | 13.05% Space Free | Partition Type: FAT
Drive F: | 7.88 Gb Total Space | 7.78 Gb Free Space | 98.82% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PATRICK
Current User Name: GX620
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/05 15:55:46 | 000,553,984 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/02/16 17:36:36 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/12/31 09:26:01 | 004,043,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2009/12/31 09:26:00 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 09:08:01 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 09:08:01 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/30 17:08:29 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/30 17:08:27 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/30 17:08:24 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/09 13:30:06 | 001,036,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\PictureMover\Bin\PictureMover.exe
PRC - [2009/11/04 10:20:04 | 001,507,431 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2009/05/19 00:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/03/16 16:37:52 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/01/22 17:40:09 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/06 12:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/23 14:09:50 | 000,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2008/04/14 04:42:32 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/17 14:02:50 | 001,114,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2010/03/05 15:55:46 | 000,553,984 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2008/04/14 04:42:02 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (StumbleUponUpdateService)
SRV - [2009/11/30 17:08:24 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/16 16:37:52 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (sbtis)
DRV - File not found [Kernel | System | Running] -- -- (SBRE)
DRV - File not found [Kernel | Disabled | Running] -- -- (sbaphd)
DRV - [2009/11/30 17:08:57 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/30 17:08:52 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/30 17:08:49 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/05 12:00:44 | 000,632,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/01/14 02:23:00 | 000,458,752 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/12/07 21:26:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/11/07 04:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/11/06 18:00:00 | 007,429,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/28 15:10:18 | 000,483,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/05/31 21:08:00 | 001,198,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/01 10:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


[2010/01/24 13:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gx620\Application Data\Mozilla\Extensions
[2010/01/24 13:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gx620\Application Data\Mozilla\Firefox\Profiles\cl07rn5v.default\extensions

O1 HOSTS File: ([2010/01/09 11:08:39 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe File not found
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\gx620\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\gx620\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (\S) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5d49cb3f-1b7e-11dc-8389-001372d15c1b}\Shell - "" = AutoRun
O33 - MountPoints2\{5d49cb3f-1b7e-11dc-8389-001372d15c1b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d49cb3f-1b7e-11dc-8389-001372d15c1b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/05 07:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BVRP Software
[2010/03/05 07:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/03/05 07:35:28 | 000,000,000 | RHSD | C] -- C:\_Backup.RC
[2010/03/05 07:35:23 | 000,000,000 | -H-D | C] -- C:\_Backup
[2010/03/05 07:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\Application Data\Avanquest
[2010/03/05 07:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AntiVirus
[2010/03/05 07:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest
[2010/03/04 21:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\Local Settings\Application Data\Threat Expert
[2010/03/04 20:46:35 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/03/04 20:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/04 14:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\Application Data\Unity
[2010/03/04 13:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\Local Settings\Application Data\Unity
[2010/02/24 16:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\Local Settings\Application Data\WMTools Downloaded Files
[2010/02/24 15:47:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gx620\My Documents\My Videos
[2010/02/16 17:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\Local Settings\Application Data\PMB Files
[2010/02/16 17:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/02/16 17:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/02/09 18:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\My Documents\My Scans
[2010/02/09 10:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/02/07 15:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\Application Data\Move Networks
[2010/02/06 13:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gx620\My Documents\Downloads
[2009/11/30 17:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/30 17:05:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/30 17:05:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/30 17:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/29 17:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/08/29 17:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/07/31 18:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/06/30 19:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\gx620\My Documents\*.tmp files -> C:\Documents and Settings\gx620\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/05 15:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/05 14:58:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/05 11:45:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 11:44:09 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/03/05 11:44:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/05 11:43:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/05 11:43:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/05 11:43:54 | 2137,141,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 11:42:47 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\gx620\NTUSER.DAT
[2010/03/05 11:42:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\gx620\ntuser.ini
[2010/03/05 11:41:45 | 000,014,528 | -HS- | M] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\04lB
[2010/03/05 11:24:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/05 08:12:56 | 056,719,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/04 22:24:12 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Doctor.lnk
[2010/03/04 20:01:35 | 004,816,398 | -H-- | M] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\IconCache.db
[2010/03/04 19:36:59 | 000,696,832 | ---- | M] () -- C:\WINDOWS\is-D627N.exe
[2010/03/04 19:36:59 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-D627N.msg
[2010/03/04 19:36:59 | 000,000,309 | ---- | M] () -- C:\WINDOWS\is-D627N.lst
[2010/03/04 07:25:37 | 000,013,583 | ---- | M] () -- C:\Documents and Settings\gx620\My Documents\Hayley O.docx
[2010/03/03 07:02:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/01 20:55:53 | 000,012,450 | ---- | M] () -- C:\Documents and Settings\gx620\My Documents\Dear Mr1.docx
[2010/02/28 09:39:40 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\gx620\Desktop\Microsoft Office Outlook 2003.lnk
[2010/02/25 18:44:51 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\gx620\jagex_runescape_preferences2.dat
[2010/02/25 18:42:58 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\gx620\jagex_runescape_preferences.dat
[2010/02/24 17:40:21 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 17:36:47 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/24 17:33:48 | 000,484,938 | ---- | M] () -- C:\Documents and Settings\gx620\My Documents\end of poem.wav
[2010/02/24 17:17:41 | 004,378,058 | ---- | M] () -- C:\Documents and Settings\gx620\My Documents\whole thing.wav
[2010/02/24 16:01:40 | 001,237,338 | ---- | M] () -- C:\Documents and Settings\gx620\My Documents\stanza two spanish.wav
[2010/02/24 15:59:57 | 002,784,378 | ---- | M] () -- C:\Documents and Settings\gx620\My Documents\stanza one spanish.wav
[2010/02/24 15:46:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/16 18:31:57 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/02/16 18:31:57 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/16 18:31:55 | 000,000,535 | ---- | M] () -- C:\Documents and Settings\gx620\Desktop\Shortcut to IMG00007-20100117-1540.lnk
[2010/02/16 18:31:54 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\gx620\Desktop\Launch LEGO Star Wars II.lnk
[2010/02/16 18:01:45 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\gx620\Desktop\MapleStory.lnk
[2010/02/16 17:51:36 | 1648,005,640 | ---- | M] () -- C:\Documents and Settings\gx620\Desktop\MSSetupv82.exe
[2010/02/11 20:49:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/09 10:11:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/02/07 01:51:48 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/06 13:26:02 | 000,024,487 | ---- | M] () -- C:\Documents and Settings\gx620\My Documents\BAKED POTATO BAG.docx
[2010/02/03 20:41:50 | 000,013,874 | ---- | M] () -- C:\Documents and Settings\gx620\My Documents\magna carta bill o rights.docx
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\gx620\My Documents\*.tmp files -> C:\Documents and Settings\gx620\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/04 19:36:59 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-D627N.exe
[2010/03/04 19:36:59 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-D627N.msg
[2010/03/04 19:36:59 | 000,000,309 | ---- | C] () -- C:\WINDOWS\is-D627N.lst
[2010/03/04 19:28:37 | 000,014,528 | -HS- | C] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\04lB
[2010/03/04 07:25:36 | 000,013,583 | ---- | C] () -- C:\Documents and Settings\gx620\My Documents\Hayley O.docx
[2010/03/01 20:55:52 | 000,012,450 | ---- | C] () -- C:\Documents and Settings\gx620\My Documents\Dear Mr1.docx
[2010/02/24 17:33:48 | 000,484,938 | ---- | C] () -- C:\Documents and Settings\gx620\My Documents\end of poem.wav
[2010/02/24 17:17:51 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 17:17:41 | 004,378,058 | ---- | C] () -- C:\Documents and Settings\gx620\My Documents\whole thing.wav
[2010/02/24 16:01:40 | 001,237,338 | ---- | C] () -- C:\Documents and Settings\gx620\My Documents\stanza two spanish.wav
[2010/02/24 15:59:57 | 002,784,378 | ---- | C] () -- C:\Documents and Settings\gx620\My Documents\stanza one spanish.wav
[2010/02/16 18:31:55 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\gx620\Desktop\Shortcut to IMG00007-20100117-1540.lnk
[2010/02/16 18:31:54 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\gx620\Desktop\Launch LEGO Star Wars II.lnk
[2010/02/16 18:01:45 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\gx620\Desktop\MapleStory.lnk
[2010/02/16 17:37:14 | 1648,005,640 | ---- | C] () -- C:\Documents and Settings\gx620\Desktop\MSSetupv82.exe
[2010/02/09 10:11:37 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/02/07 01:51:48 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/03 19:58:24 | 000,013,874 | ---- | C] () -- C:\Documents and Settings\gx620\My Documents\magna carta bill o rights.docx
[2009/12/24 10:49:58 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/12/02 19:55:15 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/12/02 19:54:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/11/28 15:44:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\housecall.guid.cache
[2009/10/10 22:07:39 | 000,018,844 | ---- | C] () -- C:\Program Files\Common Files\falifyqab.bat
[2009/10/10 22:07:39 | 000,015,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\osucahe.db
[2009/10/10 22:07:39 | 000,012,663 | ---- | C] () -- C:\Program Files\Common Files\ixicyr.com
[2009/10/10 22:07:39 | 000,011,459 | ---- | C] () -- C:\Program Files\Common Files\utofa.lib
[2009/10/10 22:07:38 | 000,017,406 | ---- | C] () -- C:\Program Files\Common Files\idipigypa.dll
[2009/10/10 22:07:38 | 000,016,416 | ---- | C] () -- C:\Program Files\Common Files\ewodi.bat
[2009/10/10 22:07:38 | 000,016,153 | ---- | C] () -- C:\Program Files\Common Files\bexymoro.com
[2009/10/10 22:07:38 | 000,015,543 | ---- | C] () -- C:\Program Files\Common Files\tifolydazi.lib
[2009/10/10 22:07:38 | 000,014,289 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nidezuhipi.scr
[2009/10/10 22:07:38 | 000,012,766 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cowym.bin
[2009/10/10 22:07:38 | 000,012,166 | ---- | C] () -- C:\WINDOWS\bocasukid.dll
[2009/10/10 22:07:38 | 000,010,906 | ---- | C] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\jokej.db
[2009/10/10 22:07:38 | 000,010,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owip.sys
[2009/10/10 22:03:08 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\gx620\Application Data\iniasd.txt
[2009/05/31 10:40:44 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/03 17:34:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\fusioncache.dat
[2008/07/02 16:50:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/06/27 12:48:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/06 18:00:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/06 18:00:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/06 18:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/06 18:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/06 18:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/06 19:57:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/06 19:35:10 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

descriptioninfected with xp antispyware EmptyRe: infected with xp antispyware5th March 2010, 11:10 pm

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2009/10/10 22:07:39 | 000,018,844 | ---- | C] () -- C:\Program Files\Common Files\falifyqab.bat
    [2009/10/10 22:07:39 | 000,015,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\osucahe.db
    [2009/10/10 22:07:39 | 000,012,663 | ---- | C] () -- C:\Program Files\Common Files\ixicyr.com
    [2009/10/10 22:07:39 | 000,011,459 | ---- | C] () -- C:\Program Files\Common Files\utofa.lib
    [2009/10/10 22:07:38 | 000,017,406 | ---- | C] () -- C:\Program Files\Common Files\idipigypa.dll
    [2009/10/10 22:07:38 | 000,016,416 | ---- | C] () -- C:\Program Files\Common Files\ewodi.bat
    [2009/10/10 22:07:38 | 000,016,153 | ---- | C] () -- C:\Program Files\Common Files\bexymoro.com
    [2009/10/10 22:07:38 | 000,015,543 | ---- | C] () -- C:\Program Files\Common Files\tifolydazi.lib
    [2009/10/10 22:07:38 | 000,014,289 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nidezuhipi.scr
    [2009/10/10 22:07:38 | 000,012,766 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cowym.bin
    [2009/10/10 22:07:38 | 000,012,166 | ---- | C] () -- C:\WINDOWS\bocasukid.dll
    [2009/10/10 22:07:38 | 000,010,906 | ---- | C] () -- C:\Documents and Settings\gx620\Local Settings\Application Data\jokej.db
    [2009/10/10 22:07:38 | 000,010,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owip.sys
    [2009/10/10 22:03:08 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\gx620\Application Data\iniasd.txt


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
infected with xp antispyware DXwU4
infected with xp antispyware VvYDg

descriptioninfected with xp antispyware EmptyRe: infected with xp antispyware

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum