download problems
i have attached my hijack this log. plze help.
Logfile of HijackThis v1.97.7
Scan saved at 00:55:55, on 9/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bradford\CFUpdater\nuserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Documents and Settings\User\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\User\Desktop\spyware\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CFUpdater] %ProgramFiles%\Bradford\CFUpdater\nu.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\STATION_2\EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE /FU "C:\DOCUME~1\User\LOCALS~1\Temp\E_S928.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\User\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - file:///C:/DOCUME~1/User/LOCALS~1/Te....TMP/setup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1221072274873
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Full Version: hijack this log
You may want to follow these steps listed here if possible to make it easier for the spyware mods to help you
http://forum.piriform.com/index.php?showtopic=20120
http://forum.piriform.com/index.php?showtopic=20120
QUOTE (hazelnut @ Sep 13 2009, 12:30 AM) 
You may want to follow these steps listed here if possible to make it easier for the spyware mods to help you
http://forum.piriform.com/index.php?showtopic=20120
http://forum.piriform.com/index.php?showtopic=20120
i d/l the comedian as u suggested and it was trojan! is this a false positive?
QUOTE (sam123shiles @ Sep 13 2009, 08:14 AM)
i d/l the comedian as u suggested and it was trojan! is this a false positive?
here is my malware bytes log.
Malwarebytes' Anti-Malware 1.41
Database version: 2791
Windows 5.1.2600 Service Pack 3
9/13/2009 9:34:01 AM
mbam-log-2009-09-13 (09-34-01).txt
Scan type: Quick Scan
Objects scanned: 97682
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
QUOTE (sam123shiles @ Sep 13 2009, 08:37 AM)
here is my malware bytes log.
Malwarebytes' Anti-Malware 1.41
Database version: 2791
Windows 5.1.2600 Service Pack 3
9/13/2009 9:34:01 AM
mbam-log-2009-09-13 (09-34-01).txt
Scan type: Quick Scan
Objects scanned: 97682
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.41
Database version: 2791
Windows 5.1.2600 Service Pack 3
9/13/2009 9:34:01 AM
mbam-log-2009-09-13 (09-34-01).txt
Scan type: Quick Scan
Objects scanned: 97682
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
rooter log.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 35 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:186 Go - Free:36 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Fixed-FAT32] .. ( Total:298 Go - Free:45 Go )
.
Scan : 09:38.06
Path : C:\Documents and Settings\User\Desktop\Rooter.exe
User : User ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (612)
______ \??\C:\WINDOWS\system32\csrss.exe (664)
______ \??\C:\WINDOWS\system32\winlogon.exe (692)
______ C:\WINDOWS\system32\services.exe (736)
______ C:\WINDOWS\system32\lsass.exe (748)
______ C:\WINDOWS\system32\svchost.exe (908)
______ C:\WINDOWS\system32\svchost.exe (1004)
______ C:\WINDOWS\System32\svchost.exe (1124)
______ C:\WINDOWS\system32\svchost.exe (1160)
______ C:\WINDOWS\system32\svchost.exe (1256)
______ C:\WINDOWS\system32\svchost.exe (1364)
______ C:\WINDOWS\system32\spoolsv.exe (1528)
______ C:\WINDOWS\Explorer.EXE (1820)
______ C:\WINDOWS\system32\svchost.exe (1872)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1948)
______ C:\Program Files\Bradford\CFUpdater\nuserv.exe (1980)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2028)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (196)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (284)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (304)
______ C:\WINDOWS\system32\nvsvc32.exe (368)
______ C:\WINDOWS\system32\svchost.exe (408)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (276)
______ C:\WINDOWS\system32\SearchIndexer.exe (924)
______ C:\WINDOWS\SOUNDMAN.EXE (1108)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (2140)
______ C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (2180)
______ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (2200)
______ C:\WINDOWS\system32\RUNDLL32.EXE (2320)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2496)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2556)
______ C:\Program Files\PopUp Killer\PopUpKiller.EXE (2568)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2696)
______ C:\WINDOWS\system32\ctfmon.exe (2716)
______ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (2740)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (3380)
______ C:\WINDOWS\System32\alg.exe (3632)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (3804)
______ c:\program files\common files\installshield\updateservice\isuspm.exe (3856)
______ C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (4040)
______ C:\WINDOWS\system32\wscntfy.exe (4080)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3824)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3896)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (4064)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (252)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3092)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (3456)
______ C:\WINDOWS\system32\SearchFilterHost.exe (600)
______ C:\Program Files\DAP\DAP.EXE (3572)
______ C:\WINDOWS\system32\SearchProtocolHost.exe (2528)
______ C:\Documents and Settings\User\Desktop\Rooter.exe (4076)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:200038777344)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 09:38.31
.
C:\Rooter$\Rooter_1.txt - (13/09/2009 | 09:38.31)
QUOTE (sam123shiles @ Sep 13 2009, 08:40 AM)
rooter log.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 35 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:186 Go - Free:36 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Fixed-FAT32] .. ( Total:298 Go - Free:45 Go )
.
Scan : 09:38.06
Path : C:\Documents and Settings\User\Desktop\Rooter.exe
User : User ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (612)
______ \??\C:\WINDOWS\system32\csrss.exe (664)
______ \??\C:\WINDOWS\system32\winlogon.exe (692)
______ C:\WINDOWS\system32\services.exe (736)
______ C:\WINDOWS\system32\lsass.exe (748)
______ C:\WINDOWS\system32\svchost.exe (908)
______ C:\WINDOWS\system32\svchost.exe (1004)
______ C:\WINDOWS\System32\svchost.exe (1124)
______ C:\WINDOWS\system32\svchost.exe (1160)
______ C:\WINDOWS\system32\svchost.exe (1256)
______ C:\WINDOWS\system32\svchost.exe (1364)
______ C:\WINDOWS\system32\spoolsv.exe (1528)
______ C:\WINDOWS\Explorer.EXE (1820)
______ C:\WINDOWS\system32\svchost.exe (1872)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1948)
______ C:\Program Files\Bradford\CFUpdater\nuserv.exe (1980)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2028)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (196)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (284)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (304)
______ C:\WINDOWS\system32\nvsvc32.exe (368)
______ C:\WINDOWS\system32\svchost.exe (408)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (276)
______ C:\WINDOWS\system32\SearchIndexer.exe (924)
______ C:\WINDOWS\SOUNDMAN.EXE (1108)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (2140)
______ C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (2180)
______ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (2200)
______ C:\WINDOWS\system32\RUNDLL32.EXE (2320)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2496)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2556)
______ C:\Program Files\PopUp Killer\PopUpKiller.EXE (2568)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2696)
______ C:\WINDOWS\system32\ctfmon.exe (2716)
______ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (2740)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (3380)
______ C:\WINDOWS\System32\alg.exe (3632)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (3804)
______ c:\program files\common files\installshield\updateservice\isuspm.exe (3856)
______ C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (4040)
______ C:\WINDOWS\system32\wscntfy.exe (4080)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3824)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3896)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (4064)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (252)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3092)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (3456)
______ C:\WINDOWS\system32\SearchFilterHost.exe (600)
______ C:\Program Files\DAP\DAP.EXE (3572)
______ C:\WINDOWS\system32\SearchProtocolHost.exe (2528)
______ C:\Documents and Settings\User\Desktop\Rooter.exe (4076)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:200038777344)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 09:38.31
.
C:\Rooter$\Rooter_1.txt - (13/09/2009 | 09:38.31)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 35 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:186 Go - Free:36 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Fixed-FAT32] .. ( Total:298 Go - Free:45 Go )
.
Scan : 09:38.06
Path : C:\Documents and Settings\User\Desktop\Rooter.exe
User : User ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (612)
______ \??\C:\WINDOWS\system32\csrss.exe (664)
______ \??\C:\WINDOWS\system32\winlogon.exe (692)
______ C:\WINDOWS\system32\services.exe (736)
______ C:\WINDOWS\system32\lsass.exe (748)
______ C:\WINDOWS\system32\svchost.exe (908)
______ C:\WINDOWS\system32\svchost.exe (1004)
______ C:\WINDOWS\System32\svchost.exe (1124)
______ C:\WINDOWS\system32\svchost.exe (1160)
______ C:\WINDOWS\system32\svchost.exe (1256)
______ C:\WINDOWS\system32\svchost.exe (1364)
______ C:\WINDOWS\system32\spoolsv.exe (1528)
______ C:\WINDOWS\Explorer.EXE (1820)
______ C:\WINDOWS\system32\svchost.exe (1872)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1948)
______ C:\Program Files\Bradford\CFUpdater\nuserv.exe (1980)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2028)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (196)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (284)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (304)
______ C:\WINDOWS\system32\nvsvc32.exe (368)
______ C:\WINDOWS\system32\svchost.exe (408)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (276)
______ C:\WINDOWS\system32\SearchIndexer.exe (924)
______ C:\WINDOWS\SOUNDMAN.EXE (1108)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (2140)
______ C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (2180)
______ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (2200)
______ C:\WINDOWS\system32\RUNDLL32.EXE (2320)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2496)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2556)
______ C:\Program Files\PopUp Killer\PopUpKiller.EXE (2568)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2696)
______ C:\WINDOWS\system32\ctfmon.exe (2716)
______ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (2740)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (3380)
______ C:\WINDOWS\System32\alg.exe (3632)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (3804)
______ c:\program files\common files\installshield\updateservice\isuspm.exe (3856)
______ C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (4040)
______ C:\WINDOWS\system32\wscntfy.exe (4080)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3824)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3896)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (4064)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (252)
______ C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (3092)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (3456)
______ C:\WINDOWS\system32\SearchFilterHost.exe (600)
______ C:\Program Files\DAP\DAP.EXE (3572)
______ C:\WINDOWS\system32\SearchProtocolHost.exe (2528)
______ C:\Documents and Settings\User\Desktop\Rooter.exe (4076)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:200038777344)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 09:38.31
.
C:\Rooter$\Rooter_1.txt - (13/09/2009 | 09:38.31)
repeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/13 09:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2283000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B24000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9B31000 Size: 49152 File Visible: No Signed: -
Status: -
==EOF==
QUOTE (sam123shiles @ Sep 13 2009, 08:48 AM)
repeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/13 09:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2283000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B24000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9B31000 Size: 49152 File Visible: No Signed: -
Status: -
==EOF==
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/13 09:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2283000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B24000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9B31000 Size: 49152 File Visible: No Signed: -
Status: -
==EOF==
otl log
OTL logfile created on: 9/13/2009 9:50:07 AM - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 378.32 Mb Available Physical Memory | 36.96% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 36.06 Gb Free Space | 19.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.02 Gb Total Space | 45.39 Gb Free Space | 15.23% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-7037B33406
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/09/03 12:35:50 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/29 15:03:12 | 00,839,168 | ---- | M] () -- C:\Program Files\Bradford\CFUpdater\nuserv.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2009/09/03 12:35:58 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/03 12:35:58 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/09/03 12:35:56 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2004/11/15 03:20:20 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/11/16 17:08:40 | 00,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2009/02/08 08:19:16 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2001/12/24 14:24:23 | 00,108,032 | ---- | M] (xFX JumpStart) -- C:\Program Files\PopUp Killer\PopUpKiller.EXE
PRC - [2009/09/03 12:35:53 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/10/23 14:18:46 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/10/23 14:19:06 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2007/10/23 14:19:06 | 01,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2005/06/10 10:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation) -- c:\program files\common files\installshield\updateservice\isuspm.exe
PRC - [2005/06/10 10:44:02 | 00,618,496 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe
PRC - [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/09/13 01:58:16 | 02,799,104 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.EXE
PRC - [2009/09/13 09:49:19 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/09/03 12:35:50 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/05/29 15:03:12 | 00,839,168 | ---- | M] () -- C:\Program Files\Bradford\CFUpdater\nuserv.exe -- (CFUpdaterService [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/10/23 14:19:06 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/21 09:57:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 18:25:28 | 00,000,000 | ---D | M]
O1 HOSTS File: (327519 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11208 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CFUpdater] C:\Program Files\Bradford\CFUpdater\nu.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe ()
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe File not found
O4 - HKLM..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE (xFX JumpStart)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [\\STATION_2\EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\User\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [Privacy Suite RiskMonitor] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} file:///C:/DOCUME~1/User/LOCALS~1/Temp/IXP000.TMP/setup.cab (PowerTeam HTML Printing Behavior)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1221072274873 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/10 09:57:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/09/13 09:49:17 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/09/13 09:41:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RootRepeal
[2009/09/13 09:40:59 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RootRepeal.zip
[2009/09/13 09:38:31 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/13 09:37:52 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\User\Desktop\Rooter.exe
[2009/09/13 02:00:21 | 00,001,115 | ---- | C] () -- C:\Documents and Settings\User\Desktop\My DAP Downloads.lnk
[2009/09/13 02:00:21 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Download Accelerator Plus (DAP).lnk
[2009/09/13 01:58:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My DAP Downloads
[2009/09/13 01:58:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/09/13 01:58:14 | 00,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2009/09/13 01:58:13 | 00,000,000 | ---D | C] -- C:\Program Files\DAP
[2009/09/13 01:58:03 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2009/09/08 17:30:46 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TOM.doc
[2009/09/07 02:38:56 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/09/07 02:38:56 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/09/07 02:38:55 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/09/07 02:38:55 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/09/07 02:38:55 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/09/07 02:38:55 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/09/07 02:38:55 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/09/07 02:38:55 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/09/07 02:38:55 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/09/07 02:38:55 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/09/07 02:38:55 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/09/07 02:38:55 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/09/07 02:38:55 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/09/07 02:38:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/09/07 02:02:06 | 00,003,936 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/09/05 02:29:41 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to Prefetch.lnk
[2009/09/04 14:02:21 | 03,042,701 | ---- | C] () -- C:\Documents and Settings\User\Desktop\41502appdHSGH.pdf
[2009/09/04 04:46:42 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/03 12:36:09 | 41,052,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/03 12:36:09 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\User\Desktop\avgrsstx.dll
[2009/09/03 12:36:08 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/03 12:36:08 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/03 12:36:07 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/03 12:36:06 | 00,095,802 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/03 12:36:04 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/03 12:36:03 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/03 12:36:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/09/03 12:31:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG8
[2009/09/03 12:17:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/02 22:05:40 | 00,000,247 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Learn Appraising.com- The Easiest Way to Study For Your 2009 Appraisal Exam or Test.url
[2009/09/02 01:30:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/09/02 01:27:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
========== Files - Modified Within 14 Days ==========
[2009/09/13 09:49:19 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/09/13 09:49:17 | 00,001,115 | ---- | M] () -- C:\Documents and Settings\User\Desktop\My DAP Downloads.lnk
[2009/09/13 09:41:01 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RootRepeal.zip
[2009/09/13 09:37:48 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\User\Desktop\Rooter.exe
[2009/09/13 09:25:39 | 41,052,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/13 09:24:00 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/13 09:23:02 | 00,181,423 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/13 09:22:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/13 09:21:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/13 08:55:50 | 00,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/13 07:40:03 | 00,238,080 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/13 02:00:21 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Download Accelerator Plus (DAP).lnk
[2009/09/13 01:58:14 | 00,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2009/09/12 23:25:54 | 05,010,102 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/09/12 18:08:32 | 00,000,070 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/09/12 16:01:33 | 00,095,802 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/12 02:46:09 | 00,000,247 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Learn Appraising.com- The Easiest Way to Study For Your 2009 Appraisal Exam or Test.url
[2009/09/11 03:21:26 | 00,003,936 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/09/11 03:21:23 | 00,327,519 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 01:55:31 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090909-020306.backup
[2009/09/08 17:36:41 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TOM.doc
[2009/09/07 13:12:48 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\User\Desktop\fha distressed sales.doc
[2009/09/06 08:51:29 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\User\Desktop\STATISM.doc
[2009/09/05 23:46:28 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\User\Desktop\data passwords.doc
[2009/09/05 02:29:41 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to Prefetch.lnk
[2009/09/04 14:02:21 | 03,042,701 | ---- | M] () -- C:\Documents and Settings\User\Desktop\41502appdHSGH.pdf
[2009/09/03 12:36:09 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\User\Desktop\avgrsstx.dll
[2009/09/03 12:36:08 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/03 12:36:08 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/03 12:36:07 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/03 12:36:06 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/03 12:36:04 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/02 23:50:34 | 00,107,134 | ---- | M] () -- C:\WINDOWS\UninstallFirefox.exe
[2009/09/02 23:50:32 | 00,002,914 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2009/09/02 01:30:35 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/31 15:27:02 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/08/31 15:23:03 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/31 06:37:09 | 00,325,987 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090906-013427.backup
========== LOP Check ==========
[2009/09/13 01:58:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/09/11 08:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/09/10 13:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/09/10 13:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/09/16 14:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/09/13 01:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/09/13 09:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/11 03:21:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data
[2008/09/15 01:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead
[2008/09/10 13:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Corel Photo Album
[2008/09/11 11:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CyberLink
[2009/08/04 09:37:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CyberScrub
[2009/09/08 10:52:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2008/09/11 19:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2008/09/10 13:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2008/09/11 19:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2006/02/28 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/13 09:22:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4AF47A7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >
Run OTL.exe
Go to Kaspersky website and perform an online antivirus scan.
- Under the Custom Scans/Fixes box at the bottom, paste in the followingCODE:OTL
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE (xFX JumpStart)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [Privacy Suite RiskMonitor] File not found
:Files
C:\Program Files\DAP
C:\Program Files\PopUp Killer
C:\Documents and Settings\User\Desktop\Download Accelerator Plus (DAP).lnk
C:\Documents and Settings\All Users\Application Data\SpeedBit
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases - Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Due to lack of feedback, this topic has been closed.
If you need this topic re-opened, please contact either Me or another Moderator with your original link.
Everyone else please start a new topic.
If you need this topic re-opened, please contact either Me or another Moderator with your original link.
Everyone else please start a new topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.