# trojan horse SHeur 3.TTW in svchost.exe



## darker (Jan 29, 2010)

Hello communnity 
I have pain in my head. It's calld "trojan horse SHeur 3.TTW in svchost.exe" AVG detects threat and blocks it but thats all..can't remove that file, AVG cant heal it anti-malware cant detect it. Security task maneger shows no threat.
Don't know what to do 
http://i436.photobucket.com/albums/qq86/ssmikis/untitled.jpg

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:18, on 2010.04.29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://192.168.100.100/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://*
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: youja_ - C:\WINDOWS\SYSTEM32\youja_.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6042 bytes


----------



## emeraldnzl (Nov 3, 2007)

Hello darker,

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Next*
Download *OTL* to your Desktop

 Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
 Under the Custom Scan box paste this in


```
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
```

 Click the *Run Scan* button. Do not change any settings unless otherwise told to do so.

o When the scan completes, it will open two notepad windows. *OTL.Txt and Extras.Txt*. These are saved in the same location as OTL.
o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.

*So when you return please post
MBAM log
the two OTL logs - OTL.txt and Extras.txt
*
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.


----------



## darker (Jan 29, 2010)

Thank you for spending time with my problem!


```
Malwarebytes' Anti-Malware 1.46
[URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL]
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010.05.04 21:21:12
mbam-log-2010-05-04 (21-21-12).txt
Scan type: Quick scan
Objects scanned: 124969
Time elapsed: 16 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
```


----------



## darker (Jan 29, 2010)

OTL logfile created on: 2010.05.04 21:24:39 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Namai\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd

1.023,00 Mb Total Physical Memory | 650,00 Mb Available Physical Memory | 63,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 9,39 Gb Free Space | 48,10% Space Free | Partition Type: NTFS
Drive D: | 36,36 Gb Total Space | 11,99 Gb Free Space | 32,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NAMU-A6F232A9DB
Current User Name: Namai
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.04 21:23:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Namai\Desktop\OTL.exe
PRC - [2010.03.31 11:30:03 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2010.03.31 11:29:57 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010.03.31 11:29:50 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010.03.31 11:29:48 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2010.03.31 11:22:32 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2010.03.31 11:22:23 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2010.03.31 11:22:06 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2010.02.19 19:54:58 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.01.17 15:49:03 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.12.29 13:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008.04.14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 16:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
PRC - [2004.07.20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2002.10.16 13:24:52 | 000,047,104 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2010.05.04 21:23:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Namai\Desktop\OTL.exe
MOD - [2008.04.14 16:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Microsoft Office Groove Audit Service)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2010.03.31 11:29:50 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010.01.17 15:49:03 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.01.17 15:48:59 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.12.11 14:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2004.07.20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2004.03.18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010.03.31 11:22:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.03.31 11:22:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.03.31 11:22:25 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.03.31 11:22:07 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010.01.07 14:02:46 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.04.14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008.01.20 10:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005.11.02 17:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005.03.30 05:48:00 | 003,095,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.12.14 18:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004.07.20 15:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2002.11.13 10:56:28 | 000,953,708 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002.07.24 05:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lt/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 3F B7 6B FB A0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://*

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..network.proxy.no_proxies_on: "http://*"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010.03.31 11:30:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.06 17:39:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.24 18:36:36 | 000,000,000 | ---D | M]

[2010.01.17 15:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Namai\Application Data\Mozilla\Extensions
[2010.04.28 15:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Namai\Application Data\Mozilla\Firefox\Profiles\sehk039r.default\extensions
[2010.04.28 15:30:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Namai\Application Data\Mozilla\Firefox\Profiles\sehk039r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.17 15:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.22 06:37:11 | 000,001,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-lt.xml

O1 HOSTS File: ([2010.04.29 22:05:15 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.135.147.58 88.222.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\youja_: DllName - youja_.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Namai\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Namai\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.06 18:57:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.06 18:56:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70663829905735680)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.04 21:23:16 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Namai\Desktop\OTL.exe
[2010.05.04 15:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Namai\Desktop\ROMAN ZAWODNY - Urban Tool
[2010.05.02 00:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Namai\Desktop\f1
[2010.04.29 21:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010.04.29 21:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Namai\Local Settings\Application Data\Help
[2010.04.29 21:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Namai\Application Data\Help
[2010.04.29 21:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010.04.29 19:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010.04.28 17:07:03 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010.04.28 17:07:03 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010.04.28 17:07:03 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010.04.28 17:07:02 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010.04.28 17:07:02 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010.04.28 17:07:02 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010.04.28 17:07:02 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010.04.28 17:07:02 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010.04.28 17:07:02 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010.04.28 17:07:01 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010.04.28 17:07:01 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010.04.28 15:47:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.04.28 15:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.04.27 18:32:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Namai\Recent
[2010.04.27 18:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.04.27 11:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Namai\My Documents\Sports Interactive
[2010.04.27 11:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sports Interactive
[2010.04.27 11:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Namai\Application Data\Sports Interactive
[2010.04.26 22:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2010.04.26 22:20:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Namai\InstallAnywhere
[2010.04.24 14:50:57 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2010.04.24 13:33:07 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\WINDOWS\System32\WNASPINT.DLL
[2010.04.19 14:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\ClickRepair
[2010.04.15 18:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Namai\Application Data\ABBYY
[2010.04.15 18:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY eFormFiller 2.5
[2010.04.06 17:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Namai\My Documents\SpellForce
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.04 21:23:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Namai\Desktop\OTL.exe
[2010.05.04 21:00:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.05.04 18:28:49 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D28ACEBB-4CD3-4747-9837-3D3CC1E9C57C}.job
[2010.05.04 16:28:33 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Namai\NTUSER.DAT
[2010.05.04 13:12:57 | 059,549,513 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.05.04 12:38:01 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.05.04 12:19:09 | 000,022,175 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.04 12:18:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.04 12:18:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.03 22:50:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Namai\ntuser.ini
[2010.05.03 21:01:30 | 000,068,456 | ---- | M] () -- C:\Documents and Settings\Namai\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.04.30 21:57:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.29 22:05:22 | 000,000,922 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010.04.29 21:05:22 | 006,359,712 | -H-- | M] () -- C:\Documents and Settings\Namai\Local Settings\Application Data\IconCache.db
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 17:24:21 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\Namai\Desktop\Shortcut to Rusnes foto.lnk
[2010.04.28 15:49:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.26 21:56:13 | 000,000,646 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.21 14:22:38 | 000,074,205 | ---- | M] () -- C:\Documents and Settings\Namai\My Documents\P1010552.JPG
[2010.04.15 18:30:58 | 000,027,649 | ---- | M] () -- C:\Documents and Settings\Namai\My Documents\GIEDRIAUS DEKL..ffdata
[2010.04.06 17:08:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Namai\Desktop\SpellForce - Platinum Edition.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.28 17:24:21 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\Namai\Desktop\Shortcut to Rusnes foto.lnk
[2010.04.28 17:07:02 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010.04.28 17:07:02 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010.04.28 17:07:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010.04.28 16:28:23 | 000,000,922 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010.04.28 15:49:11 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.04.21 14:21:09 | 000,074,205 | ---- | C] () -- C:\Documents and Settings\Namai\My Documents\P1010552.JPG
[2010.04.15 18:25:30 | 000,027,649 | ---- | C] () -- C:\Documents and Settings\Namai\My Documents\GIEDRIAUS DEKL..ffdata
[2010.04.06 17:08:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Namai\Desktop\SpellForce - Platinum Edition.lnk
[2010.02.18 23:23:18 | 000,000,347 | ---- | C] () -- C:\WINDOWS\SSE1.INI
[2010.02.14 01:17:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.02.05 14:43:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.01.14 20:29:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2010.01.11 20:52:44 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.11 20:52:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.01.07 14:02:45 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.01.06 19:13:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2010.01.06 19:13:52 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2010.01.06 19:13:51 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2010.01.06 19:04:45 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2010.01.06 19:04:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005.03.30 05:48:00 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010.01.06 18:57:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.01.06 18:51:08 | 000,000,304 | -HS- | M] () -- C:\boot.ini
[2010.01.06 18:57:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.01.06 18:57:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.05.04 21:03:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010.01.06 18:57:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.14 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 16:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010.05.04 12:18:04 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010.04.29 22:15:46 | 000,002,487 | ---- | M] () -- C:\rapport.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.01.06 20:43:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.01.06 20:43:07 | 002,322,432 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.01.06 20:43:06 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010.03.31 11:22:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010.03.31 11:22:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010.03.31 11:22:07 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010.03.31 11:22:25 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010.02.24 16:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010.02.11 15:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
< End of report >

=============================================================================================================

OTL Extras logfile created on: 2010.05.04 21:24:39 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Namai\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd

1.023,00 Mb Total Physical Memory | 650,00 Mb Available Physical Memory | 63,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 9,39 Gb Free Space | 48,10% Space Free | Partition Type: NTFS
Drive D: | 36,36 Gb Total Space | 11,99 Gb Free Space | 32,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NAMU-A6F232A9DB
Current User Name: Namai
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = 
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Audition 3.0.1 Build 8347 En" = Adobe Audition 3.0.1 Build 8347 En
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIMP2" = AIMP2
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner
"ClickRepair_is1" = ClickRepair 3.1.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Security Task Manager" = Security Task Manager 1.7f
"SpellForce" = SpellForce
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010.02.13 05:58:57 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieproxy.dll, version 8.0.6001.18702, fault address 0x000170f0.

Error - 2010.02.16 06:29:27 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieproxy.dll, version 8.0.6001.18702, fault address 0x000170f0.

Error - 2010.02.16 06:29:32 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieproxy.dll, version 8.0.6001.18702, fault address 0x000170f0.

Error - 2010.02.18 15:32:51 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application l2.bin, version 0.0.0.0, faulting module nwindow.dll,
version 0.0.0.0, fault address 0x0026e542.

Error - 2010.02.19 12:39:02 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieproxy.dll, version 8.0.6001.18702, fault address 0x000170f0.

Error - 2010.02.19 12:39:11 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieproxy.dll, version 8.0.6001.18702, fault address 0x000170f0.

Error - 2010.02.19 14:00:31 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieproxy.dll, version 8.0.6001.18702, fault address 0x000170f0.

Error - 2010.03.01 08:23:46 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application l2.bin, version 0.0.0.0, faulting module nwindow.dll,
version 0.0.0.0, fault address 0x0026e542.

Error - 2010.03.03 07:49:02 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application l2.bin, version 0.0.0.0, faulting module nwindow.dll,
version 0.0.0.0, fault address 0x0026e542.

Error - 2010.03.04 19:16:09 | Computer Name = NAMU-A6F232A9DB | Source = Application Error | ID = 1000
Description = Faulting application l2.bin, version 0.0.0.0, faulting module nwindow.dll,
version 0.0.0.0, fault address 0x0026e542.

[ System Events ]
Error - 2010.05.02 12:54:13 | Computer Name = NAMU-A6F232A9DB | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010.05.03 04:39:29 | Computer Name = NAMU-A6F232A9DB | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 2010.05.03 04:39:30 | Computer Name = NAMU-A6F232A9DB | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010.05.03 04:39:30 | Computer Name = NAMU-A6F232A9DB | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010.05.03 06:45:58 | Computer Name = NAMU-A6F232A9DB | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010.05.03 06:45:58 | Computer Name = NAMU-A6F232A9DB | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010.05.03 06:45:58 | Computer Name = NAMU-A6F232A9DB | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 2010.05.04 05:18:34 | Computer Name = NAMU-A6F232A9DB | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010.05.04 05:18:34 | Computer Name = NAMU-A6F232A9DB | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 2010.05.04 05:18:34 | Computer Name = NAMU-A6F232A9DB | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

[ TuneUp Events ]
Error - 2010.04.28 08:16:43 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-28 15:16:43', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3900',0)

Error - 2010.04.28 08:18:29 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-28 15:18:29', '\device\harddiskvolume1\documents
and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\mbam-setup.exe','3892',0)

Error - 2010.04.28 08:18:34 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-28 15:18:34', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2152',0)

Error - 2010.04.28 08:27:16 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-28 15:27:16', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3828',0)

Error - 2010.04.29 14:02:12 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-29 21:02:12', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3492',0)

Error - 2010.05.04 13:58:11 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-04 20:58:07', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2220',0)

Error - 2010.05.04 14:02:00 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-04 21:02:00', '\device\harddiskvolume1\documents
and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\mbam-setup.exe','1912',0)

Error - 2010.05.04 14:03:10 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-04 21:03:10', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3604',0)

Error - 2010.05.04 14:03:15 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-04 21:03:15', '\device\harddiskvolume1\documents
and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\mbam-setup.exe','2984',0)


----------



## darker (Jan 29, 2010)

Error - 2010.05.04 14:03:20 | Computer Name = NAMU-A6F232A9DB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-04 21:03:20', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','3800',0)

< End of report >


----------



## emeraldnzl (Nov 3, 2007)

Hello darker,

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

How to disable *AVG's Resident Shield*.

Right click the *AVG* icon and click *Open*.

In the *Overview* panel click on *Resident Shield > Uncheck the Resident Shield Active box > Save Changes*.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

***Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall***

When finished, it will produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.


----------



## darker (Jan 29, 2010)

ComboFix 10-05-04.01 - Namai 2010.05.04 23:14:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.663 [GMT 3:00]
Running from: c:\documents and settings\Namai\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WindowsUpdate
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
Infected copy of c:\windows\system32\drivers\VIAAGP1.SYS was found and disinfected 
Restored copy from - Kitty had a snack  
.
((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.
2010-05-03 18:01 . 2010-05-03 18:01 68456 ----a-w- c:\documents and settings\Namai\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 18:52 . 2010-04-29 18:52 -------- d-----w- c:\program files\Security Task Manager
2010-04-29 18:45 . 2010-04-29 18:45 -------- d-----w- c:\documents and settings\Namai\Local Settings\Application Data\Help
2010-04-29 18:26 . 2010-04-29 18:26 92 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC.dll
2010-04-29 16:08 . 2010-04-29 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-04-28 12:47 . 2010-04-28 12:48 -------- dc-h--w- c:\windows\ie8
2010-04-28 12:13 . 2010-04-28 12:13 -------- d-----w- c:\program files\Trend Micro
2010-04-27 15:29 . 2010-04-27 15:29 -------- d-----w- c:\program files\CCleaner
2010-04-27 08:33 . 2010-04-27 08:33 -------- d-----w- c:\documents and settings\Namai\Application Data\Sports Interactive
2010-04-26 19:22 . 2010-04-26 19:22 -------- d-----w- c:\program files\Sports Interactive
2010-04-26 19:20 . 2010-04-26 19:20 -------- d--h--w- c:\documents and settings\Namai\InstallAnywhere
2010-04-24 11:50 . 2010-05-04 18:12 -------- d-----w- C:\$AVG8.VAULT$
2010-04-24 10:33 . 2002-11-02 06:53 57344 ----a-w- c:\windows\system32\WNASPINT.DLL
2010-04-19 11:20 . 2010-04-19 11:20 -------- d-----w- c:\program files\ClickRepair
2010-04-15 15:11 . 2010-04-15 15:11 -------- d-----w- c:\documents and settings\Namai\Application Data\ABBYY
2010-04-15 15:10 . 2010-04-27 15:00 -------- d-----w- c:\program files\ABBYY eFormFiller 2.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 19:46 . 2010-01-06 17:09 -------- d-----w- c:\documents and settings\Namai\Application Data\AIMP
2010-05-04 19:39 . 2010-01-06 16:41 -------- d-----w- c:\documents and settings\Namai\Application Data\uTorrent
2010-05-04 19:39 . 2010-03-14 15:11 -------- d-----w- c:\documents and settings\Namai\Application Data\vlc
2010-05-04 18:05 . 2010-03-31 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-04 18:03 . 2010-01-30 10:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 18:01 . 2010-01-30 10:35 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-04 09:38 . 2010-01-07 18:38 -------- d-----w- c:\documents and settings\Namai\Application Data\Skype
2010-05-04 09:38 . 2010-01-07 18:40 -------- d-----w- c:\documents and settings\Namai\Application Data\skypePM
2010-04-29 18:57 . 2010-04-29 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-04-29 18:38 . 2010-01-07 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-29 18:26 . 2010-04-29 18:26 60 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 37 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 180 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 1509 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 107 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109411090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 51 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 13708 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109030000000000000000F01FEC.dll
2010-04-29 18:26 . 2010-04-29 18:26 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC.dll
2010-04-29 12:39 . 2010-01-30 10:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 12:39 . 2010-01-30 10:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 12:17 . 2010-01-17 12:48 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-04-27 15:01 . 2010-01-07 17:05 -------- d-----r- c:\program files\Skype
2010-04-26 19:04 . 2010-01-11 11:13 -------- d-----w- c:\program files\HP
2010-04-26 17:43 . 2010-01-09 13:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-24 10:26 . 2010-01-06 16:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 08:22 . 2010-03-31 08:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-31 08:22 . 2010-03-31 08:14 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-31 08:22 . 2010-03-31 08:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-31 08:22 . 2010-03-31 08:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-31 08:22 . 2010-03-31 08:14 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-31 08:13 . 2010-03-31 08:13 -------- d-----w- c:\program files\AVG
2010-03-24 09:47 . 2010-01-06 17:09 -------- d-----w- c:\program files\AIMP2
2010-03-13 14:10 . 2010-01-06 16:42 -------- d-----w- c:\program files\uTorrent
2010-03-10 06:15 . 2009-11-05 14:54 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:19 . 2009-12-08 19:07 919040 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-11-05 14:53 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 16:57 . 2010-02-19 16:56 325216 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-02-19 16:56 . 2010-02-19 16:56 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-02-19 16:56 . 2010-02-19 16:56 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-02-19 16:56 . 2010-02-19 16:56 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-02-19 16:56 . 2010-02-19 16:56 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-02-19 16:56 . 2010-02-19 16:56 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-02-19 16:56 . 2010-02-19 16:56 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-02-19 16:56 . 2010-02-19 16:56 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-02-19 16:55 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-19 16:55 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-17 06:10 . 2009-11-05 14:53 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2009-08-04 14:20 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 13:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-11-05 14:53 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
------- Sigcheck -------
[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 47104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-30 5898240]
"nwiz"="nwiz.exe" [2005-03-30 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-03-30 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-19 202256]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-31 2046816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE8"="advpack.dll" [2009-11-05 128512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-31 08:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010.03.31 11:14 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010.03.31 11:14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010.03.31 11:14 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010.03.31 11:22 297752]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010.01.07 14:02 717296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-05-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:30]
2010-05-04 c:\windows\Tasks\User_Feed_Synchronization-{D28ACEBB-4CD3-4747-9837-3D3CC1E9C57C}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 14:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.lt/
uInternet Connection Wizard,ShellNext = ftp://192.168.100.100/
uInternet Settings,ProxyOverride = hxxp://*
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Namai\Application Data\Mozilla\Firefox\Profiles\sehk039r.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Notify-youja_ - youja_.dll

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 23:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
Completion time: 2010-05-04 23:21:58
ComboFix-quarantined-files.txt 2010-05-04 20:21
Pre-Run: 10.003.681.280 bytes free
Post-Run: 10.041.184.256 bytes free
- - End Of File - - 26BD3D782332E7279EB715CC127C9F4B


----------



## emeraldnzl (Nov 3, 2007)

Hello

Please go to *Start*, then *Run* and copy/paste the following bold command into the Run box, then click OK:

*cmd /c PEV -l "%systemdrive%\sfcfiles.dll" >Log.txt&Log.txt&del Log.txt*

A Notepad file will open. Please post the contents of Log.txt in your next reply.


----------



## darker (Jan 29, 2010)

----a-w- 1,614,848 2009-11-05 15:35:09 C:\WINDOWS\system32\sfcfiles.dll
Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 1,614,848 Blocks: 3,154


----------



## emeraldnzl (Nov 3, 2007)

Hello darker,

To run the System File Checker, follow these steps:


Click *Start > Run* and type *sfc /scannow* (note the space, it should be there), and then press *ENTER*. 
Follow the prompts throughout the System File Checker process. 
Restart your computer when System File Checker process is complete.
*After that*

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Next*

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

*Kaspersky works with Internet Explorer and Firefox 3.*

Go to *Kaspersky website* and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.


Read through the requirements and privacy statement and click on *Accept* button.
It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the *Save* button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Copy and paste that information in your next post.

*So when you return please post
MBAM log
Kaspersky scan results
and tell me how your computer is performing now
*


----------



## darker (Jan 29, 2010)

For some reason kaspersky cant scan my computer it can't detect java (I instaled it). Anyway, THANK You very much for your time and efforts to help me 
After combofix fixes my AV alerted me about threat in backuped registary files ant that was it. all files was deleted and there is no new alerts.
Now pc works a bit faster. THANKS!


----------



## emeraldnzl (Nov 3, 2007)

Hello darker,

Here is an alternative to the Kaspersky one. You might like to run that one to be sure your machine is clean.

Run a free online scan with the *ESET Online Scanner*
*Note*_: You will need to use Internet Explorer for this scan_
Tick the box next to *YES, I accept the Terms of Use*
Click *Start*
When asked, allow the ActiveX control to install
Click *Start*
Make sure that the options *Remove found threats* and the option *Scan unwanted applications* is checked
Click *Scan* (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use *Notepad* to open the logfile located at C:\Program Files\EsetOnlineScanner\*log.txt*
Copy and paste that log as a reply to this topic
*Now*

We have a couple of last steps to perform and then you're all set.









*Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.*

 Click *START* then *RUN*
 Now type *Combofix /Uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









*Step 2*

Double-click *OTL.exe* to run it. (Vista users, please right click on *OTL.exe* and select "Run as an *Administrator*")
Click on the *CleanUp!* button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose *Yes.*

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

-------------------------------------------------------------------------------------------------------------------

*A reminder:* Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

*Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:*

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download from here *Java Runtime Environment (JDK) Update * 
Scroll to where it says *"Windows XP/Vista/2000/2003/2008 online" * and download and follow the instructions to install.

Reboot your computer. 
You also need to uininstall older versions of Java.

 Click *Start* > *Control Panel* > *Add or Remove Programs*
 Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:
*TFC.exe* 
--------------------------------------------------------------------------------------------------------------------

*Make Internet Explorer more secure*

Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*** Consider using an alternate browser.

Opera may be downloaded from *here*. It is one of the least targeted of all browers.

Avant may be downloaded from *here*. Another one that is less well known.

Firefox may be downloaded from *Here*. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.
-----------------------------------------------------------------------------------------------------------------------

*Startuplite* is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:




It is recommended that you do set Windows to check, download and install your updates automatically.

* Click *Start > Control Panel > Automatic Updates*
* Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
* Click *Apply* then *OK*.

And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.

*Malwarebytes* 
*SuperAntiSpyWare*
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!


----------



## darker (Jan 29, 2010)

THANK for Tips. they ware helpfull


----------



## emeraldnzl (Nov 3, 2007)




----------

