Virus detection. Please help me. Anybody

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

akairi97

Thread Starter
Joined
Sep 14, 2010
Messages
421
I had did a scan and found these on my computer. Here is the report:



Avira AntiVir Personal
Report file date: Sunday, December 05, 2010 05:06

Scanning for 3110546 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : XP-E

Version information:
BUILD.DAT : 10.0.0.596 31825 Bytes 11/16/2010 15:57:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/3/2010 01:06:45
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 13:19:04
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 13:19:14
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 13:19:35
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 13:19:49
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 01:06:45
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 01:06:45
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 01:06:45
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 01:06:45
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 22:30:38
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 19:26:03
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 19:26:07
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 19:26:39
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 14:15:42
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 14:46:03
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 18:38:03
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 05:48:48
VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 04:37:32
VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 04:37:33
VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 00:07:19
VBASE024.VDF : 7.10.14.148 2048 Bytes 11/30/2010 00:07:19
VBASE025.VDF : 7.10.14.149 2048 Bytes 11/30/2010 00:07:19
VBASE026.VDF : 7.10.14.150 2048 Bytes 11/30/2010 00:07:19
VBASE027.VDF : 7.10.14.151 2048 Bytes 11/30/2010 00:07:19
VBASE028.VDF : 7.10.14.152 2048 Bytes 11/30/2010 00:07:20
VBASE029.VDF : 7.10.14.153 2048 Bytes 11/30/2010 00:07:20
VBASE030.VDF : 7.10.14.154 2048 Bytes 11/30/2010 00:07:20
VBASE031.VDF : 7.10.14.164 49152 Bytes 12/1/2010 00:07:20
Engineversion : 8.2.4.114
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/19/2010 13:20:12
AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/24/2010 05:48:57
AESCN.DLL : 8.1.7.2 127349 Bytes 11/24/2010 05:48:56
AESBX.DLL : 8.1.3.2 254324 Bytes 11/24/2010 05:48:57
AERDL.DLL : 8.1.9.2 635252 Bytes 9/22/2010 00:26:56
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/13/2010 12:05:03
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/24/2010 05:48:56
AEHEUR.DLL : 8.1.2.46 3088759 Bytes 11/28/2010 04:37:38
AEHELP.DLL : 8.1.15.0 246135 Bytes 11/28/2010 04:37:35
AEGEN.DLL : 8.1.4.2 401781 Bytes 11/24/2010 05:48:52
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/24/2010 05:48:51
AECORE.DLL : 8.1.18.1 196984 Bytes 11/24/2010 05:48:51
AEBB.DLL : 8.1.1.0 53618 Bytes 9/19/2010 13:19:58
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11/3/2010 01:06:45
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 11/3/2010 01:06:45
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/3/2010 01:06:45

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: D:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, December 05, 2010 05:06

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'WMPNetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'McciCMService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'ITMRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ComcastAntiSpyService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ComcastAntispy.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'Res.EXE' - '1' Module(s) have been scanned
Scan process 'brs.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1759' files ).


Starting the file scan:

Begin scan in 'C:\' <RECOVERY>
Begin scan in 'D:\'
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\10\28c6bc4a-4bc67488
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\19\30cdce53-37005504
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Pesc.B Java virus
--> g6k1.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.B Java virus
--> y6u7.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.G Java virus
--> g5z6.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.A Java virus
--> main.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.D Java virus
--> q3p0.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.E Java virus
--> h6l4.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.C Java virus
--> b5n3.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IX.2 Java virus
--> Tuggoaerffb.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.F Java virus
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\21\60886e95-59fe6f88
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\28\11d5729c-245925e9
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Pesc.B Java virus
--> g6k1.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.B Java virus
--> y6u7.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.G Java virus
--> g5z6.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.A Java virus
--> main.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.D Java virus
--> q3p0.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.E Java virus
--> h6l4.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.C Java virus
--> b5n3.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IX.2 Java virus
--> Tuggoaerffb.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.F Java virus
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\53\46044575-2e823ec7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\61\c3b367d-180a6fb4
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Small.U Java virus
--> AppletX.class
[DETECTION] Contains recognition pattern of the JAVA/Small.U Java virus
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\61\c3b367d-290adbf8
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Small.U Java virus
--> AppletX.class
[DETECTION] Contains recognition pattern of the JAVA/Small.U Java virus
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\61\c3b367d-4b100c52
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.I Java virus
--> myf/y/jofmsuhhfuixuoxb.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.I Java virus
--> myf/y/LoaderX.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IX.1 Java virus
D:\Documents and Settings\player\Local Settings\Temp\plugtmp-45\plugin-xkrKpKky.php
[DETECTION] Contains recognition pattern of the EXP/Pidief.paa.1 exploit
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: The device is not ready.

Beginning disinfection:
D:\Documents and Settings\player\Local Settings\Temp\plugtmp-45\plugin-xkrKpKky.php
[DETECTION] Contains recognition pattern of the EXP/Pidief.paa.1 exploit
[NOTE] The file was moved to the quarantine directory under the name '4f3b2e08.qua'.
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\61\c3b367d-4b100c52
[DETECTION] Contains recognition pattern of the JAVA/Agent.IX.1 Java virus
[NOTE] The file was moved to the quarantine directory under the name '57810157.qua'.
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\61\c3b367d-290adbf8
[DETECTION] Contains recognition pattern of the JAVA/Small.U Java virus
[NOTE] The file was moved to the quarantine directory under the name '05de5bbf.qua'.
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\61\c3b367d-180a6fb4
[DETECTION] Contains recognition pattern of the JAVA/Small.U Java virus
[NOTE] The file was moved to the quarantine directory under the name '63e9147d.qua'.
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\53\46044575-2e823ec7
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
[NOTE] The file was moved to the quarantine directory under the name '261b394e.qua'.
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\28\11d5729c-245925e9
[DETECTION] Contains recognition pattern of the JAVA/Pesc.F Java virus
[NOTE] The file was moved to the quarantine directory under the name '59740b20.qua'.
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\21\60886e95-59fe6f88
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
[NOTE] The file was moved to the quarantine directory under the name '15a0276b.qua'.
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\19\30cdce53-37005504
[DETECTION] Contains recognition pattern of the JAVA/Pesc.F Java virus
[NOTE] The file was moved to the quarantine directory under the name '69d5673b.qua'.
D:\Documents and Settings\player\Application Data\Sun\Java\Deployment\cache\6.0\10\28c6bc4a-4bc67488
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
[NOTE] The file was moved to the quarantine directory under the name '448f487e.qua'.


End of the scan: Sunday, December 05, 2010 07:48
Used time: 1:35:33 Hour(s)

The scan has been done completely.

14949 Scanned directories
567537 Files were scanned
24 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
9 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
567513 Files not concerned
10512 Archives were scanned
0 Warnings
9 Notes
 

etaf

Wayne
Moderator
Joined
Oct 2, 2003
Messages
65,442
moved to virus forum, where you will get help from authorised virus gurus
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
nothing wrong there at all

Avira has fixed everything and it is common to get "viruses" in java cache
provided you have the latest version of java , they wont be able to run or harm you

scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests
 

akairi97

Thread Starter
Joined
Sep 14, 2010
Messages
421
Thank your for the information. My computer is running slow though. What do you think it can be?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
please say what you mean by running slow
is it on teh net or doing everything
how much ram do you have
when did the slowness start

follow advice here and post the logs those programs make
 

akairi97

Thread Starter
Joined
Sep 14, 2010
Messages
421
Its slow all over the NET. I have: INTEL(R) Celeron(R) CPU 3.33GHz, 3.33GHz, 504MB RAM.

My Firefox all of a sudden keeps crashing. It started yesterday. Whenever I'm on the Net, Firefox will pull up a message and say it crashed.
 

akairi97

Thread Starter
Joined
Sep 14, 2010
Messages
421
I did what it told me, but I didnt get a log report. I didnt understand the second part about clicking on the cache tab. I didnt see a cache tab. All I did was delete files in the temporary section in java. But the second part asked me to clear the cache, but I dont see a cache tab. Am I doing something wrong?
 

akairi97

Thread Starter
Joined
Sep 14, 2010
Messages
421
Here is the hijack report


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:58 PM, on 12/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS9\System32\smss.exe
D:\WINDOWS9\system32\winlogon.exe
D:\WINDOWS9\system32\services.exe
D:\WINDOWS9\system32\lsass.exe
D:\WINDOWS9\system32\svchost.exe
D:\WINDOWS9\System32\svchost.exe
D:\WINDOWS9\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS9\Explorer.EXE
D:\WINDOWS9\RTHDCPL.EXE
D:\Program Files\Cyberlink\Shared files\brs.exe
D:\Program Files\USB Disk Win98 Driver\Res.EXE
D:\WINDOWS9\system32\LVCOMSX.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
D:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
D:\WINDOWS9\system32\ctfmon.exe
D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS9\System32\svchost.exe
D:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS9\system32\HPZipm12.exe
D:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
D:\WINDOWS9\system32\svchost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
D:\Documents and Settings\player\My Documents\Downloads\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60288
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60288
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60288
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60288
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Updater For Comcast Toolbar 3.5 - {164d3751-cac6-4a6d-becd-ea67df61d232} - D:\Program Files\comcasttb\auxi\comcastAu.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MI61D5~1\Office12\GRA8E1~1.DLL
O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - D:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - D:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - D:\Program Files\WOT\WOT.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - D:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [BDRegion] D:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] D:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS9\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "D:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS9\system32\ctfmon.exe
O4 - HKCU\..\Run: [ComcastAntispyClient] "D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [VeohPlugin] "D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MI61D5~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI61D5~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI61D5~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI61D5~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS9\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS9\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MI61D5~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - D:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS9\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS9\system32\browseui.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca1d03fa1be05e) (gupdate1ca1d03fa1be05e) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - D:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - D:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS9\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - D:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 9860 bytes
 

akairi97

Thread Starter
Joined
Sep 14, 2010
Messages
421
DDS (Ver_10-12-05.01) - NTFSx86
Run by player at 22:05:25.81 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.85 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS9\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS9\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS9\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS9\Explorer.EXE
svchost.exe
D:\WINDOWS9\RTHDCPL.EXE
D:\Program Files\Cyberlink\Shared files\brs.exe
D:\Program Files\USB Disk Win98 Driver\Res.EXE
D:\WINDOWS9\system32\LVCOMSX.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
D:\WINDOWS9\system32\ctfmon.exe
D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS9\System32\svchost.exe -k HTTPFilter
D:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS9\system32\HPZipm12.exe
D:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
D:\WINDOWS9\system32\svchost.exe -k imgsvc
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
D:\Documents and Settings\player\My Documents\Downloads\HijackThis(2).exe
D:\WINDOWS9\system32\NOTEPAD.EXE
D:\Documents and Settings\player\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14196&l=dis
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60288
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60288
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - d:\program files\comcasttb\auxi\comcastAu.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\mi61d5~1\office12\GRA8E1~1.DLL
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - d:\program files\comcasttb\comcastdx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - d:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - d:\program files\wot\WOT.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - d:\program files\comcasttb\comcastdx.dll
uRun: [ctfmon.exe] d:\windows9\system32\ctfmon.exe
uRun: [ComcastAntispyClient] "d:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [VeohPlugin] "d:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [BDRegion] d:\program files\cyberlink\shared files\brs.exe
mRun: [USB Storage Toolbox] d:\program files\usb disk win98 driver\Res.EXE
mRun: [LVCOMSX] d:\windows9\system32\LVCOMSX.EXE
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "d:\program files\mpcstar\codecs\quicktime\qttask.exe" -atboottime
mRun: [ddoctorv2] "d:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - d:\progra~1\mi61d5~1\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://d:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\mi61d5~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi61d5~1\office12\REFIEBAR.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\mi61d5~1\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - d:\program files\wot\WOT.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows9\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\mi61d5~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\player\applic~1\mozilla\firefox\profiles\whb3s47g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=0B3663EE-4D26-4A3F-98A3-1724DB063D6B&apn_ptnrs=FM&apn_sauid=FA59D152-BEA3-45D6-8B22-BDAAA062C382&apn_dtid=TES002YYUS&q=
FF - component: d:\documents and settings\player\application data\mozilla\firefox\profiles\whb3s47g.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency.dll
FF - component: d:\documents and settings\player\application data\mozilla\firefox\profiles\whb3s47g.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.5.dll
FF - component: d:\documents and settings\player\application data\mozilla\firefox\profiles\whb3s47g.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.6.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: [email protected] - d:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - d:\docume~1\player\applic~1\mozilla\firefox\profiles\whb3s47g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Comcast Toolbar: {4E77EDAD-9566-4089-88D1-C81498CEE770} - d:\docume~1\player\applic~1\mozilla\firefox\profiles\whb3s47g.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-9-19 11608]
R2 AntiSpywareService;Comcast AntiSpyware;d:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2010-9-19 135336]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-9-19 267944]
R2 avgntflt;avgntflt;d:\windows9\system32\drivers\avgntflt.sys [2010-9-19 61960]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows9\system32\drivers\LMIRfsDriver.sys [2009-2-5 47640]
S2 gupdate1ca1d03fa1be05e;Google Update Service (gupdate1ca1d03fa1be05e);d:\program files\google\update\GoogleUpdate.exe [2009-8-14 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\logmein\x86\rainfo.sys --> d:\program files\logmein\x86\RaInfo.sys [?]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;d:\windows9\system32\drivers\ndiswdm.sys --> d:\windows9\system32\drivers\ndiswdm.sys [?]
S3 Revoflt;Revoflt;d:\windows9\system32\drivers\revoflt.sys [2010-5-17 27064]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-12-06 22:46:03 -------- d-----w- D:\(______) [_____] _________ _04_
2010-12-06 14:37:27 -------- d-----w- D:\[Wakoh Honna] A Peephole (Nozoki Ana) Vol.03
2010-12-05 15:43:36 -------- d-----w- D:\Samuari Champloo
2010-12-05 15:35:35 -------- d-----w- D:\AFTERSHOCK.2010.DVDSCR
2010-12-03 12:49:22 -------- d-----w- d:\program files\Comcast
2010-12-03 12:48:45 -------- d-----w- d:\docume~1\player\applic~1\CallingID
2010-12-03 12:48:31 -------- d-----w- d:\program files\common files\scanner
2010-12-03 12:48:15 -------- d-----w- d:\program files\CA
2010-12-03 12:47:39 -------- d-----w- d:\docume~1\player\applic~1\comcasttb
2010-12-03 12:47:33 -------- d-----w- d:\program files\comcasttb
2010-11-23 15:18:48 -------- d-----w- d:\docume~1\player\locals~1\applic~1\SupportSoft
2010-11-23 15:18:26 -------- d-----w- d:\program files\ComcastUI
2010-11-10 17:49:36 135568 ----a-w- d:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-10 17:49:36 135568 ----a-w- d:\program files\internet explorer\plugins\nppdf32.dll
2010-11-09 20:53:14 -------- d-----w- d:\docume~1\player\applic~1\ParetoLogic

==================== Find3M ====================

2010-10-20 01:44:54 0 ----a-w- d:\windows9\Ypifobuhog.bin
2010-09-18 13:07:46 446464 ----a-w- D:\TFC.exe
2010-09-16 08:41:43 73728 ----a-w- d:\windows9\system32\javacpl.cpl
2010-09-16 08:41:43 423656 ----a-w- d:\windows9\system32\deployJava1.dll
2010-09-08 15:17:46 94208 ----a-w- d:\windows9\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- d:\windows9\system32\QuickTime.qts
2006-12-03 04:50:42 18662912 ----a-w- d:\program files\common files\TaxWise Workstation.msi

============= FINISH: 22:07:31.01 ===============
 

akairi97

Thread Starter
Joined
Sep 14, 2010
Messages
421
I did the scan for the gmer and it keeps restarting the computer. It did it twice and than it pulled up a error message that says something like some stuff had been recovered. I cant pull up a log from the program gmer that I had installed
 

akairi97

Thread Starter
Joined
Sep 14, 2010
Messages
421
I tried to scan this GMER program again it took all night long. I woke up this morning and my whole computer system was frozen. I had no choice but to turn the computer off. When I turned it back on it took a long time to even get to a computer screen. And now my computer is running real, real slow. Is there another option for me besides this GMER. I'm afraid I might mess something up.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
OK forget GMER

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top