1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows - No Disk

Discussion in 'Virus & Other Malware Removal' started by janjanmagdaleno, Oct 31, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. janjanmagdaleno

    janjanmagdaleno Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    5
    i have read someone's post like this. The dude is asked to download hijackthis and save log a log file. i tried it but we have different log files. pls help here is the log file

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:37:48 AM, on 11/1/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17103)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\gphone.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\vVX3000.exe
    C:\Documents and Settings\onio cruz\Application Data\cssrs.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\onio cruz\Start Menu\Programs\Startup\cssrs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
    C:\Program Files\Linksys\WUSB100\WUSB100.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.114116.info
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.114116.info
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.114116.info
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rnd009.googlepages.com/google.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rnd009.googlepages.com/google.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.114116.info
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=au...id=30117&camp_id=3227&tb_version=1.1.1000.4(B)
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe gphone.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: FreeOnlineRadioPlayerRecorder - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [TINTIMG] C:\Documents and Settings\onio cruz\Application Data\cssrs.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [L09AXLRD_5780109] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\onio cruz\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\gphone.exe
    O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\gphone.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\gphone.exe (User 'Default user')
    O4 - S-1-5-18 Startup: cssrs.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: cssrs.exe (User 'Default user')
    O4 - .DEFAULT Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe (User 'Default user')
    O4 - Startup: cssrs.exe
    O4 - Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
    O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB100\WUSB100.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (file missing)
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

    --
    End of file - 18470 bytes
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,939
    First Name:
    Frank
    It's difficult to understand what you're saying.

    Is this a HiJackThis scan log to your computer or to someone else's computer?

    According to the log, that computer is infected and is loaded with outdated and unnecessary programs and add-ons.

    Have you read the instructions here?

    ---------------------------------------------------------
     
  3. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi and welcome.

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All
      • Under File Scans, change File age to 30
    • Under the Custom Scan box paste this in


      netsvcs
      set /c
      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      Userinit.exe
      Explorer.exe
      Winlogon.exe
      Regedit.exe
      SCLWAPI.dll
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job
     
  4. janjanmagdaleno

    janjanmagdaleno Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    5
    i'm sorry i haven't read it earlier. by the way, these are my comp's log files. THANKS!!!!


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:42:45 AM, on 11/2/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17103)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\gphone.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\vVX3000.exe
    C:\Documents and Settings\onio cruz\Application Data\cssrs.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\onio cruz\Start Menu\Programs\Startup\cssrs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
    C:\Program Files\Linksys\WUSB100\WUSB100.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.114116.info
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.114116.info
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.114116.info
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rnd009.googlepages.com/google.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rnd009.googlepages.com/google.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.114116.info
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=au...id=30117&camp_id=3227&tb_version=1.1.1000.4(B)
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe gphone.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: FreeOnlineRadioPlayerRecorder - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [TINTIMG] C:\Documents and Settings\onio cruz\Application Data\cssrs.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [L09AXLRD_5780109] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\onio cruz\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\gphone.exe
    O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\gphone.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\gphone.exe (User 'Default user')
    O4 - S-1-5-18 Startup: cssrs.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: cssrs.exe (User 'Default user')
    O4 - .DEFAULT Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe (User 'Default user')
    O4 - Startup: cssrs.exe
    O4 - Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
    O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB100\WUSB100.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (file missing)
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

    --
    End of file - 18508 bytes



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13
    Run by onio cruz at 1:44:01 on 2011-11-02
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.300 [GMT 8:00]
    .
    AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
    FW: AVG Firewall *Disabled*
    FW: Norton 360 *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\gphone.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\vVX3000.exe
    C:\Documents and Settings\onio cruz\Application Data\cssrs.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
    C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\onio cruz\Start Menu\Programs\Startup\cssrs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
    C:\Program Files\Linksys\WUSB100\WUSB100.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.114116.info
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
    uDefault_Page_URL = hxxp://www.114116.info
    mDefault_Page_URL = hxxp://www.114116.info
    mDefault_Search_URL = hxxp://rnd009.googlepages.com/google.html
    mSearch Page = hxxp://rnd009.googlepages.com/google.html
    mStart Page = hxxp://www.114116.info
    uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=6C45716001CC7EC10193A139&src_id=30117&camp_id=3227&tb_version=1.1.1000.4(B)
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: H - No File
    mWinlogon: Shell=Explorer.exe gphone.exe
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\ALOTHelper.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre0.dll
    TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre0.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [L09AXLRD_5780109] "c:\program files\microsoft student\microsoft student with encarta premium 2009 dvd\EDICT.EXE" -m
    uRun: [ChikkaDefault] c:\progra~1\chikka~1\chikka~1.4\ChikkaLauncher.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [cdloader] "c:\documents and settings\onio cruz\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Yahoo Messengger] c:\windows\system32\gphone.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [VX3000] c:\windows\vVX3000.exe
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [TINTIMG] c:\documents and settings\onio cruz\application data\cssrs.exe
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    dRun: [Yahoo Messengger] c:\windows\system32\gphone.exe
    StartupFolder: c:\documents and settings\onio cruz\start menu\programs\startup\cssrs.exe
    StartupFolder: c:\docume~1\oniocr~1\startm~1\programs\startup\flipto~1.lnk - c:\program files\fliptoast\fliptoast.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187 wireless lan utility\RtWLan.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb100\WUSB100.exe
    uPolicies-explorer: NofolderOptions = 1 (0x1)
    uPolicies-system: DisableTaskMgr = 1 (0x1)
    uPolicies-system: DisableRegistryTools = 1 (0x1)
    dPolicies-explorer: NofolderOptions = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    TCP: DhcpNameServer = 124.106.4.2 192.168.0.1
    TCP: Interfaces\{92B6B647-DB41-4CD1-B200-CC322BE2B76D} : DhcpNameServer = 124.106.4.2 192.168.0.1
    TCP: Interfaces\{B698225D-C8CC-4CE6-90BA-81F9583144FF} : DhcpNameServer = 124.106.4.2 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\onio cruz\application data\mozilla\firefox\profiles\gts2kae6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba0856b2b-975e-4d2e-9679-46ca0fbbe170%7D&mid=ad2103082edb47d18362d1a90a6b60b3-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-17%2022%3A06%3A40&sap=ku&q=
    FF - component: c:\documents and settings\onio cruz\application data\mozilla\firefox\profiles\gts2kae6.default\extensions\[email protected]\components\toolbarhomewmp.dll
    FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
    FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\documents and settings\onio cruz\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\program files\funwebproducts\installr\1.bin\NPFUNWEB.DLL
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - c:\program files\nokia\nokia pc suite 7\bkmrksync
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: AVG Security Toolbar: [email protected] - %profile%\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-4 16384]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2011-6-1 38144]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
    R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2008-11-28 35840]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-17 246600]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]
    R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
    R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2011-6-1 332928]
    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-19 1245064]
    S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2012\avgidsagent.exe" --> c:\program files\avg\avg2012\AVGIDSAgent.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-29 135664]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-19 29744]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-29 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110731.003\NAVENG.SYS [2011-8-1 86008]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110731.003\NAVEX15.SYS [2011-8-1 1542392]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-6-1 136704]
    .
    =============== Created Last 30 ================
    .
    2011-10-31 16:37:07 388096 ----a-r- c:\documents and settings\onio cruz\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-10-31 16:37:06 -------- d-----w- c:\program files\Trend Micro
    2011-10-17 14:52:54 -------- d-----w- c:\program files\AVG Secure Search
    2011-10-17 14:01:16 -------- d-----w- c:\documents and settings\onio cruz\application data\AVG Secure Search
    2011-10-17 14:01:12 -------- d-----w- c:\program files\common files\AVG Secure Search
    2011-10-17 14:01:09 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-10-17 13:57:28 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-10-17 13:55:37 -------- d-----w- c:\program files\AVG
    2011-10-17 13:47:12 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-10-17 08:32:05 -------- d-----w- c:\program files\CCleaner
    2011-10-16 17:03:43 -------- d-----w- c:\program files\Conduit
    2011-10-13 19:38:05 -------- d-----w- c:\documents and settings\onio cruz\local settings\application data\My Games
    2011-10-13 18:13:59 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
    2011-10-13 18:13:56 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-10-13 18:11:08 -------- d-----w- c:\windows\Logs
    2011-10-07 08:55:37 -------- d-----w- c:\documents and settings\all users\application data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    2011-10-07 08:35:15 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2011-10-07 08:35:15 17212 ----atw- c:\windows\system32\SIntf32.dll
    2011-10-07 08:35:15 12067 ----atw- c:\windows\system32\SIntf16.dll
    2011-10-07 03:59:27 -------- d-----w- c:\documents and settings\onio cruz\application data\com.w3i.FlipToast
    2011-10-07 03:58:23 -------- d-----w- c:\program files\fliptoast
    2011-10-07 03:57:43 -------- d-----w- c:\program files\File Type Assistant
    2011-10-07 03:55:54 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-10-07 03:52:58 -------- d-----w- c:\documents and settings\onio cruz\application data\Uniblue
    2011-10-07 03:52:49 -------- d-----w- c:\program files\Uniblue
    2011-10-07 03:52:36 -------- d-----w- c:\documents and settings\onio cruz\local settings\application data\PackageAware
    2011-10-07 03:46:18 -------- d-----w- c:\documents and settings\all users\application data\Premium
    2011-10-07 03:46:16 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
    2011-10-07 02:56:26 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-10-07 02:55:28 -------- d-----w- c:\documents and settings\onio cruz\application data\DAEMON Tools Pro
    2011-10-07 02:55:28 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Pro
    2011-10-05 13:21:52 201728 ----a-w- c:\documents and settings\onio cruz\application data\hjsplit.exe
    2011-10-04 19:30:14 -------- d-----w- c:\documents and settings\onio cruz\application data\Free Online Radio Player Recorder
    .
    ==================== Find3M ====================
    .
    2011-09-26 03:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 03:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 03:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-23 17:07:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-08-17 21:32:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
    2011-08-12 05:51:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe
    2009-02-23 22:06:24 422737 --sha-r- c:\windows\system32\gphone.exe
    .
    ============= FINISH: 1:44:38.81 ===============



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-02 03:54:40
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 Hitachi_HDP725016GLA380 rev.GMBOA52A
    Running: wgo3v19c.exe; Driver: C:\DOCUME~1\ONIOCR~1\LOCALS~1\Temp\ugtdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 848726D0 ZwAlertResumeThread
    SSDT 848756D0 ZwAlertThread
    SSDT 84874700 ZwAllocateVirtualMemory
    SSDT 84AB46F0 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF3A01020]
    SSDT 8484E700 ZwCreateMutant
    SSDT 848796F0 ZwCreateThread
    SSDT 848646D0 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF3A012A0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF3A01800]
    SSDT sptd.sys ZwEnumerateKey [0xF72E2018]
    SSDT sptd.sys ZwEnumerateValueKey [0xF72E23A6]
    SSDT 8486E700 ZwFreeVirtualMemory
    SSDT 8486C6D0 ZwImpersonateAnonymousToken
    SSDT 8486F6D0 ZwImpersonateThread
    SSDT 8486B6F0 ZwMapViewOfSection
    SSDT 848696D0 ZwOpenEvent
    SSDT sptd.sys ZwOpenKey [0xF72ADF80]
    SSDT 8488B6D0 ZwOpenProcessToken
    SSDT 84863700 ZwOpenThreadToken
    SSDT sptd.sys ZwQueryKey [0xF72E247E]
    SSDT sptd.sys ZwQueryValueKey [0xF72E22FE]
    SSDT 8496E6E8 ZwResumeThread
    SSDT 840008E0 ZwSetContextThread
    SSDT 84866700 ZwSetInformationProcess
    SSDT 8485E700 ZwSetInformationThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3A01A50]
    SSDT 848676D0 ZwSuspendProcess
    SSDT 848776D0 ZwSuspendThread
    SSDT 849076D0 ZwTerminateProcess
    SSDT 8487A6D0 ZwTerminateThread
    SSDT 848876D0 ZwUnmapViewOfSection
    SSDT 84871700 ZwWriteVirtualMemory

    INT 0x63 ? 851C8CB8
    INT 0x83 ? 852B3CB8
    INT 0x83 ? 852B3CB8
    INT 0x83 ? 852B3CB8
    INT 0x83 ? 852B3CB8
    INT 0x83 ? 852B3CB8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 4 Bytes [E8, E6, 96, 84]
    .text sptd.sys F7271000 28 Bytes [30, 78, 6E, 80, A6, CB, 6E, ...]
    .text sptd.sys F727101D 3 Bytes [79, 6E, 80]
    .text sptd.sys F7271024 120 Bytes [D8, 52, 53, 80, 68, B9, 54, ...]
    .text sptd.sys F727109D 124 Bytes [97, 53, 80, A0, 98, 53, 80, ...]
    .text sptd.sys F727111A 178 Bytes [4F, 80, 82, F8, 4E, 80, 3E, ...]
    .text ...
    .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF731B9E3]
    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text USBPORT.SYS!DllUnload F70768AC 5 Bytes JMP 851C81C8
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6778360, 0x30AF87, 0xE8000020]
    ? C:\DOCUME~1\ONIOCR~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 852B21E8
    Device \FileSystem\Fastfat \FatCdrom 840631E8

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbohci \Device\USBPDO-0 851C31E8
    Device \Driver\usbehci \Device\USBPDO-1 851E61E8

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Cdrom \Device\CdRom0 851E31E8
    Device \Driver\atapi \Device\Ide\IdePort0 [F7203B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7203B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [F7203B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [F7203B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort4 [F7203B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort5 [F7203B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-12 [F7203B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [F7203B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\NetBT \Device\NetBT_Tcpip_{12B415D9-40BE-4451-A343-7FB503D372AF} 84074430
    Device \Driver\NetBT \Device\NetBt_Wins_Export 84074430
    Device \Driver\NetBT \Device\NetbiosSmb 84074430
    Device \Driver\NetBT \Device\NetBT_Tcpip_{B698225D-C8CC-4CE6-90BA-81F9583144FF} 84074430
    Device \Driver\USBSTOR \Device\00000088 840621E8

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\USBSTOR \Device\00000089 840621E8

    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xEC 0x18 0xCA 0xCE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xEC 0x18 0xCA 0xCE ...

    ---- EOF - GMER 1.0.15 ----




    pls help... by the way, my comp's problems that i know are the windows - no disk and everytime i shut down my computer i always i have to click end now to some like ccvhtctfhs.exe or something like that, i cant remember. THANKS AGAIN GUYS for helpgng
     
  5. janjanmagdaleno

    janjanmagdaleno Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    5
    sorry i forgot to attach the attach.txt. here it is. THANKS!
     

    Attached Files:

  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Download the latest version of TDSSKiller from here and save it to your Desktop.


    1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

      [​IMG]
    2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

      [​IMG]
    3. Click the Start Scan button.

      [​IMG]
    4. If a suspicious object is detected, the default action will be Skip, click on Continue.

      [​IMG]
    5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
    6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

      [​IMG]
    7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All
      • Under File Scans, change File age to 30
    • Under the Custom Scan box paste this in


      netsvcs
      set /c
      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      Userinit.exe
      Explorer.exe
      Winlogon.exe
      Regedit.exe
      SCLWAPI.dll
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
      • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.
     
  7. janjanmagdaleno

    janjanmagdaleno Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    5
    the otl is not responding after doing what u said and clicking run scan, here is the tdsskiller log

    22:05:02.0058 3660 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
    22:05:02.0964 3660 ============================================================
    22:05:02.0964 3660 Current date / time: 2011/11/03 22:05:02.0964
    22:05:02.0964 3660 SystemInfo:
    22:05:02.0964 3660
    22:05:02.0964 3660 OS Version: 5.1.2600 ServicePack: 3.0
    22:05:02.0964 3660 Product type: Workstation
    22:05:02.0964 3660 ComputerName: ONIO
    22:05:02.0964 3660 UserName: onio cruz
    22:05:02.0964 3660 Windows directory: C:\WINDOWS
    22:05:02.0964 3660 System windows directory: C:\WINDOWS
    22:05:02.0964 3660 Processor architecture: Intel x86
    22:05:02.0964 3660 Number of processors: 1
    22:05:02.0964 3660 Page size: 0x1000
    22:05:02.0964 3660 Boot type: Normal boot
    22:05:02.0964 3660 ============================================================
    22:05:04.0511 3660 Initialize success
    22:05:10.0276 3560 ============================================================
    22:05:10.0276 3560 Scan started
    22:05:10.0276 3560 Mode: Manual; SigCheck; TDLFS;
    22:05:10.0276 3560 ============================================================
    22:05:10.0651 3560 Abiosdsk - ok
    22:05:10.0667 3560 abp480n5 - ok
    22:05:10.0745 3560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:05:11.0136 3560 ACPI - ok
    22:05:11.0245 3560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:05:11.0433 3560 ACPIEC - ok
    22:05:11.0448 3560 adpu160m - ok
    22:05:11.0495 3560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    22:05:11.0698 3560 aec - ok
    22:05:11.0730 3560 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    22:05:11.0745 3560 AegisP ( UnsignedFile.Multi.Generic ) - warning
    22:05:11.0745 3560 AegisP - detected UnsignedFile.Multi.Generic (1)
    22:05:11.0886 3560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    22:05:11.0964 3560 AFD - ok
    22:05:12.0026 3560 AgereSoftModem (acc50f43d9e764d364173b9858d3e940) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    22:05:12.0120 3560 AgereSoftModem - ok
    22:05:12.0276 3560 Aha154x - ok
    22:05:12.0292 3560 aic78u2 - ok
    22:05:12.0292 3560 aic78xx - ok
    22:05:12.0323 3560 AliIde - ok
    22:05:12.0339 3560 amsint - ok
    22:05:12.0370 3560 asc - ok
    22:05:12.0386 3560 asc3350p - ok
    22:05:12.0401 3560 asc3550 - ok
    22:05:12.0448 3560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:05:12.0636 3560 AsyncMac - ok
    22:05:12.0667 3560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:05:12.0870 3560 atapi - ok
    22:05:12.0886 3560 Atdisk - ok
    22:05:12.0917 3560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:05:13.0105 3560 Atmarpc - ok
    22:05:13.0151 3560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:05:13.0370 3560 audstub - ok
    22:05:13.0526 3560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:05:13.0745 3560 Beep - ok
    22:05:13.0792 3560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:05:13.0980 3560 cbidf2k - ok
    22:05:14.0026 3560 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    22:05:14.0230 3560 CCDECODE - ok
    22:05:14.0386 3560 cd20xrnt - ok
    22:05:14.0433 3560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:05:14.0651 3560 Cdaudio - ok
    22:05:14.0683 3560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:05:14.0901 3560 Cdfs - ok
    22:05:14.0948 3560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:05:15.0214 3560 Cdrom - ok
    22:05:15.0355 3560 Changer - ok
    22:05:15.0370 3560 CmdIde - ok
    22:05:15.0433 3560 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
    22:05:15.0448 3560 COH_Mon - ok
    22:05:15.0495 3560 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\WINDOWS\system32\drivers\CO_Mon.sys
    22:05:15.0511 3560 CO_Mon - ok
    22:05:15.0511 3560 Cpqarray - ok
    22:05:15.0542 3560 dac2w2k - ok
    22:05:15.0542 3560 dac960nt - ok
    22:05:15.0573 3560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:05:15.0808 3560 Disk - ok
    22:05:15.0948 3560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    22:05:16.0183 3560 dmboot - ok
    22:05:16.0230 3560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    22:05:16.0417 3560 dmio - ok
    22:05:16.0542 3560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:05:16.0761 3560 dmload - ok
    22:05:16.0808 3560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    22:05:17.0011 3560 DMusic - ok
    22:05:17.0058 3560 dpti2o - ok
    22:05:17.0073 3560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:05:17.0261 3560 drmkaud - ok
    22:05:17.0308 3560 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
    22:05:17.0323 3560 EAPPkt ( UnsignedFile.Multi.Generic ) - warning
    22:05:17.0323 3560 EAPPkt - detected UnsignedFile.Multi.Generic (1)
    22:05:17.0464 3560 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    22:05:17.0573 3560 eeCtrl - ok
    22:05:17.0651 3560 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:05:17.0683 3560 EraserUtilRebootDrv - ok
    22:05:17.0839 3560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:05:18.0026 3560 Fastfat - ok
    22:05:18.0089 3560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    22:05:18.0292 3560 Fdc - ok
    22:05:18.0464 3560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    22:05:18.0651 3560 Fips - ok
    22:05:18.0667 3560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    22:05:18.0855 3560 Flpydisk - ok
    22:05:18.0901 3560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:05:19.0089 3560 FltMgr - ok
    22:05:19.0151 3560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:05:19.0323 3560 Fs_Rec - ok
    22:05:19.0480 3560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:05:19.0667 3560 Ftdisk - ok
    22:05:19.0714 3560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    22:05:19.0730 3560 GEARAspiWDM - ok
    22:05:19.0745 3560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:05:19.0933 3560 Gpc - ok
    22:05:20.0011 3560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:05:20.0198 3560 HDAudBus - ok
    22:05:20.0386 3560 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:05:20.0573 3560 hidusb - ok
    22:05:20.0573 3560 hpn - ok
    22:05:20.0651 3560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:05:20.0714 3560 HTTP - ok
    22:05:20.0870 3560 i2omgmt - ok
    22:05:20.0886 3560 i2omp - ok
    22:05:20.0933 3560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:05:21.0120 3560 i8042prt - ok
    22:05:21.0151 3560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:05:21.0323 3560 Imapi - ok
    22:05:21.0339 3560 ini910u - ok
    22:05:21.0542 3560 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:05:21.0855 3560 IntcAzAudAddService - ok
    22:05:22.0011 3560 IntelIde - ok
    22:05:22.0073 3560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:05:22.0245 3560 Ip6Fw - ok
    22:05:22.0276 3560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:05:22.0448 3560 IpFilterDriver - ok
    22:05:22.0464 3560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:05:22.0636 3560 IpInIp - ok
    22:05:22.0839 3560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:05:23.0026 3560 IpNat - ok
    22:05:23.0089 3560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:05:23.0276 3560 IPSec - ok
    22:05:23.0355 3560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:05:23.0448 3560 IRENUM - ok
    22:05:23.0526 3560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:05:23.0667 3560 isapnp - ok
    22:05:23.0745 3560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:05:23.0917 3560 Kbdclass - ok
    22:05:23.0964 3560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:05:24.0120 3560 kbdhid - ok
    22:05:24.0183 3560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    22:05:24.0339 3560 kmixer - ok
    22:05:24.0464 3560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:05:24.0526 3560 KSecDD - ok
    22:05:24.0573 3560 lbrtfdc - ok
    22:05:24.0698 3560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:05:24.0870 3560 mnmdd - ok
    22:05:24.0917 3560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    22:05:25.0089 3560 Modem - ok
    22:05:25.0136 3560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:05:25.0292 3560 Mouclass - ok
    22:05:25.0386 3560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:05:25.0558 3560 mouhid - ok
    22:05:25.0605 3560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:05:25.0761 3560 MountMgr - ok
    22:05:25.0808 3560 mraid35x - ok
    22:05:25.0823 3560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:05:25.0980 3560 MRxDAV - ok
    22:05:26.0105 3560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:05:26.0183 3560 MRxSmb - ok
    22:05:26.0230 3560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    22:05:26.0401 3560 Msfs - ok
    22:05:26.0480 3560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:05:26.0636 3560 MSKSSRV - ok
    22:05:26.0683 3560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:05:26.0839 3560 MSPCLOCK - ok
    22:05:26.0886 3560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:05:27.0058 3560 MSPQM - ok
    22:05:27.0136 3560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:05:27.0292 3560 mssmbios - ok
    22:05:27.0339 3560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    22:05:27.0511 3560 MSTEE - ok
    22:05:27.0573 3560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    22:05:27.0636 3560 Mup - ok
    22:05:27.0730 3560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    22:05:27.0886 3560 NABTSFEC - ok
    22:05:28.0167 3560 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110731.003\NAVENG.SYS
    22:05:28.0183 3560 NAVENG - ok
    22:05:28.0276 3560 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110731.003\NAVEX15.SYS
    22:05:28.0355 3560 NAVEX15 - ok
    22:05:28.0526 3560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    22:05:28.0698 3560 NDIS - ok
    22:05:28.0730 3560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    22:05:28.0870 3560 NdisIP - ok
    22:05:28.0901 3560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:05:28.0964 3560 NdisTapi - ok
    22:05:29.0136 3560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:05:29.0292 3560 Ndisuio - ok
    22:05:29.0308 3560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:05:29.0448 3560 NdisWan - ok
    22:05:29.0511 3560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:05:29.0542 3560 NDProxy - ok
    22:05:29.0698 3560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:05:29.0855 3560 NetBIOS - ok
    22:05:29.0901 3560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:05:30.0073 3560 NetBT - ok
    22:05:30.0136 3560 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
    22:05:30.0214 3560 nmwcd - ok
    22:05:30.0370 3560 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    22:05:30.0464 3560 nmwcdc - ok
    22:05:30.0495 3560 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
    22:05:30.0589 3560 nmwcdnsu - ok
    22:05:30.0620 3560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    22:05:30.0792 3560 Npfs - ok
    22:05:30.0980 3560 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys
    22:05:30.0995 3560 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
    22:05:30.0995 3560 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
    22:05:31.0042 3560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:05:31.0214 3560 Ntfs - ok
    22:05:31.0417 3560 NTIDrvr (5535174933a08bb8f1cee26dffb930e4) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    22:05:31.0433 3560 NTIDrvr - ok
    22:05:31.0464 3560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:05:31.0620 3560 Null - ok
    22:05:31.0839 3560 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    22:05:32.0214 3560 nv - ok
    22:05:32.0417 3560 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    22:05:32.0480 3560 NVENETFD - ok
    22:05:32.0495 3560 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    22:05:32.0542 3560 nvnetbus - ok
    22:05:32.0745 3560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:05:32.0886 3560 NwlnkFlt - ok
    22:05:32.0933 3560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:05:33.0089 3560 NwlnkFwd - ok
    22:05:33.0136 3560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    22:05:33.0276 3560 Parport - ok
    22:05:33.0464 3560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:05:33.0620 3560 PartMgr - ok
    22:05:33.0651 3560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:05:33.0808 3560 ParVdm - ok
    22:05:33.0855 3560 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
    22:05:33.0870 3560 PCASp50 - ok
    22:05:34.0058 3560 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    22:05:34.0073 3560 pccsmcfd - ok
    22:05:34.0136 3560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:05:34.0323 3560 PCI - ok
    22:05:34.0433 3560 PCIDump - ok
    22:05:34.0448 3560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:05:34.0605 3560 PCIIde - ok
    22:05:34.0620 3560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:05:34.0776 3560 Pcmcia - ok
    22:05:34.0808 3560 PDCOMP - ok
    22:05:34.0823 3560 PDFRAME - ok
    22:05:34.0839 3560 PDRELI - ok
    22:05:34.0870 3560 PDRFRAME - ok
    22:05:34.0870 3560 perc2 - ok
    22:05:34.0901 3560 perc2hib - ok
    22:05:34.0964 3560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:05:35.0105 3560 PptpMiniport - ok
    22:05:35.0151 3560 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    22:05:35.0292 3560 Processor - ok
    22:05:35.0401 3560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:05:35.0558 3560 PSched - ok
    22:05:35.0573 3560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:05:35.0714 3560 Ptilink - ok
    22:05:35.0745 3560 ql1080 - ok
    22:05:35.0761 3560 Ql10wnt - ok
    22:05:35.0776 3560 ql12160 - ok
    22:05:35.0792 3560 ql1240 - ok
    22:05:35.0808 3560 ql1280 - ok
    22:05:35.0855 3560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:05:35.0980 3560 RasAcd - ok
    22:05:36.0011 3560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:05:36.0151 3560 Rasl2tp - ok
    22:05:36.0167 3560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:05:36.0323 3560 RasPppoe - ok
    22:05:36.0433 3560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:05:36.0573 3560 Raspti - ok
    22:05:36.0620 3560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:05:36.0792 3560 Rdbss - ok
    22:05:36.0839 3560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:05:36.0995 3560 RDPCDD - ok
    22:05:37.0136 3560 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:05:37.0198 3560 RDPWD - ok
    22:05:37.0261 3560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:05:37.0417 3560 redbook - ok
    22:05:37.0605 3560 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys
    22:05:37.0667 3560 rt2870 - ok
    22:05:37.0714 3560 RTLWUSB (5a850259b849a899990379a75460a4eb) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
    22:05:37.0776 3560 RTLWUSB - ok
    22:05:37.0901 3560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:05:37.0964 3560 Secdrv - ok
    22:05:38.0011 3560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    22:05:38.0167 3560 Serial - ok
    22:05:38.0214 3560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:05:38.0386 3560 Sfloppy - ok
    22:05:38.0417 3560 Simbad - ok
    22:05:38.0448 3560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    22:05:38.0589 3560 SLIP - ok
    22:05:38.0683 3560 Sparrow - ok
    22:05:38.0917 3560 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    22:05:38.0933 3560 SPBBCDrv - ok
    22:05:39.0089 3560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    22:05:39.0261 3560 splitter - ok
    22:05:39.0355 3560 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\WINDOWS\System32\Drivers\sptd.sys
    22:05:39.0355 3560 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
    22:05:39.0355 3560 sptd ( LockedFile.Multi.Generic ) - warning
    22:05:39.0355 3560 sptd - detected LockedFile.Multi.Generic (1)
    22:05:39.0511 3560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:05:39.0589 3560 sr - ok
    22:05:39.0636 3560 SRTSP (e0e54a571d4323567e95e11fe76a5ff3) C:\WINDOWS\system32\Drivers\SRTSP.SYS
    22:05:39.0667 3560 SRTSP - ok
    22:05:39.0714 3560 SRTSPL (4e44f0e22df824d318988caa6f321c30) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
    22:05:39.0745 3560 SRTSPL - ok
    22:05:39.0886 3560 SRTSPX (d3bb40427cf3d02e56bba97feda0a3aa) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
    22:05:39.0917 3560 SRTSPX - ok
    22:05:39.0980 3560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:05:40.0042 3560 Srv - ok
    22:05:40.0198 3560 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    22:05:40.0355 3560 streamip - ok
    22:05:40.0433 3560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:05:40.0589 3560 swenum - ok
    22:05:40.0667 3560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    22:05:40.0808 3560 swmidi - ok
    22:05:40.0823 3560 symc810 - ok
    22:05:40.0839 3560 symc8xx - ok
    22:05:40.0886 3560 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
    22:05:40.0886 3560 SYMDNS - ok
    22:05:40.0980 3560 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    22:05:40.0995 3560 SymEvent - ok
    22:05:41.0058 3560 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS
    22:05:41.0073 3560 SYMFW - ok
    22:05:41.0089 3560 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
    22:05:41.0105 3560 SYMIDS - ok
    22:05:41.0292 3560 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20110726.002\SymIDSCo.sys
    22:05:41.0323 3560 SYMIDSCO - ok
    22:05:41.0401 3560 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    22:05:41.0417 3560 SymIM - ok
    22:05:41.0433 3560 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    22:05:41.0448 3560 SymIMMP - ok
    22:05:41.0542 3560 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
    22:05:41.0558 3560 SYMNDIS - ok
    22:05:41.0573 3560 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    22:05:41.0589 3560 SYMREDRV - ok
    22:05:41.0667 3560 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    22:05:41.0683 3560 SYMTDI - ok
    22:05:41.0698 3560 sym_hi - ok
    22:05:41.0714 3560 sym_u3 - ok
    22:05:41.0792 3560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:05:41.0980 3560 sysaudio - ok
    22:05:42.0105 3560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:05:42.0167 3560 Tcpip - ok
    22:05:42.0230 3560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:05:42.0386 3560 TDPIPE - ok
    22:05:42.0448 3560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:05:42.0605 3560 TDTCP - ok
    22:05:42.0698 3560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:05:42.0839 3560 TermDD - ok
    22:05:42.0855 3560 TosIde - ok
    22:05:42.0917 3560 UBHelper (5e3966a0d9b57531264fc0c835021fa1) C:\WINDOWS\system32\drivers\UBHelper.sys
    22:05:42.0917 3560 UBHelper - ok
    22:05:43.0011 3560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    22:05:43.0136 3560 Udfs - ok
    22:05:43.0198 3560 ultra - ok
    22:05:43.0261 3560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    22:05:43.0448 3560 Update - ok
    22:05:43.0542 3560 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    22:05:43.0620 3560 upperdev - ok
    22:05:43.0714 3560 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    22:05:43.0870 3560 usbaudio - ok
    22:05:43.0980 3560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:05:44.0136 3560 usbccgp - ok
    22:05:44.0167 3560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:05:44.0308 3560 usbehci - ok
    22:05:44.0323 3560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:05:44.0480 3560 usbhub - ok
    22:05:44.0636 3560 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    22:05:44.0776 3560 usbohci - ok
    22:05:44.0823 3560 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    22:05:44.0980 3560 usbser - ok
    22:05:45.0058 3560 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    22:05:45.0120 3560 UsbserFilt - ok
    22:05:45.0276 3560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:05:45.0433 3560 USBSTOR - ok
    22:05:45.0480 3560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    22:05:45.0636 3560 VgaSave - ok
    22:05:45.0745 3560 ViaIde - ok
    22:05:45.0792 3560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:05:45.0964 3560 VolSnap - ok
    22:05:46.0105 3560 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\WINDOWS\system32\DRIVERS\VX3000.sys
    22:05:46.0198 3560 VX3000 - ok
    22:05:46.0370 3560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:05:46.0526 3560 Wanarp - ok
    22:05:46.0620 3560 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    22:05:46.0651 3560 Wdf01000 - ok
    22:05:46.0761 3560 WDICA - ok
    22:05:46.0823 3560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:05:46.0995 3560 wdmaud - ok
    22:05:47.0073 3560 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    22:05:47.0198 3560 WmiAcpi - ok
    22:05:47.0261 3560 WpdUsb (d7467f619f574ab36286d2903e751deb) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    22:05:47.0308 3560 WpdUsb - ok
    22:05:47.0448 3560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    22:05:47.0605 3560 WSTCODEC - ok
    22:05:47.0667 3560 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    22:05:47.0698 3560 WudfPf - ok
    22:05:47.0839 3560 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    22:05:47.0870 3560 WudfRd - ok
    22:05:47.0948 3560 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
    22:05:48.0011 3560 \Device\Harddisk0\DR0 - ok
    22:05:48.0026 3560 Boot (0x1200) (13f4e9229c8acbebad36fff051c80cb7) \Device\Harddisk0\DR0\Partition0
    22:05:48.0026 3560 \Device\Harddisk0\DR0\Partition0 - ok
    22:05:48.0042 3560 Boot (0x1200) (ab2b2af8a2f8c5cb3ef34532efc823d2) \Device\Harddisk0\DR0\Partition1
    22:05:48.0042 3560 \Device\Harddisk0\DR0\Partition1 - ok
    22:05:48.0042 3560 ============================================================
    22:05:48.0042 3560 Scan finished
    22:05:48.0042 3560 ============================================================
    22:05:48.0151 1836 Detected object count: 4
    22:05:48.0151 1836 Actual detected object count: 4
    22:05:53.0464 1836 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
    22:05:53.0464 1836 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
    22:05:53.0464 1836 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
    22:05:53.0464 1836 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
    22:05:53.0464 1836 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
    22:05:53.0464 1836 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
    22:05:53.0464 1836 sptd ( LockedFile.Multi.Generic ) - skipped by user
    22:05:53.0464 1836 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    22:05:55.0386 0748 Deinitialize success
     
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Lets try Combofix.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

        If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    4. Double click on combofix.exe & follow the prompts.
    5. Install the Recovery Console if prompted.
    6. When finished, it will produce a report for you.
    7. Please post the "C:\ComboFix.txt" .
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  9. janjanmagdaleno

    janjanmagdaleno Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    5
    well thanks for helping man, really appreciate it but i think i'll just bear with it. thanks again!
     
  10. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    As you wish.

    I am closing this topic.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1024842

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice