PDA

View Full Version : is it fixed yet....



blackdra
2011-08-01, 12:21
havent been here in 2 years so at least thats good lol

computer started to act weird so i took a look and hope i got it all but to be safe i would rather have you all look at my logs and just give it a once over

also

how do you boots performance if at all and can multiple viruses, malware etc... even when fix permanently slow your computer



Programs: clamwin(antivirus), spybot (of course), hijackthis

logs in same order:


Scan Started Sun Jul 31 22:46:26 2011

-------------------------------------------------------------------------------



C:\Documents and Settings\All Users\.clamwin\quarantine\sp.DLL.infected not moved/copied since already in quarantine

WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a6adc2be8539f3034d5247e6dfa3267_ab562468-bd0a-4927-81f6-bddba689b279: Permission denied

C:\Documents and Settings\Anne\Local Settings\temp\xkuljo.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\xkuljo.exe.infected'

C:\Documents and Settings\Eric\Application Data\Sun\Java\Deployment\cache\6.0\26\6f69d9da-749769c0: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\6f69d9da-749769c0.infected'

C:\Documents and Settings\Eric\Desktop\poke\pokesav039en.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\pokesav039en.exe.infected'

C:\Documents and Settings\Janet\Local Settings\temp\e.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\e.exe.infected'

C:\Documents and Settings\Janet\Local Settings\temp\fektnq.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\fektnq.dll.infected'

WARNING: Can't open file C:\hiberfil.sys: Permission denied

WARNING: Can't open file C:\pagefile.sys: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc10.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc100.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc101.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc102.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc103.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc104.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc105.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc106.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc107.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc108.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc11.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc12.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc13.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc14.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc15.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc16.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc17.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc18.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc19.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc20.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc21.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc22.JPG: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc23.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc24.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc25.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc26.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc27.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc28.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc29.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc30.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc31.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc32.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc33.JPG: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc34.JPG: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc35.JPG: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc36.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc37.JPG: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc38.JPG: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc4.wpl: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc6.bmp: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc7.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc70.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc71.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc72.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc73.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc74.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc75.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc76.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc77.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc78.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc79.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc8.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc80.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc81.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc82.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc83.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc84.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc85.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc86.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc87.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc88.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc89.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc9.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc90.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc91.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc92.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc93.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc94.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc95.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc96.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc97.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc98.jpg: Permission denied

WARNING: Can't open file C:\RECYCLER\S-1-5-21-1439159683-283072792-1928842331-1008\Dc99.jpg: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\default: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\SAM: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\SECURITY: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\software: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\system: Permission denied

C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\49\76f28431-59443507: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\76f28431-59443507.infected'

C:\WINDOWS\system32\yosutihe.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\yosutihe.exe.infected'



C:\Documents and Settings\All Users\.clamwin\quarantine\sp.DLL.infected: Trojan.Proxy-3737 FOUND

C:\Documents and Settings\Anne\Local Settings\temp\xkuljo.exe: Trojan.Fraudpack-3363 FOUND

C:\Documents and Settings\Eric\Application Data\Sun\Java\Deployment\cache\6.0\26\6f69d9da-749769c0: Trojan.Downloader.Java-18 FOUND

C:\Documents and Settings\Eric\Desktop\poke\pokesav039en.exe: Trojan.VB-22715 FOUND

C:\Documents and Settings\Janet\Local Settings\temp\e.exe: Trojan.Fraudpack-4272 FOUND

C:\Documents and Settings\Janet\Local Settings\temp\fektnq.dll: Worm.Zhelatin-39 FOUND

C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\49\76f28431-59443507: Trojan.Downloader.Java.ClassLoader-1 FOUND

C:\WINDOWS\system32\yosutihe.exe: Trojan.Agent-140573 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 972006

Engine version: 0.97.1

Scanned directories: 16515

Scanned files: 141602

Infected files: 8



Not copied: 1

Data scanned: 20476.25 MB

Data read: 22929.41 MB (ratio 0.89:1)

Time: 11070.657 sec (184 m 30 s)



--------------------------------------

Completed

--------------------------------------











thanx in adavance

blackdra
2011-08-01, 12:26
(my bad hit post by mistake)

log 2


--- Search result list ---
Fraud.AVSecuritySuite: [SBI $9895C990] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINESOFTWARE\avsoft

Fraud.AVSecuritySuite: [SBI $3AFEEE53] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINESOFTWARE\avsuite

Fraud.AVSecuritySuite: [SBI $76B71BBD] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\AVSuitE

Fraud.AVSecuritySuite: [SBI $76B71BBD] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1007\Software\AVSuitE

Fraud.InternetSecurity2010: [SBI $2AE67590] Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\IS2010

Fraud.InternetSecurity2010: [SBI $2AE67590] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\IS2010

Fraud.Sysguard: [SBI $DE8B4171] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\avSofT

Fraud.Sysguard: [SBI $DE8B4171] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1006\Software\avSofT

Fraud.Sysguard: [SBI $1E2EA4A2] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\avSofT

Fraud.Sysguard: [SBI $69AD3D36] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE

Fraud.Sysguard: [SBI $6C193898] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1005\Software\AVSS

Fraud.Sysguard: [SBI $6C193898] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1007\Software\AVSS

Fraud.Sysguard: [SBI $3FE4294B] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\AVSS

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-1007\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-1439159683-283072792-1928842331-500\Software\8636065b-fef0-4255-b14f-54639f7900a4

FunWebProducts: [SBI $9FF1B3A4] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FunWebProducts

Virtumonde.sci: [SBI $5B9AAAB1] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}

Right Media: Tracking cookie (Internet Explorer: Eric) (Cookie, fixed)


Zedo: Tracking cookie (Internet Explorer: Eric) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Eric) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Eric) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Eric) (Cookie, fixed)

blackdra
2011-08-01, 12:27
log 3

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:54:35 AM, on 8/1/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [rlhbrnwv] C:\Documents and Settings\Anne\Local Settings\Application Data\nxjwsm\hudhsftav.exe
O4 - HKLM\..\Run: [rvebesyk] C:\Documents and Settings\Janet\Local Settings\Application Data\sblgpnwwn\tbytjsxtssd.exe
O4 - HKLM\..\Run: [ClamWin] "I:\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Anne')
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Anne')
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1006\..\Run: [notepad] rundll32.exe C:\DOCUME~1\Anne\ntload.dll,_IWMPEvents@0 (User 'Anne')
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1006\..\Run: [rlhbrnwv] C:\Documents and Settings\Anne\Local Settings\Application Data\nxjwsm\hudhsftav.exe (User 'Anne')
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Janet')
O4 - HKUS\S-1-5-21-1439159683-283072792-1928842331-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Shawn')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5425 bytes





and while running clamwin you will see in the log a file/jpg recycler? first time i have seen that what is it ?

tashi
2011-08-01, 17:51
Hello blackdra,

Please revisit the FAQ which may have changed since your last visit.

Instructions for posting preliminary DDS logs for analysis in post #2. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic providing the logs as shown in that sticky and a link back to this thread. A volunteer analyst will advise you when available. :)

Best regards.