computer locks up and has malware

Status
Not open for further replies.
dds results

DDS (Ver_10-12-12.02) - NTFSx86
Run by Diana at 18:22:49.00 on 15/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1489 [GMT 0:00]

FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Diana\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\diana\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161180053796
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38195.0576851852
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6106/mcfscan.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-7-27 77056]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-15 135664]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-1 374152]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2011-01-15 14:47:01 37563 -c--a-w- c:\windows\system32\dllcache\OLD1EF7.tmp
2011-01-15 14:45:59 48000 -c--a-w- c:\windows\system32\dllcache\OLD1E21.tmp
2011-01-15 14:44:59 56832 -c--a-w- c:\windows\system32\dllcache\OLD1D8D.tmp
2011-01-15 14:43:59 34688 -c--a-w- c:\windows\system32\dllcache\OLD1D18.tmp
2011-01-15 14:42:59 9216 -c--a-w- c:\windows\system32\dllcache\OLD1C06.tmp
2011-01-15 14:41:34 24618 -c--a-w- c:\windows\system32\dllcache\OLD1B22.tmp
2011-01-15 14:40:59 206976 -c--a-w- c:\windows\system32\dllcache\OLD1A63.tmp
2011-01-15 14:39:59 7680 -c--a-w- c:\windows\system32\dllcache\OLD1934.tmp
2011-01-15 14:38:59 10240 -c--a-w- c:\windows\system32\dllcache\OLD17EA.tmp
2011-01-15 14:37:33 49664 -c--a-w- c:\windows\system32\dllcache\OLD1785.tmp
2011-01-15 14:36:59 169984 -c--a-w- c:\windows\system32\dllcache\OLD171F.tmp
2011-01-15 14:34:59 20736 -c--a-w- c:\windows\system32\dllcache\OLD16DF.tmp
2011-01-15 14:33:41 17664 -c--a-w- c:\windows\system32\dllcache\OLD1698.tmp
2011-01-15 14:32:54 259328 -c--a-w- c:\windows\system32\dllcache\OLD1663.tmp
2011-01-15 14:31:59 44544 -c--a-w- c:\windows\system32\dllcache\OLD1629.tmp
2011-01-15 14:30:59 52255 -c--a-w- c:\windows\system32\dllcache\OLD15AE.tmp
2011-01-15 14:29:50 58880 -c--a-w- c:\windows\system32\dllcache\OLD1542.tmp
2011-01-15 14:28:59 59904 -c--a-w- c:\windows\system32\dllcache\OLD1458.tmp
2011-01-15 14:27:59 34173 -c--a-w- c:\windows\system32\dllcache\OLD1323.tmp
2011-01-15 14:26:59 334208 -c--a-w- c:\windows\system32\dllcache\OLD1265.tmp
2011-01-15 14:25:59 714698 -c--a-w- c:\windows\system32\dllcache\OLD111E.tmp
2011-01-15 14:24:30 23552 -c--a-w- c:\windows\system32\dllcache\OLDFF8.tmp
2011-01-15 14:23:43 6272 -c--a-w- c:\windows\system32\dllcache\OLDFA2.tmp
2011-01-15 14:22:59 96256 -c--a-w- c:\windows\system32\dllcache\OLDF4B.tmp
2011-01-15 14:19:34 116224 -c--a-w- c:\windows\system32\dllcache\OLDECC.tmp
2011-01-15 14:19:33 23040 -c--a-w- c:\windows\system32\dllcache\OLDEC8.tmp
2011-01-15 14:19:32 18944 -c--a-w- c:\windows\system32\dllcache\OLDEC4.tmp
2011-01-15 14:19:31 4608 -c--a-w- c:\windows\system32\dllcache\OLDEBC.tmp
2011-01-15 14:19:31 27648 -c--a-w- c:\windows\system32\dllcache\OLDEC0.tmp
2011-01-15 14:19:07 99865 -c--a-w- c:\windows\system32\dllcache\OLDEB8.tmp
2011-01-15 14:19:06 16970 -c--a-w- c:\windows\system32\dllcache\OLDEB1.tmp
2011-01-15 14:19:05 19455 -c--a-w- c:\windows\system32\dllcache\OLDEAD.tmp
2011-01-15 14:19:01 19200 -c--a-w- c:\windows\system32\dllcache\OLDEA9.tmp
2011-01-15 14:17:59 48256 -c--a-w- c:\windows\system32\dllcache\OLDE28.tmp
2011-01-15 14:16:59 21896 -c--a-w- c:\windows\system32\dllcache\OLDD32.tmp
2011-01-15 14:15:54 8704 -c--a-w- c:\windows\system32\dllcache\OLDC9A.tmp
2011-01-15 14:15:53 39936 -c--a-w- c:\windows\system32\dllcache\OLDC97.tmp
2011-01-15 14:15:53 10240 -c--a-w- c:\windows\system32\dllcache\OLDC94.tmp
2011-01-15 14:15:52 6144 -c--a-w- c:\windows\system32\dllcache\OLDC8E.tmp
2011-01-15 14:15:52 358400 -c--a-w- c:\windows\system32\dllcache\OLDC8B.tmp
2011-01-15 14:15:52 188416 -c--a-w- c:\windows\system32\dllcache\OLDC91.tmp
2011-01-15 14:15:51 33280 -c--a-w- c:\windows\system32\dllcache\OLDC85.tmp
2011-01-15 14:15:51 259072 -c--a-w- c:\windows\system32\dllcache\OLDC88.tmp
2011-01-15 14:15:50 12288 -c--a-w- c:\windows\system32\dllcache\OLDC82.tmp
2011-01-15 14:11:59 68608 -c--a-w- c:\windows\system32\dllcache\OLDBF3.tmp
2011-01-15 14:11:59 252032 -c--a-w- c:\windows\system32\dllcache\OLDBEF.tmp
2011-01-15 14:11:58 18944 -c--a-w- c:\windows\system32\dllcache\OLDBE7.tmp
2011-01-15 14:11:58 101760 -c--a-w- c:\windows\system32\dllcache\OLDBEB.tmp
2011-01-15 14:11:50 18400 -c--a-w- c:\windows\system32\dllcache\OLDBE0.tmp
2011-01-15 14:11:50 161568 -c--a-w- c:\windows\system32\dllcache\OLDBE4.tmp
2011-01-15 14:11:49 98080 -c--a-w- c:\windows\system32\dllcache\OLDBDC.tmp
2011-01-15 14:11:49 386560 -c--a-w- c:\windows\system32\dllcache\OLDBD8.tmp
2011-01-15 14:11:48 36480 -c--a-w- c:\windows\system32\dllcache\OLDBD4.tmp
2011-01-15 14:11:45 17664 -c--a-w- c:\windows\system32\dllcache\OLDBD0.tmp
2011-01-15 14:11:44 26112 -c--a-w- c:\windows\system32\dllcache\OLDBCC.tmp
2011-01-15 14:10:57 6912 -c--a-w- c:\windows\system32\dllcache\OLDBC8.tmp
2011-01-15 14:10:56 11520 -c--a-w- c:\windows\system32\dllcache\OLDBC4.tmp
2011-01-15 14:10:55 11648 -c--a-w- c:\windows\system32\dllcache\OLDBC0.tmp
2011-01-15 14:10:54 57856 -c--a-w- c:\windows\system32\dllcache\OLDBBC.tmp
2011-01-15 14:07:39 14848 -c--a-w- c:\windows\system32\dllcache\OLDB2A.tmp
2011-01-15 14:06:59 79360 -c--a-w- c:\windows\system32\dllcache\OLDA9A.tmp
2011-01-15 14:04:44 9344 -c--a-w- c:\windows\system32\dllcache\OLD9DE.tmp
2011-01-15 14:03:54 40960 -c--a-w- c:\windows\system32\dllcache\OLD95A.tmp
2011-01-15 14:02:42 58880 -c--a-w- c:\windows\system32\dllcache\OLD8F4.tmp
2011-01-15 14:01:58 5632 -c--a-w- c:\windows\system32\dllcache\OLD825.tmp
2011-01-15 14:00:56 10129408 -c--a-w- c:\windows\system32\dllcache\OLD6FC.tmp
2011-01-15 13:59:59 24632 -c--a-w- c:\windows\system32\dllcache\OLD5FF.tmp
2011-01-15 13:58:59 69692 -c--a-w- c:\windows\system32\dllcache\OLD522.tmp
2011-01-15 13:57:59 72832 -c--a-w- c:\windows\system32\dllcache\OLD409.tmp
2011-01-15 13:56:35 13824 -c--a-w- c:\windows\system32\dllcache\OLD24E.tmp
2011-01-15 13:55:59 26880 -c--a-w- c:\windows\system32\dllcache\OLD18E.tmp
2011-01-15 13:54:59 5632 -c--a-w- c:\windows\system32\dllcache\OLDF4.tmp
2011-01-15 13:53:58 16384 -c--a-w- c:\windows\system32\dllcache\OLD88.tmp
2011-01-15 13:52:45 20540 -c--a-w- c:\windows\system32\dllcache\OLD12.tmp
2011-01-15 13:52:45 16439 -c--a-w- c:\windows\system32\dllcache\OLD15.tmp
2011-01-15 13:52:43 43520 -c--a-w- c:\windows\system32\dllcache\OLDC.tmp
2011-01-15 13:52:43 290816 -c--a-w- c:\windows\system32\dllcache\OLDF.tmp
2011-01-15 13:52:42 20540 -c--a-w- c:\windows\system32\dllcache\OLD6.tmp
2011-01-15 13:52:42 16439 -c--a-w- c:\windows\system32\dllcache\OLD9.tmp
2011-01-15 12:55:46 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-15 12:55:45 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-15 12:55:44 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-01-15 12:55:44 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-01-15 12:55:43 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-01-15 12:55:20 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-01-15 12:55:19 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-01-15 12:55:17 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-01-15 12:55:13 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-01-15 12:55:12 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-01-15 12:53:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-01-15 12:52:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-01-15 12:51:59 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2011-01-15 12:50:58 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2011-01-15 12:49:59 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-01-15 12:48:58 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2011-01-15 12:47:35 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-01-15 12:46:59 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-01-15 12:45:59 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys
2011-01-15 12:44:59 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2011-01-15 12:43:50 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-01-15 12:42:32 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-01-15 12:41:36 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-01-14 16:40:13 -------- d-sha-r- C:\cmdcons
2011-01-14 16:37:10 98816 ----a-w- c:\windows\sed.exe
2011-01-14 16:37:10 89088 ----a-w- c:\windows\MBR.exe
2011-01-14 16:37:10 256512 ----a-w- c:\windows\PEV.exe
2011-01-14 16:37:10 161792 ----a-w- c:\windows\SWREG.exe
2011-01-13 17:28:46 -------- d-----w- C:\HostXpert
2011-01-13 17:26:21 -------- d-----w- C:\.HostsXpert[1]
2011-01-12 16:54:28 602112 ----a-w- c:\temp\OTL.exe
2010-12-19 15:30:01 -------- d-----w- C:\$AVG
2010-12-19 14:01:51 -------- d-----w- c:\docume~1\diana\applic~1\AVG10
2010-12-19 14:00:43 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-19 13:58:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-19 13:56:06 -------- d-----w- c:\program files\AVG
2010-12-19 13:49:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2010-11-19 15:18:39 2026 ----a-w- C:\cc_20101119_151835.reg
2010-11-19 15:18:08 91930 ----a-w- C:\cc_20101119_151753.reg
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 18:23:26.35 ===============
 
Hi,

I am not seeing markers in your log that show your hosts file is infected, it may have been fixed.


Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic



Post the ESET log and let me know how things are running now ?
 
est file

estonline file it says all have been fixed. lets hope so


C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\8e8669\71.mof.vir Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{AF6222A9-E625-41BF-BE22-EECE262BAB3D}\RP1874\A0273305.mof Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143710.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143715.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143716.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143717.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143721.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143722.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143724.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143726.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143735.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143736.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143739.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143742.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143755.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100916-143757.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094756.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094802.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094804.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094806.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094807.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094810.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094812.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094815.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094817.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094821.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094822.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094824.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094825.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100917-094826.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133026.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133035.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133036.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133038.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133039.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133041.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133044.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133045.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133046.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133047.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133142.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133147.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-133148.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165400.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165456.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165500.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165501.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165512.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165633.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165635.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165636.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165637.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165702.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165705.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165706.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165707.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101219-165708.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193152.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193158.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193159.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193201.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193202.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193203.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193205.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193206.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193207.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193208.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193210.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193215.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110106-193358.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-175851.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-175947.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-175950.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180040.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180042.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180043.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180044.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180045.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180046.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180047.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180048.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180049.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110107-180050.backup Win32/Qhost trojan cleaned by deleting - quarantined
 
Those that where removed where exactly what I was looking for, they would have been on your OTL log if we could have run it. What they are are infected copies of your Hosts file

Why dont you drag OTL and OTL(1) to the trash and lets grab a fresh copy , download it to your desktop and then boot to safemode and try to run it.

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.






To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode
 
otl test

After all that I can't get it to start in safe mode. It could be the keyboard as it is a wireless model. The menu comes up but can't get it to step up to the safe mode selection. I will get another wired keyboard in the morning and try again.
PS otl failed again in normal mode but i'll try safe mode tomorrow and contact you again.
Thanks again for all your help.
 
otl test

I have changed the keyboard for a directly wired one and can now get into safe mode but all three of the OT programs fail saying there is a problem and need to close in both safe and normal modes.
 
Hi,

Not running those programs may be windows related, what I would like you to do is post at this windows forum ( all of us forums work together ) and tell them you want to run System File Checker. Let them know you have a I386 folder and no XP CD. ( the CD you borrowed may not have worked ....has to do with service packs and a few other things ). After they get you to run SFC successfully then try OTL again, post back here either way and let me know.
http://forums.whatthetech.com/index.php?showforum=119

Let me know when you posted and I will give on of the techs a heads up so you wont have to wait
 
OTL program

I have posted a topic on the other forum as suggested and am awaiting a reply. I will post the results back to you asap.
Thank you for all your help so far.
 
I am linked to that post and added my 2 cents :)

The correct entry in SourcePath should be C:\

Then go to Start > Run and type this in sfc /scannow ( note the space between c and /, its needed and see if it will run now
 
Last edited:
You need to download and run OTL to your desktop, it will not run from other locations

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
otl problem

Thank you for your help. I can now run sfc scannow the problem was in the registery with some files settings pointing to the wrong locations. Now it only stops once and asks for the service pack 3 disc but as it is a mod that microsoft send i havent got a disc so i don't know yet how to resolve that one. I have tried to run otl.exe but with no success it is on the desktop and the path is C:\Documents and Settings\Diana\Desktop. it still gives the same message about OTL has encountered a problem and needs to close. We are sorry for the inconvenience.
I don't know what to do next.
 
Hi,

After all this we may get OTL to run and it will find no problems :) Hang on a bit , I am looking into this further.
 
Lets do a few things.

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :File
C:\windows\system32\kernel32.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt




=====================================


Two programs to download

First

ISOBurner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here

  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Standard Registry to All

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.
 
loading otlpe

Here is the system look file you asked for but the OTLPE link is broken. I have been on the web site directly but can't find the OTLPE file to download. There is another otlpsomething file i tried and the link to that fails as well. if you can give me another link i will try again. iso file downloaded ok.

systemlook file

SystemLook 04.09.10 by jpshortstuff
Log created at 17:52 on 19/01/2011 by Diana
Administrator - Elevation successful

========== File ==========

C:\windows\system32\kernel32.dll - File found and opened.
MD5: B921FB870C9AC0D509B2CCABBBBE95F3
Created at 12:00 on 31/03/2003
Modified at 14:06 on 21/03/2009
Size: 989696 bytes
Attributes: --a----
FileDescription: Windows NT BASE API Client DLL
FileVersion: 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)
ProductVersion: 5.1.2600.5781
OriginalFilename: kernel32
InternalName: kernel32
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

-= EOF =-
 
I am going to send that information on that file to the author of OTL and see what he thinks

That link for OTLPE may not be working, I was hoping it would but that tool may have been pulled.

How are things in general working now ?
 
reply

Its been ok up to now but i have only been using it to sort this problem out. it did freeze before getting the sfc scannow sorted out but it seems to be holding its own at the moment. I would like to get the one problem that sfc scannow found and asked for a SP3 disc for sorted though. one of your support staff mentioned in passing that there was a method of getting the disc made up from a download can you point me towards it.
Thank you
 
Well what there talking about is slipstreaming your XP CD, what this does is it takes you Windows XP CD and along with downloading Service Pack 3, it creates a new CD for your computer which will include XP and Service Pack 3 so that if you have to do a new reinstall of windows it will be all up to date, but you stated that you don't have your windows CD or even a recovery disk for your computer so this will not be able to be done with someone else s CD as the windows keycode will not match up.

The only thing I can suggest is to contact the manufacturer of your computer and request the recovery disk for your computer, with that disk you will be able to reinstall windows back to factory defaults, but if things are running ok then I dont think I would go through all that trouble

Are you able to do windows updates ?
 
reply

sorry i misunderstood the cd bit I thought they we're talking about having a SP3 only cd.

Yes I haven't had any trouble getting Microsoft updates that I know about.
 
Being able to update windows is a good sign. I submitted the information on that file to the author of OTL but have not heard back yet .


When you slipstream a windows disk, basically what this does is take the windows files on the older original windows disk along with the files from Service pack 3 that you download to your desktop and combines them into one new CD.
 
Status
Not open for further replies.
Back
Top