cranium5000

Hello, my computer is running slow, I have ran a scan with avast! and found some viruses. I have followed the 5 steps and have done everything except the online scan with panda. For some reason it would let me run a scan, it would load the page but when I went to click my comp button to start the scan there would be an error on the page and nothing would happen. Here are the viruses and where they are located at. Thanks

Win32:Trojan-gen.(UPX!)
C:C1.tmp

Win32:CTX
C:\System Volume Information\_Restore{129201FA-B0AC-49B3-96B

Deckard's System Scanner v20070819.64
Run by Michelle Czolgosz on 2007-08-21 10:49:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-21 10:49:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Michelle Czolgosz\Local Settings\Temporary Internet Files\Content.IE5\D7487TQJ\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O15 - Trusted Zone: https://online.musicmatch.com (HKEY_LOCAL_MACHINE)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


-- Files created between 2007-07-21 and 2007-08-21 -----------------------------

2007-08-21 03:10:07 0 d-------- C:\Program Files\Trend Micro
2007-08-21 02:54:03 0 d-------- C:\WINDOWS\LastGood
2007-08-21 00:03:50 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-08-20 22:45:46 0 d-------- C:\Program Files\SpywareBlaster
2007-08-19 23:52:01 0 d-------- C:\ie-spyad


-- Find3M Report ---------------------------------------------------------------

2007-08-17 16:12:25 0 d-------- C:\Program Files\Dl_cats
2007-07-15 10:13:06 0 d-------- C:\Documents and Settings\Michelle Czolgosz\Application Data\U3
2007-07-15 10:10:14 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-15 10:10:13 56 -r-hs---- C:\WINDOWS\system32\D52650D936.sys
2007-06-26 16:37:46 0 d-------- C:\Program Files\CCleaner
2007-06-26 16:37:45 0 d-------- C:\Program Files\AIM
2007-06-26 16:37:44 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-06-25 20:30:45 81920 --a------ C:\WINDOWS\system32\Dversion.dll <Not Verified; FarStone; Farstone Dversion>
2007-06-25 20:30:45 122880 --a------ C:\WINDOWS\system32\DVC.dll <Not Verified; Farstone; Farstone DVC>
2007-06-25 20:30:44 45056 --a------ C:\WINDOWS\system32\Fsinst32.dll
2007-06-25 20:30:44 5120 --a------ C:\WINDOWS\system32\Fsinst16.DLL
2007-06-20 19:03:39 14848 --a------ C:\fwdrv.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 09:03 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/2007 06:03 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{637bc03f-6e91-11da-92c0-806d6172696f}]
AutoRun\command- D:\ASSetWiz.exe




-- End of Deckard's System Scanner: finished at 2007-08-21 10:50:25 ------------

Attached Files

extra.txt (19.4 KB, 0 views)