Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Having problems removing a trojan that avast found

Started by CaseyF , Jun 21 2009 05:15 PM

  • Please log in to reply

#1
CaseyF
Posted 21 June 2009 - 05:15 PM

CaseyF

    New Member

  • Member
  • Pip
  • 2 posts
I have been experiencing an issue with internet explorer not opening when I click on the icon. If I go to the task manager and close the process and try opening it multiple times it will eventually open. This issue prompted me to go to the Malware and Spyware Cleaning Guide. I have followed all of the instructions on that guide.

Avast found a trojan but was unable to delete it. It listed the trojans as...

Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\48930.exe\$TEMP\connector.exe" file.
Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\48930.exe\$TEMP\dependencies.exe" file.
Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\48930.exe\$TEMP\runtime.exe" file.

Below are my OTL, Malwarebytes, and rootkit logs (in that order). If there is anything else I can do please let me know. Thank you in advance for your time.

OTL logfile created on: 6/21/2009 6:01:51 PM - Run 1
OTL by OldTimer - Version 3.0.3.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 189.91 Gb Total Space | 73.28 Gb Free Space | 38.59% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 440.89 Gb Free Space | 94.66% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 84.06 Gb Free Space | 18.05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1397.26 Gb Total Space | 356.93 Gb Free Space | 25.55% Space Free | Partition Type: NTFS

Computer Name: CASEYCOMP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avast\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Avast\ashServ.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\Avast\ashDisp.exe (ALWIL Software)
PRC - C:\WINDOWS\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files\Avast\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Avast\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (aswUpdSv [Auto | Running]) -- C:\Program Files\Avast\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Avast\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Avast\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Avast\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IASJet [On_Demand | Stopped]) -- C:\WINDOWS\SysWOW64\iasrecst.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\WINDOWS\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\SysWow64\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\WINDOWS\SysWow64\PnkBstrB.exe ()
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\SysWow64\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AsIO [System | Stopped]) -- C:\WINDOWS\SysWow64\drivers\AsIO.sys ()
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\SysWow64\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\SysWow64\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (mnmdd [System | Running]) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found
O4:64bit: - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast\ashDisp.exe (ALWIL Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP Premium\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP Premium\dapextie2.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP Premium\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP Premium\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysNative\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysNative\mswsock.dll File not found
O15:64bit: - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: wellsfargo.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1199463204468 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15107/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysNative\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysNative\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysNative\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - File not found
O18:64bit: - Protocol\Filter: - application/x-complus - File not found
O18:64bit: - Protocol\Filter: - application/x-msdownload - File not found
O18:64bit: - Protocol\Filter: - Class Install Handler - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter: - deflate - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter: - gzip - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter: - lzdhtml - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\avgwlx64: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/04 04:50:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{14d70259-1e4a-11dd-ac27-001d60dd81a9}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/21 18:00:02 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/06/21 17:49:38 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/21 15:01:30 | 00,001,501 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/06/21 15:01:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\config.nt
[2009/06/21 15:01:15 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\SysWow64\aswBoot.exe
[2009/06/21 15:01:15 | 00,380,928 | ---- | C] () -- C:\WINDOWS\SysWow64\actskin4.ocx
[2009/06/21 15:01:13 | 00,000,000 | ---D | C] -- C:\Program Files\Avast
[2009/06/21 14:55:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/06/21 14:55:09 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/21 14:55:06 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2009/06/21 14:55:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/06/21 14:55:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/21 14:47:46 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/06/21 14:37:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2009/06/21 14:37:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/06/21 14:37:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Torrents
[2009/06/20 16:20:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Everything I Need
[2009/06/16 18:02:26 | 00,001,055 | ---- | C] () -- C:\net_save.dna
[2009/06/16 18:02:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\support.com
[2009/06/16 18:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SupportSoft
[2009/06/16 18:01:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
[2009/05/20 19:32:24 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/05/15 19:31:38 | 00,151,040 | ---- | C] () -- C:\WINDOWS\SysWow64\KSXPPI32.dll
[2008/11/21 20:13:23 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/06 18:34:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/07/20 16:41:05 | 00,034,308 | ---- | C] () -- C:\WINDOWS\SysWow64\BASSMOD.dll
[2008/05/08 23:56:14 | 00,000,013 | ---- | C] () -- C:\WINDOWS\OemOut.ini
[2008/03/04 09:20:48 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/02/16 21:55:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/06 00:24:50 | 00,506,710 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008/01/04 14:36:12 | 00,012,096 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2008/01/04 14:36:12 | 00,010,304 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2008/01/04 11:09:45 | 00,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll
[2008/01/04 11:09:44 | 00,013,632 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2008/01/04 10:54:24 | 00,839,680 | ---- | C] () -- C:\WINDOWS\SysWow64\libeay32.dll
[2008/01/04 10:54:24 | 00,159,744 | ---- | C] () -- C:\WINDOWS\SysWow64\ssleay32.dll
[2008/01/04 10:32:02 | 00,023,859 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/01/04 10:31:56 | 00,023,549 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/04 10:31:50 | 00,010,288 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2008/01/04 04:49:05 | 00,000,497 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/01/03 19:30:06 | 00,000,150 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/12/05 04:41:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll
[2007/12/05 04:41:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll
[2005/03/25 07:00:00 | 01,274,880 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2005/03/25 07:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 07:00:00 | 00,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 07:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 07:00:00 | 00,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 07:00:00 | 00,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 07:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2005/03/25 07:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 07:00:00 | 00,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 07:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 07:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 07:00:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 07:00:00 | 00,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 07:00:00 | 00,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 07:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 07:00:00 | 00,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 07:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 07:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2009/06/21 18:00:03 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/06/21 17:53:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/21 17:53:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/21 15:01:30 | 00,001,501 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/06/21 15:01:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2009/06/21 14:55:09 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/21 14:47:49 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/06/21 13:58:16 | 00,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/20 16:01:25 | 00,189,072 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2009/06/20 16:01:25 | 00,189,072 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2009/06/20 11:00:15 | 00,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\SysWow64\wrap_oal.dll
[2009/06/20 11:00:15 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\SysWow64\OpenAL32.dll
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2009/06/16 19:00:39 | 00,001,055 | ---- | M] () -- C:\net_save.dna
[2009/06/13 00:29:15 | 00,000,238 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2009/06/10 02:01:37 | 00,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/03 23:46:11 | 00,000,256 | ---- | M] () -- C:\WINDOWS\SysWow64\pool.bin
< End of report >






OTL Extras logfile created on: 6/21/2009 6:01:51 PM - Run 1
OTL by OldTimer - Version 3.0.3.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 189.91 Gb Total Space | 73.28 Gb Free Space | 38.59% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 440.89 Gb Free Space | 94.66% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 84.06 Gb Free Space | 18.05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1397.26 Gb Total Space | 356.93 Gb Free Space | 25.55% Space Free | Partition Type: NTFS

Computer Name: CASEYCOMP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.url[@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files (x86)\Sony\EverQuest II\EverQuest2.exe:*:Enabled:EQ2 Client Application (Sony Online Entertainment)
C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader File not found
C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe:*:Disabled:CCP ExeFile (CCP hf.)
C:\Program Files (x86)\Juniper\NetScreen-Remote\CmonApp.exe:*:Disabled:Connection Monitor Application File not found
C:\Program Files\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP) File not found
C:\Program Files (x86)\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP) File not found
C:\Program Files (x86)\DAP Premium\DAP.exe:*:Disabled:Download Accelerator Plus (DAP) (Speedbit Ltd.)
C:\WINDOWS\SysWOW64\ftp.exe:*:Disabled:File Transfer Protocol (Microsoft Corporation)
C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Disabled:iw3mp ()
C:\Program Files (x86)\Sony\Station\LaunchPad\LaunchPad.exe:*:Disabled:LaunchPad ()
C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test File not found
C:\Program Files (x86)\mIRC\mirc.exe:*:Disabled:mIRC File not found
C:\Program Files (x86)\Opera\Opera.exe:*:Disabled:Opera Internet Browser File not found
C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 File not found
C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App File not found
C:\Program Files (x86)\Juniper\NetScreen-Remote\ViewLog.exe:*:Disabled:ViewLog File not found
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe (Flagship Industries, Inc.)
C:\Program Files (x86)\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher (Blizzard Entertainment)
C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files (x86)\Sony\EverQuest II\EverQuest2.exe:*:Enabled:EQ2 Client Application (Sony Online Entertainment)
C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader File not found
C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe:*:Disabled:CCP ExeFile (CCP hf.)
C:\Program Files (x86)\Juniper\NetScreen-Remote\CmonApp.exe:*:Disabled:Connection Monitor Application File not found
C:\Program Files\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP) File not found
C:\Program Files (x86)\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP) File not found
C:\Program Files (x86)\DAP Premium\DAP.exe:*:Disabled:Download Accelerator Plus (DAP) (Speedbit Ltd.)
C:\WINDOWS\SysWOW64\ftp.exe:*:Disabled:File Transfer Protocol (Microsoft Corporation)
C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Disabled:iw3mp ()
C:\Program Files (x86)\Sony\Station\LaunchPad\LaunchPad.exe:*:Disabled:LaunchPad ()
C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\Program Files (x86)\mIRC\mirc.exe:*:Disabled:mIRC File not found
C:\Program Files (x86)\Opera\Opera.exe:*:Disabled:Opera Internet Browser File not found
C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 File not found
C:\Program Files (x86)\Juniper\NetScreen-Remote\ViewLog.exe:*:Disabled:ViewLog File not found
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe (Flagship Industries, Inc.)
C:\Program Files (x86)\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher (Blizzard Entertainment)
C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0}" = Microsoft .NET Framework 2.0 (x64)
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 2.0 (x64)" = Microsoft .NET Framework 2.0 (x64)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows x64 Service Pack" = Windows XP Service Pack 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08AF1505-DBF0-955E-B1EF-2DF406D941DD}" = Call of Duty® 4 - Modern Warfare™
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31EF8B2A-1332-4A0E-8B35-2E3491727922}" = EverQuest II: Play the Fae
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"AudibleManager" = AudibleManager
"avast!" = avast! Antivirus
"BlackBerry_{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DAP Premium" = DAP Premium
"EQ2MAP Updater" = EQ2MAP Updater 1.2.3
"EVE" = EVE-ONLINE (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.7.5
"SysInfo" = Creative System Information
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2009 1:50:25 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application manager.exe, version 5.5.0.3, faulting module
ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 6/14/2009 7:59:24 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18783, fault address 0x000f465e.

Error - 6/16/2009 7:25:06 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 6/16/2009 7:31:47 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 6/16/2009 9:23:51 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 6/17/2009 4:35:43 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x3d6471de.

Error - 6/17/2009 8:05:03 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application everquest2.exe, version 1.0.0.1, faulting module
xul.dll, version 0.0.0.0, fault address 0x001ba090.

Error - 6/18/2009 7:26:05 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application iw3mp.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.2.3790.4455, fault address 0x0004f053.

Error - 6/18/2009 7:26:15 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application iw3mp.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.2.3790.4455, fault address 0x0004f053.

Error - 6/20/2009 2:05:26 PM | Computer Name = CASEYCOMP | Source = Application Error | ID = 1000
Description = Faulting application e.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x03c01000.

[ System Events ]
Error - 6/21/2009 3:53:06 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsIO

Error - 6/21/2009 3:53:06 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7034
Description = The LiveShare P2P Server 9 service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/21/2009 3:53:06 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 6/21/2009 3:53:06 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7034
Description = The PnkBstrB service terminated unexpectedly. It has done this 1
time(s).

Error - 6/21/2009 3:53:06 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7034
Description = The Roxio Upnp Server 9 service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/21/2009 3:53:06 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7034
Description = The Creative Audio Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/21/2009 4:04:11 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/21/2009 4:05:31 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsIO

Error - 6/21/2009 6:54:26 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/21/2009 6:55:46 PM | Computer Name = CASEYCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsIO


< End of report >





Malwarebytes' Anti-Malware 1.38
Database version: 2319
Windows 5.2.3790 Service Pack 2

6/21/2009 5:58:42 PM
mbam-log-2009-06-21 (17-58-42).txt

Scan type: Quick Scan
Objects scanned: 82629
Time elapsed: 1 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows Server 2003 Professional (5.2.3790) Service Pack 2
32_bits - EM64T Family 6 Model 15 Stepping 11, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:189 Go - Free:73 Go )
D:\ [Fixed-NTFS] .. ( Total:465 Go - Free:440 Go )
E:\ [Fixed-NTFS] .. ( Total:465 Go - Free:84 Go )
F:\ [CD_Rom]
M:\ [Fixed-NTFS] .. ( Total:1397 Go - Free:356 Go )
¨
Scan : 18:12.50
Path : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3CA7WYLZ\Rooter[1].exe
User : Administrator ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ smss.exe (280)
______ csrss.exe (328)
______ winlogon.exe (352)
______ services.exe (400)
______ lsass.exe (412)
______ svchost.exe (624)
______ svchost.exe (672)
______ svchost.exe (716)
______ svchost.exe (764)
______ svchost.exe (812)
______ C:\Program Files\Avast\aswUpdSv.exe (864)
______ C:\Program Files\Avast\ashServ.exe (968)
______ spoolsv.exe (1212)
______ C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (1248)
______ explorer.exe (1536)
______ svchost.exe (1668)
______ svchost.exe (1716)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1816)
______ nvsvc64.exe (1848)
______ C:\WINDOWS\SysWOW64\PnkBstrA.exe (1876)
______ rundll32.exe (1924)
______ C:\PROGRA~1\Avast\ashDisp.exe (2044)
______ C:\WINDOWS\SysWOW64\PnkBstrB.exe (248)
______ svchost.exe (2204)
______ wmiprvse.exe (2436)
______ iexplore.exe (2520)
______ C:\Program Files\Avast\ashMaiSv.exe (2892)
______ C:\Program Files\Avast\ashWebSv.exe (2924)
______ alg.exe (1740)
______ iexplore.exe (948)
______ NOTEPAD.EXE (3664)
______ iexplore.exe (3904)
______ iexplore.exe (2716)
______ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3CA7WYLZ\Rooter[1].exe (404)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:500107829760)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SchedLgU.Txt
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 18:13.01
¨
C:\Rooter$\Rooter_2.txt - (21/06/2009 | 18:13.01)
  • 0

Advertisements

#2
CaseyF
Posted 15 July 2009 - 06:43 PM

CaseyF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Anyone have a clue? I am still having the problem and cannot seem to figure it out.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP