Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer is all screwed up

Started by chrisekasala , Oct 24 2009 02:34 PM

  • Please log in to reply

#1
chrisekasala
Posted 24 October 2009 - 02:34 PM

chrisekasala

    New Member

  • Member
  • Pip
  • 3 posts
I can not run virus software such as Avast or Mcafee as i get errors.

Also i am getting other errors when running some of the programs in the tutorial for removing malware here is the OTL, please let me knw what i need to do i am going CRAZY on this computer.

OTL logfile created on: 10/23/2009 7:27:03 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 73.28% Memory free
1.95 Gb Paging File | 1.68 Gb Available in Paging File | 86.35% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 142.96 Gb Total Space | 102.90 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 6.07 Gb Total Space | 0.64 Gb Free Space | 10.57% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: UPS-64D31459931
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/23 19:26:35 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/09/21 18:19:22 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/09/15 18:58:28 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/15 03:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/25 21:49:40 | 00,246,088 | ---- | M] (Rennie Glen Software LLC) -- C:\PDFSnake\PDFSnake\PDFSnakeHotFolder.exe
PRC - [2009/08/22 14:28:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/22 14:28:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2007/09/13 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2006/10/22 23:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2004/10/22 11:53:06 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS2\System32\VTTimer.exe
PRC - [2004/09/07 13:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS2\ALCXMNTR.EXE
PRC - [2004/08/04 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe
PRC - [2004/06/29 09:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS2\AGRSMMSG.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 18:19:22 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2009/09/15 18:58:26 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009/09/15 03:56:43 | 00,138,680 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])
SRV - [2009/09/15 03:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/09/15 03:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2009/09/15 03:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/25 21:49:40 | 00,246,088 | ---- | M] (Rennie Glen Software LLC) -- C:\PDFSnake\PDFSnake\PDFSnakeHotFolder.exe -- (PDF Snake Hot Folders [Auto | Running])
SRV - [2009/08/22 14:28:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/06/23 21:04:10 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009/10/23 19:26:35 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/08/04 05:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/06 21:19:28 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS2\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS2\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS2\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS2\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [PopRock] C:\DOCUME~1\Owner\LOCALS~1\Temp\b.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS2\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/21 16:51:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS2\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/14 20:11:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Apple
[2009/10/14 20:11:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Apple Computer
[2009/10/16 21:35:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\avg9
[2009/10/16 21:40:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
[2009/10/13 12:26:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Windows Genuine Advantage
[2009/10/14 20:14:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2009/10/16 21:40:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/10/14 20:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2009/10/14 20:10:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2009/10/16 21:35:12 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/23 19:20:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/23 19:21:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/16 21:40:37 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/13 12:29:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/10/23 19:26:32 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/10/23 19:22:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS2\PIF
[2009/10/23 19:21:17 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbamswissarmy.sys
[2009/10/23 19:21:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbam.sys
[2009/10/23 19:19:18 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/10/23 19:16:04 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/10/22 20:33:33 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswRdr.sys
[2009/10/22 20:33:32 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswTdi.sys
[2009/10/22 20:33:31 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aavmker4.sys
[2009/10/22 20:33:30 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswSP.sys
[2009/10/22 20:33:30 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\AvastSS.scr
[2009/10/22 20:33:30 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswFsBlk.sys
[2009/10/22 20:33:29 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswmon2.sys
[2009/10/22 20:33:29 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\drivers\aswmon.sys
[2009/10/22 20:33:13 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS2\System32\aswBoot.exe
[2009/10/22 20:21:12 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Owner\Desktop\avast_home_setup.exe
[2009/10/16 21:35:52 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/16 21:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS2\SxsCaPendDel
[2009/10/13 12:31:43 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2009/10/13 12:31:43 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Documents\My Videos
[2009/10/13 12:27:40 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\drivers\UMDF
[2009/10/13 12:27:39 | 00,000,000 | ---D | C] -- C:\WINDOWS2\System32\LogFiles

========== Files - Modified Within 14 Days ==========

[2009/10/23 19:26:35 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/10/23 19:24:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/10/23 19:21:20 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\test.lnk
[2009/10/23 19:20:23 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/23 19:20:21 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/10/23 19:20:21 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/10/23 19:19:20 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/10/23 19:18:30 | 00,000,242 | -H-- | M] () -- C:\WINDOWS2\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/23 19:18:28 | 00,013,646 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2009/10/23 19:18:28 | 00,000,278 | -H-- | M] () -- C:\WINDOWS2\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/23 19:18:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS2\tasks\SA.DAT
[2009/10/23 19:18:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS2\win32k.sys
[2009/10/23 19:18:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
[2009/10/23 19:16:06 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/10/23 19:07:06 | 00,000,507 | ---- | M] () -- C:\WINDOWS2\win.ini
[2009/10/23 19:07:06 | 00,000,394 | -HS- | M] () -- C:\boot.ini
[2009/10/23 19:07:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS2\system.ini
[2009/10/23 19:00:50 | 00,000,362 | ---- | M] () -- C:\WINDOWS2\tasks\PerfectOptimizer_home.job
[2009/10/23 07:09:25 | 00,002,339 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/10/22 20:33:33 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\avast! Antivirus.lnk
[2009/10/22 20:33:30 | 00,002,626 | ---- | M] () -- C:\WINDOWS2\System32\CONFIG.NT
[2009/10/22 20:21:17 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Owner\Desktop\avast_home_setup.exe
[2009/10/22 17:44:35 | 00,001,146 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2009/10/22 16:23:06 | 00,000,019 | ---- | M] () -- C:\WINDOWS2\KA.INI
[2009/10/22 15:51:20 | 00,154,112 | ---- | M] () -- C:\WINDOWS2\msa.exe
[2009/10/17 20:23:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS2\tasks\AppleSoftwareUpdate.job
[2009/10/16 19:27:24 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 20:12:24 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\QuickTime Player.lnk
[2009/10/14 19:36:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS2\imsins.BAK
[2009/10/13 16:02:09 | 00,023,392 | ---- | M] () -- C:\WINDOWS2\System32\nscompat.tlb
[2009/10/13 16:02:09 | 00,016,832 | ---- | M] () -- C:\WINDOWS2\System32\amcompat.tlb
[2009/10/13 12:28:42 | 00,316,640 | ---- | M] () -- C:\WINDOWS2\WMSysPr9.prx
[2009/10/13 12:27:42 | 00,000,000 | -H-- | M] () -- C:\WINDOWS2\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

========== Files - No Company Name ==========
[2009/10/23 19:24:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/10/23 19:21:20 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\test.lnk
[2009/10/23 19:20:23 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/23 19:20:21 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/10/23 19:20:21 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/10/22 20:33:33 | 00,001,720 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\avast! Antivirus.lnk
[2009/10/22 20:33:13 | 00,380,928 | ---- | C] () -- C:\WINDOWS2\System32\actskin4.ocx
[2009/10/22 15:59:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS2\win32k.sys
[2009/10/22 15:51:33 | 00,154,112 | ---- | C] () -- C:\WINDOWS2\msa.exe
[2009/10/22 15:51:25 | 00,000,242 | -H-- | C] () -- C:\WINDOWS2\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/22 15:51:20 | 00,000,278 | -H-- | C] () -- C:\WINDOWS2\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/14 20:12:24 | 00,001,617 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\QuickTime Player.lnk
[2009/10/14 20:11:11 | 00,000,284 | ---- | C] () -- C:\WINDOWS2\tasks\AppleSoftwareUpdate.job
[2009/10/13 12:27:42 | 00,000,000 | -H-- | C] () -- C:\WINDOWS2\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/09/21 19:39:25 | 00,000,297 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\pdfsnake.2.bf1e9897a119e625c29abae37ac73f4322b2934e.paid
[2009/09/21 19:39:07 | 00,000,369 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PDFSnake.reg
[2009/09/21 18:29:19 | 02,463,976 | ---- | C] () -- C:\WINDOWS2\System32\NPSWF32.dll
[2009/08/28 16:13:50 | 00,000,019 | ---- | C] () -- C:\WINDOWS2\KA.INI
[2009/08/09 20:27:15 | 05,882,456 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/08/09 20:24:26 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/09 19:50:26 | 00,013,288 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/09 19:49:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2009/08/09 12:11:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\desktop.ini
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS2\System32\vuins32.dll
[2004/08/04 05:00:00 | 00,061,952 | ---- | C] () -- C:\WINDOWS2\System32\eventlog.dll
[2004/08/04 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS2\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS2\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS2\system.ini

========== LOP Check ==========

[2009/10/22 16:25:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data
[2009/08/09 20:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\1Click DVD Copy
[2009/09/21 18:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\ALM
[2009/10/22 16:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\avg9
[2009/09/22 20:18:24 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\CanonBJ
[2009/09/21 19:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\FLEXnet
[2009/08/22 14:46:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\TEMP
[2009/10/16 21:40:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2009/09/12 16:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitZipper
[2009/09/22 20:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/10/17 20:23:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS2\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS2\Tasks\desktop.ini
[2009/10/23 19:00:50 | 00,000,362 | ---- | M] () -- C:\WINDOWS2\Tasks\PerfectOptimizer_home.job
[2009/10/23 19:18:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS2\Tasks\SA.DAT
[2009/10/23 19:18:30 | 00,000,242 | -H-- | M] () -- C:\WINDOWS2\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/23 19:18:28 | 00,000,278 | -H-- | M] () -- C:\WINDOWS2\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 05:00:00 | 00,061,952 | ---- | M] () -- C:\WINDOWS2\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\logevent.dll

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >
[2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\system32\drivers\atapi.sys

< %systemroot%\system32\drivers\IdeChnDr.sys >
< End of report >


OTL Extras logfile created on: 10/23/2009 7:27:03 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 73.28% Memory free
1.95 Gb Paging File | 1.68 Gb Available in Paging File | 86.35% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 142.96 Gb Total Space | 102.90 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 6.07 Gb Total Space | 0.64 Gb Free Space | 10.57% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: UPS-64D31459931
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS2\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS2\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{222421DC-CAEB-42EC-AF15-09A39AA5C94D}" = Adobe Creative Suite 3 Design Standard
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A14A8608-CF1C-4010-A348-7EA220C70305}_is1" = PerfectOptimizer 5.2
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4DBF0C9-E294-4C01-A205-73B8ED947D50}" = Adobe Setup
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_0e772471f6aed60c960ed52600a76bd" = Add or Remove Adobe Creative Suite 3 Design Standard
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"avast!" = avast! Antivirus
"BitZipper_is1" = BitZipper 2009
"BookMaker Poker" = BookMaker Poker
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PDF Snake_is1" = PDF Snake Version 4.33
"S3" = VIA/S3G Display Driver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/13/2009 2:36:12 PM | Computer Name = UPS-64D31459931 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2009 9:29:08 PM | Computer Name = UPS-64D31459931 | Source = MsiInstaller | ID = 11904
Description = Product: Adobe Flash Player 9 ActiveX -- Error 1904.Module C:\WINDOWS2\system32\Macromed\Flash\FlDbg9c.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 10/3/2009 1:40:59 AM | Computer Name = UPS-64D31459931 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02f09f1c.

Error - 10/22/2009 6:42:51 PM | Computer Name = UPS-64D31459931 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 7:07:00 PM | Computer Name = UPS-64D31459931 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 7:07:11 PM | Computer Name = UPS-64D31459931 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 7:07:20 PM | Computer Name = UPS-64D31459931 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 7:07:23 PM | Computer Name = UPS-64D31459931 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 7:07:32 PM | Computer Name = UPS-64D31459931 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 7:07:35 PM | Computer Name = UPS-64D31459931 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/22/2009 4:56:12 PM | Computer Name = UPS-64D31459931 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 8/22/2009 4:56:26 PM | Computer Name = UPS-64D31459931 | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/22/2009 4:56:27 PM | Computer Name = UPS-64D31459931 | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 8/22/2009 5:00:23 PM | Computer Name = UPS-64D31459931 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 8/22/2009 5:01:52 PM | Computer Name = UPS-64D31459931 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 8/22/2009 5:32:13 PM | Computer Name = UPS-64D31459931 | Source = Print | ID = 54
Description = Document https://ps.losrios.e...ey=0.3920147009
was corrupted and has been deleted. The associated driver is: AGFA-AccuSet v52.3.

Error - 8/22/2009 7:29:47 PM | Computer Name = UPS-64D31459931 | Source = Print | ID = 54
Description = Document https://ps.losrios.e...ey=0.3920147009
was corrupted and has been deleted. The associated driver is: AGFA-AccuSet v52.3.

Error - 8/23/2009 3:47:25 PM | Computer Name = UPS-64D31459931 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000003A'
while processing the file '2.0.0.0__b03f5f7f11d50a3a' on the volume 'Hardd .. lume2'.
It has stopped monitoring the volume.

Error - 8/31/2009 1:39:10 PM | Computer Name = UPS-64D31459931 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0011D812A91C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/31/2009 6:17:11 PM | Computer Name = UPS-64D31459931 | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

Advertisements

#2
kahdah
Posted 24 October 2009 - 04:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello chrisekasala

Welcome to G2Go. :)
=====================
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS2\system32\logevent.dll | C:\WINDOWS2\system32\eventlog.dll

Files to delete:
C:\WINDOWS2\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS2\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
C:\WINDOWS2\win32k.sys
C:\WINDOWS2\msa.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

===========================Next==========================


Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

===========================Then==========================


First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingc...opic114351.html
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

  • 0

#3
chrisekasala
Posted 24 October 2009 - 07:57 PM

chrisekasala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
it did mention something about a rootkit here are the logs

ComboFix 09-10-24.01 - Owner 10/24/2009 18:43.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1471.1091 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\rahab.exe
AV: avast! antivirus 4.8.1356 [VPS 091024-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Start Menu\Programs\Perfect Optimizer
c:\documents and settings\Owner\Start Menu\Programs\Perfect Optimizer\Perfect Optimizer.lnk
c:\documents and settings\Owner\Start Menu\Programs\Perfect Optimizer\Uninstall.lnk
c:\documents and settings\Owner\Start Menu\Programs\Perfect Optimizer\Website.lnk
c:\program files\Perfect Optimizer
c:\program files\Perfect Optimizer\aamd532.dll
c:\program files\Perfect Optimizer\ActiveX.dat
c:\program files\Perfect Optimizer\Apps.dat
c:\program files\Perfect Optimizer\Components.dat
c:\program files\Perfect Optimizer\Config.ldb
c:\program files\Perfect Optimizer\Config.mdb
c:\program files\Perfect Optimizer\config\about.bmp
c:\program files\Perfect Optimizer\config\head.bmp
c:\program files\Perfect Optimizer\config\Lng2Const.xml
c:\program files\Perfect Optimizer\config\logo.ico
c:\program files\Perfect Optimizer\config\Menu.xml
c:\program files\Perfect Optimizer\config\PerfectOptimzer.chm
c:\program files\Perfect Optimizer\config\register.jpg
c:\program files\Perfect Optimizer\config\SmallLogo.bmp
c:\program files\Perfect Optimizer\config\splash.jpg
c:\program files\Perfect Optimizer\config\website.url
c:\program files\Perfect Optimizer\Data\Service\campus_model.bat
c:\program files\Perfect Optimizer\Data\Service\default_model.bat
c:\program files\Perfect Optimizer\Data\Service\home_model.bat
c:\program files\Perfect Optimizer\Data\Service\interner_model.bat
c:\program files\Perfect Optimizer\Data\Service\notebook_model.bat
c:\program files\Perfect Optimizer\Data\Service\office_model.bat
c:\program files\Perfect Optimizer\Home.exe
c:\program files\Perfect Optimizer\License.dll
c:\program files\Perfect Optimizer\MiracleLib.dll
c:\program files\Perfect Optimizer\PerfectOptimizer.exe
c:\program files\Perfect Optimizer\PerfectOptimizer.ini
c:\program files\Perfect Optimizer\SERepair.DLL
c:\program files\Perfect Optimizer\SERes.DLL
c:\program files\Perfect Optimizer\sqlite3.dll
c:\program files\Perfect Optimizer\unins000.dat
c:\program files\Perfect Optimizer\unins000.exe
c:\program files\Perfect Optimizer\Update.exe
c:\program files\Perfect Optimizer\UpdateWindows.exe
c:\program files\Perfect Optimizer\website.url
c:\windows2\run.log

Infected copy of c:\windows2\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-24 02:22 . 2009-10-25 01:28 -------- d--h--w- c:\windows2\PIF
2009-10-24 02:21 . 2009-09-10 21:54 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2009-10-24 02:21 . 2009-10-24 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 02:21 . 2009-09-10 21:53 19160 ----a-w- c:\windows2\system32\drivers\mbam.sys
2009-10-24 02:20 . 2009-10-24 02:20 -------- d-----w- c:\program files\ERUNT
2009-10-23 03:33 . 2009-09-15 10:54 23152 ----a-w- c:\windows2\system32\drivers\aswRdr.sys
2009-10-23 03:33 . 2009-09-15 10:54 52368 ----a-w- c:\windows2\system32\drivers\aswTdi.sys
2009-10-23 03:33 . 2009-09-15 10:53 27408 ----a-w- c:\windows2\system32\drivers\aavmker4.sys
2009-10-23 03:33 . 2009-09-15 10:55 114768 ----a-w- c:\windows2\system32\drivers\aswSP.sys
2009-10-23 03:33 . 2009-09-15 10:55 20560 ----a-w- c:\windows2\system32\drivers\aswFsBlk.sys
2009-10-23 03:33 . 2009-09-15 10:53 97480 ----a-w- c:\windows2\system32\AvastSS.scr
2009-10-23 03:33 . 2009-09-15 10:56 93424 ----a-w- c:\windows2\system32\drivers\aswmon.sys
2009-10-23 03:33 . 2009-09-15 10:56 94160 ----a-w- c:\windows2\system32\drivers\aswmon2.sys
2009-10-23 03:33 . 2009-09-15 10:59 1279968 ----a-w- c:\windows2\system32\aswBoot.exe
2009-10-18 03:23 . 2009-10-18 03:23 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
2009-10-17 05:29 . 2009-10-17 05:29 -------- d-sh--w- c:\windows2\system32\config\systemprofile\IETldCache
2009-10-17 04:40 . 2009-10-17 04:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
2009-10-17 04:40 . 2009-10-22 23:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-10-17 04:40 . 2009-10-22 23:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 04:35 . 2009-10-17 04:35 -------- d-----w- C:\$AVG
2009-10-17 04:35 . 2009-10-17 04:35 -------- d-----w- c:\program files\AVG
2009-10-17 04:35 . 2009-10-22 23:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\avg9
2009-10-17 04:34 . 2009-10-25 01:28 -------- d-----w- c:\windows2\SxsCaPendDel
2009-10-17 02:06 . 2009-10-17 02:06 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-10-15 03:14 . 2009-10-15 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-15 03:11 . 2009-10-15 03:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Apple Computer
2009-10-15 03:11 . 2009-10-15 03:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2009-10-15 03:11 . 2009-10-15 03:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Apple
2009-10-15 03:10 . 2009-10-15 03:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-10-13 19:29 . 2004-08-04 12:00 221184 ----a-w- c:\windows2\system32\wmpns.dll
2009-10-13 19:29 . 2009-10-13 19:29 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-13 19:27 . 2009-10-13 19:28 -------- d-----w- c:\windows2\system32\drivers\UMDF
2009-10-13 19:27 . 2009-10-13 19:27 -------- d-----w- c:\windows2\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 04:21 . 2009-08-10 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\McAfee
2009-10-15 03:12 . 2009-06-01 21:30 -------- d-----w- c:\program files\QuickTime
2009-10-15 03:11 . 2008-06-24 08:55 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 03:37 . 2009-09-23 03:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-09-23 03:21 . 2009-09-23 03:17 -------- d-----w- c:\program files\Canon
2009-09-23 03:20 . 2009-09-23 03:20 -------- d-----w- c:\program files\Common Files\CANON
2009-09-23 03:18 . 2009-09-23 03:18 -------- d--h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\CanonBJ
2009-09-23 03:18 . 2009-09-23 03:18 -------- d--h--w- c:\program files\CanonBJ
2009-09-22 02:39 . 2009-09-22 02:39 369 ----a-w- c:\documents and settings\Owner\Application Data\PDFSnake.reg
2009-09-22 02:32 . 2009-08-10 02:50 13288 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 02:29 . 2009-09-22 02:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\FLEXnet
2009-09-22 01:42 . 2005-01-28 02:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-22 01:39 . 2009-09-22 01:39 -------- d-----w- c:\program files\Common Files\Control Panels
2009-09-22 01:37 . 2009-09-22 01:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\ALM
2009-09-22 01:19 . 2009-09-22 01:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-16 01:58 . 2008-10-28 01:02 -------- d-----w- c:\program files\Google
2009-09-12 23:39 . 2009-09-12 23:39 -------- d-----w- c:\program files\BitZipper
2009-09-12 23:39 . 2009-09-12 23:39 -------- d-----w- c:\documents and settings\Owner\Application Data\BitZipper
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows2\system32\msv1_0.dll
2009-09-06 21:57 . 2009-09-06 21:43 -------- d-----w- c:\program files\BookMaker
2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows2\system32\msasn1.dll
2009-08-30 20:53 . 2009-08-30 20:53 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-08-30 20:53 . 2005-03-01 01:49 -------- d-----w- c:\program files\DivX
2009-08-30 20:53 . 2009-08-30 20:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows2\system32\wininet.dll
2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows2\system32\strmdll.dll
2009-08-22 21:28 . 2009-08-22 21:28 411368 ----a-w- c:\windows2\system32\deploytk.dll
2009-08-10 03:27 . 2009-08-10 03:27 86016 ------w- c:\windows2\system32\pxwma.dll
2009-08-10 03:27 . 2009-08-10 03:27 20368 ------w- c:\windows2\system32\drivers\PxHelp20.sys
2009-08-10 03:27 . 2009-08-10 03:27 105472 ------w- c:\windows2\system32\pxcpyi64.exe
2009-08-10 03:27 . 2009-08-10 03:27 103936 ------w- c:\windows2\system32\pxinsi64.exe
2009-08-10 02:21 . 2009-08-10 02:21 21640 ----a-w- c:\windows2\system32\emptyregdb.dat
2009-08-07 02:24 . 2009-08-10 02:21 327896 ----a-w- c:\windows2\system32\wucltui.dll
2009-08-07 02:24 . 2009-08-10 02:21 209632 ----a-w- c:\windows2\system32\wuweb.dll
2009-08-07 02:24 . 2009-08-10 02:21 35552 ----a-w- c:\windows2\system32\wups.dll
2009-08-07 02:24 . 2008-10-16 21:09 44768 ----a-w- c:\windows2\system32\wups2.dll
2009-08-07 02:24 . 2009-08-10 02:21 53472 ----a-w- c:\windows2\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows2\system32\cdm.dll
2009-08-07 02:23 . 2009-08-10 02:21 575704 ----a-w- c:\windows2\system32\wuapi.dll
2009-08-07 02:23 . 2009-08-10 02:21 1929952 ----a-w- c:\windows2\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows2\system32\mswebdvd.dll
2009-08-04 14:00 . 2004-08-04 12:00 2180352 ------w- c:\windows2\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-03 22:59 2057728 ------w- c:\windows2\system32\ntkrnlpa.exe
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows2\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows2\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-15 417792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"VTTimer"="VTTimer.exe" - c:\windows2\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows2\AGRSMMSG.exe [2004-06-29 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows2\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows2\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-9-21 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows2\system32\drivers\aswSP.sys [10/22/2009 8:33 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows2\system32\drivers\aswFsBlk.sys [10/22/2009 8:33 PM 20560]
R2 PDF Snake Hot Folders;PDF Snake Hot Folders;c:\pdfsnake\PDFSnake\PDFSnakeHotFolder.exe [9/21/2009 7:37 PM 246088]
.
Contents of the 'Scheduled Tasks' folder

2009-10-18 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{A14A8608-CF1C-4010-A348-7EA220C70305}_is1 - c:\program files\Perfect Optimizer\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3860)
c:\windows2\system32\WININET.dll
c:\windows2\system32\ieframe.dll
c:\windows2\system32\msi.dll
c:\windows2\system32\webcheck.dll
c:\windows2\system32\WPDShServiceObj.dll
c:\windows2\system32\PortableDeviceTypes.dll
c:\windows2\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\rahab\CF18042.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\rahab\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-25 18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-25 01:54

Pre-Run: 112,503,566,336 bytes free
Post-Run: 112,418,807,808 bytes free

- - End Of File - - 7C831905C05CC5640878E1624B0FF182


Running from: C:\Documents and Settings\Owner\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS2'...





Finished!


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS2\system32\logevent.dll|C:\WINDOWS2\system32\eventlog.dll" completed successfully.
File "C:\WINDOWS2\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job" deleted successfully.
File "C:\WINDOWS2\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job" deleted successfully.
File "C:\WINDOWS2\win32k.sys" deleted successfully.
File "C:\WINDOWS2\msa.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#4
kahdah
Posted 25 October 2009 - 05:06 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#5
chrisekasala
Posted 25 October 2009 - 12:38 PM

chrisekasala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OK here they both are they found problems.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=a201e2a66ea2f44cbbe2fdaf3d9e6c67
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-25 05:35:47
# local_time=2009-10-25 10:35:47 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 6649789 6649789 0 0
# compatibility_mode=769 16775125 100 97 0 191847240 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5889 16764286 0 94 60388435 92955690 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=115432
# found=3
# cleaned=3
# scan_time=4464
C:\Qoobox\Quarantine\C\WINDOWS2\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F9F2A5C-15E5-4015-80F0-1F13C60946F4}\RP101\A0015663.dll a variant of Win32/Kryptik.YQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F9F2A5C-15E5-4015-80F0-1F13C60946F4}\RP101\A0015664.exe a variant of Win32/Kryptik.AXS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Malwarebytes' Anti-Malware 1.41
Database version: 3030
Windows 5.1.2600 Service Pack 2

10/25/2009 9:15:08 AM
mbam-log-2009-10-25 (09-15-08).txt

Scan type: Quick Scan
Objects scanned: 115174
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Application Data\PDFSnake.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
  • 0

#6
kahdah
Posted 26 October 2009 - 05:14 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks much better.
How are things running?

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP