Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Rootkit, Antivir 2010


  • Please log in to reply

#1
Technical.Angel

Technical.Angel

    New Member

  • Member
  • Pip
  • 3 posts
Okay, I have a Win XP machine. It had Antivir 2010 on it, but after fighting around with SUPERAntispyware, I was able to get it "clean".

Then, my friend said it started replacing his text with \7. So, I wanted to check for any sign of infection I could be missing, and rootkits, which I don't have experience with.

I followed the inital post, with the exception of running OTL, as it ran for over an hour and a half before I realized it was not responding.

Here's the GMER log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-01 18:36:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jack\LOCALS~1\Temp\pfrirfoc.sys


---- System - GMER 1.0.15 ----

SSDT 89C69248 ZwAlertResumeThread
SSDT 89C75248 ZwAlertThread
SSDT 8A49DE38 ZwAllocateVirtualMemory
SSDT 89D23C70 ZwConnectPort
SSDT 8A400098 ZwCreateMutant
SSDT 8A4A1E30 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA9F56350]
SSDT 8A6F42E0 ZwFreeVirtualMemory
SSDT 8A323680 ZwImpersonateAnonymousToken
SSDT 89C73248 ZwImpersonateThread
SSDT 89CB1108 ZwMapViewOfSection
SSDT 8A5CD098 ZwOpenEvent
SSDT 8A5C5240 ZwOpenProcessToken
SSDT 8A4973C0 ZwOpenThreadToken
SSDT 8A4A5BF0 ZwQueryValueKey
SSDT 89CA20E8 ZwResumeThread
SSDT 8A4DA6F0 ZwSetContextThread
SSDT 8A45E078 ZwSetInformationProcess
SSDT 8A5CD890 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA9F56580]
SSDT 8A4A9E78 ZwSuspendProcess
SSDT 8A4C2518 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9C28320]
SSDT 8A4BDA68 ZwTerminateThread
SSDT 8A40A710 ZwUnmapViewOfSection
SSDT 8A49C940 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A58A5D20

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

And here's my MBAM scan... which isn't helpful.

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/1/2010 8:27:54 PM
mbam-log-2010-03-01 (20-27-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 178846
Time elapsed: 24 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

EDIT!!! Now with OTL logs!

OTL logfile created on: 3/2/2010 7:14:32 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Jack\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 586.36 Gb Total Space | 567.88 Gb Free Space | 96.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKDUDLEY
Current User Name: Jack
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/01 18:36:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack\My Documents\OTL.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/01/01 19:47:38 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2010/01/01 19:44:38 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/06 14:11:56 | 033,546,240 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
PRC - [2008/09/02 10:48:12 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/09/02 10:40:46 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/04/13 17:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/27 19:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 19:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 19:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 18:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 18:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 18:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2004/05/28 23:08:52 | 000,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\digital imaging\bin\hpqgalry.exe
PRC - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/01 18:36:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack\My Documents\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/01 19:47:38 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2009/09/23 15:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/12 20:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/03/24 06:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/09/27 19:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 19:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 19:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 15:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 18:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 18:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2008/04/13 17:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (&UpdateCheck.dll) - {4B9F0938-149B-41D5-A0A2-58B834195F74} - C:\WINDOWS\System32\UpdateCheck.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1256941215156 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Zapotec.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Zapotec.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/30 16:53:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a6d0737-ed0d-11de-b37a-00121766c1af}\Shell - "" = AutoRun
O33 - MountPoints2\{0a6d0737-ed0d-11de-b37a-00121766c1af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a6d0737-ed0d-11de-b37a-00121766c1af}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{29088207-cd2a-11de-b362-00121766c1af}\Shell - "" = AutoRun
O33 - MountPoints2\{29088207-cd2a-11de-b362-00121766c1af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{29088207-cd2a-11de-b362-00121766c1af}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2c2f9cc2-dcf4-11de-b374-00121766c1af}\Shell - "" = AutoRun
O33 - MountPoints2\{2c2f9cc2-dcf4-11de-b374-00121766c1af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c2f9cc2-dcf4-11de-b374-00121766c1af}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{31b5f6c9-cfa9-11de-b364-00121766c1af}\Shell - "" = AutoRun
O33 - MountPoints2\{31b5f6c9-cfa9-11de-b364-00121766c1af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31b5f6c9-cfa9-11de-b364-00121766c1af}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3a70089a-dfb6-11de-b375-00121766c1af}\Shell - "" = AutoRun
O33 - MountPoints2\{3a70089a-dfb6-11de-b375-00121766c1af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a70089a-dfb6-11de-b375-00121766c1af}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7a780cac-ccde-11de-b361-00121766c1af}\Shell - "" = AutoRun
O33 - MountPoints2\{7a780cac-ccde-11de-b361-00121766c1af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a780cac-ccde-11de-b361-00121766c1af}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8d625c32-f745-11de-b383-00121766c1af}\Shell - "" = AutoRun
O33 - MountPoints2\{8d625c32-f745-11de-b383-00121766c1af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8d625c32-f745-11de-b383-00121766c1af}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c68b4944-c688-11de-b358-0024e81f82a6}\Shell - "" = AutoRun
O33 - MountPoints2\{c68b4944-c688-11de-b358-0024e81f82a6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c68b4944-c688-11de-b358-0024e81f82a6}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c68b4949-c688-11de-b358-0024e81f82a6}\Shell - "" = AutoRun
O33 - MountPoints2\{c68b4949-c688-11de-b358-0024e81f82a6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c68b4949-c688-11de-b358-0024e81f82a6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f991ff43-d788-11de-b36d-00121766c1af}\Shell - "" = AutoRun
O33 - MountPoints2\{f991ff43-d788-11de-b36d-00121766c1af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f991ff43-d788-11de-b36d-00121766c1af}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck msln) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/30 09:38:01 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/01 20:14:55 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe
[2010/03/01 18:38:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/01 18:37:12 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jack\My Documents\OTL.exe
[2010/03/01 12:07:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/01 12:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/24 20:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/24 20:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\Application Data\SUPERAntiSpyware.com
[2010/02/24 20:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/24 18:12:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/02/24 17:53:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/22 21:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
[2010/02/20 12:21:24 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/02/19 23:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\Desktop\TRANS FROM FLASH
[2009/12/31 05:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/12/31 05:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/30 16:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/30 16:53:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/30 16:53:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/03/02 07:11:33 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Jack.job
[2010/03/02 01:05:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Jack.job
[2010/03/01 20:14:55 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe
[2010/03/01 19:55:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/01 19:55:12 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\xttpyeiurb.job
[2010/03/01 19:55:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 19:55:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 19:55:00 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/01 18:36:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack\My Documents\OTL.exe
[2010/03/01 12:07:21 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\NTREGOPT.lnk
[2010/03/01 12:07:21 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\ERUNT.lnk
[2010/03/01 11:51:40 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Jack\NTUSER.DAT
[2010/03/01 11:51:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jack\ntuser.ini
[2010/02/28 19:13:01 | 004,905,521 | ---- | M] () -- C:\WINDOWS\System32\MUERYT
[2010/02/28 17:44:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\Microsoft Office Word 2007 (2).lnk
[2010/02/24 20:06:32 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/24 18:11:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 15:42:59 | 000,009,917 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\No class Thursday.docx
[2010/02/21 06:35:37 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\Google.url
[2010/02/21 02:57:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/02/20 11:57:58 | 000,010,507 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\IP info addresses.docx
[2010/02/20 08:00:34 | 000,000,548 | ---- | M] () -- C:\WINDOWS\checkip.dat
[2010/02/18 23:51:30 | 000,010,973 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\Paul.docx
[2010/02/18 06:38:53 | 000,000,297 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI
[2010/02/17 22:51:59 | 000,028,831 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\Sci 230 Spring 2010 sec 1 latest.docx
[2010/02/17 22:47:02 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\spring ES 2nd exam sec 2.doc
[2010/02/17 22:39:46 | 000,028,537 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\Sci 230 Spring 2010 sec 1.docx
[2010/02/17 22:29:17 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\Fall EXAM ES ch 6 7 8 sec 2 latest.doc
[2010/02/17 21:09:58 | 000,061,472 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\graphics sec 1.jpg

========== Files Created - No Company Name ==========

[2010/03/01 12:07:21 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\NTREGOPT.lnk
[2010/03/01 12:07:21 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\ERUNT.lnk
[2010/02/28 19:12:24 | 004,905,521 | ---- | C] () -- C:\WINDOWS\System32\MUERYT
[2010/02/24 21:07:39 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Jack.job
[2010/02/24 21:07:34 | 000,000,474 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Jack.job
[2010/02/24 20:06:32 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/22 15:42:59 | 000,009,917 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\No class Thursday.docx
[2010/02/20 11:57:58 | 000,010,507 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\IP info addresses.docx
[2010/02/19 23:02:15 | 000,000,548 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2010/02/18 23:51:30 | 000,010,973 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\Paul.docx
[2010/02/17 22:29:17 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\Fall EXAM ES ch 6 7 8 sec 2 latest.doc
[2010/02/17 22:28:39 | 000,028,831 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\Sci 230 Spring 2010 sec 1 latest.docx
[2010/02/17 22:08:33 | 000,028,537 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\Sci 230 Spring 2010 sec 1.docx
[2010/02/17 21:09:58 | 000,061,472 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\graphics sec 1.jpg
[2010/02/17 19:46:57 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\spring ES 2nd exam sec 2.doc
[2010/02/05 19:23:20 | 000,000,103 | ---- | C] () -- C:\WINDOWS\GEO-DYN.INI
[2009/12/31 02:19:45 | 000,064,000 | RHS- | C] () -- C:\WINDOWS\System32\gptextu.dll
[2009/12/30 09:39:27 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/17 01:15:45 | 000,000,297 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2009/11/16 22:35:24 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/15 14:22:17 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/11/02 22:47:57 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2009/11/02 22:47:57 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/11/02 22:47:57 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/11/02 22:47:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/11/02 22:47:48 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2009/11/02 22:47:48 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2009/11/02 22:47:48 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2009/11/02 22:40:20 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\fusioncache.dat
[2009/11/02 22:27:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/11/02 22:13:21 | 000,001,253 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/31 10:08:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/10/30 22:29:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/10/30 17:02:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== LOP Check ==========

[2009/11/16 22:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/11/27 21:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/01 19:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/11/16 22:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/11/27 21:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/10/30 22:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/01/01 19:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/10/30 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\ArcticLine
[2009/11/15 15:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Blitware
[2009/11/02 22:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\InterTrust
[2010/01/02 03:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\MSNInstaller
[2010/01/30 01:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Red Kawa
[2009/10/31 12:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Regensoft
[2010/01/02 03:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\ScanSoft
[2010/01/02 04:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Zeon
[2010/02/21 02:57:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2010/03/01 19:55:12 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\xttpyeiurb.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/11/02 23:10:39 | 000,319,488 | ---- | M] (Zero G) -- C:\exPressit S.E. 2.2.exe


< MD5 for: AGP440.SYS >
[2008/04/13 17:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: AHCIX86.SYS >
[2008/10/13 01:14:18 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) MD5=1ED718CA8A8B3F5AB77416A873C2BF9D -- C:\WINDOWS\Dell\ATI\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 17:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 17:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 17:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 17:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/20 23:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

< MD5 for: NVRD32.SYS >
[2008/01/20 23:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2008/04/13 17:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 17:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2007/02/09 11:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\Dell\LSI\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/11/12 19:20:32 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2009/12/31 02:19:45 | 000,064,000 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\gptextu.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/03/01 19:55:12 | 000,000,304 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\xttpyeiurb.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/10/30 09:42:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/10/30 09:42:45 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/10/30 09:42:45 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

OTL Extras logfile created on: 3/2/2010 7:14:32 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Jack\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 586.36 Gb Total Space | 567.88 Gb Free Space | 96.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKDUDLEY
Current User Name: Jack
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01483DCE-733A-A6B6-F086-702156A76EE0}" = Catalyst Control Center Localization Thai
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0FF8BB01-9FB8-0002-86B7-F80215F1F528}" = CCC Help Japanese
"{18AEF617-F8A9-7843-A98D-E42BB6716723}" = Catalyst Control Center Localization Czech
"{1A33CCAB-A0CF-5B1A-8AC4-ABD5B8539CD2}" = Catalyst Control Center Localization Polish
"{1B9EA89A-7626-00D2-CF48-0E1363BB92C2}" = Catalyst Control Center Graphics Light
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{219AAA69-33E1-0FED-291B-DC4572399707}" = Catalyst Control Center Graphics Full Existing
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22D745C2-D532-50F1-2BA9-76B02281138F}" = CCC Help German
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{246E4030-61CB-F57E-9A5A-C064E4E6899B}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{310F69FB-1788-3446-1F53-3D613AA498B6}" = CCC Help French
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{340A1E7F-C6A3-33BB-5A97-97CBA19F0EA2}" = Catalyst Control Center Localization German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362215E8-A1D9-645E-A77D-9292D93D0FB7}" = Catalyst Control Center Localization Dutch
"{37835166-81A0-1E1C-E1AD-92B96503471A}" = Catalyst Control Center Localization French
"{380799E3-C523-15BF-A3E9-1EA491F74DC0}" = CCC Help Hungarian
"{391B0B7E-EE0E-AABD-2DD4-CBE26BD39830}" = CCC Help Thai
"{39B1E682-2114-BF50-A3ED-E19F40A745A6}" = Catalyst Control Center Localization Danish
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E270C95-8327-4C2F-A8E1-902CC2604A20}" = HP Photo and Imaging 2.3 - Scanjet 4600 Series
"{40B0A7CC-1676-43E9-8444-2EF2377E87B8}" = ScanSoft PDF Professional 4
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{497DA5D9-5139-5EF7-9AB1-962B47AC820D}" = Catalyst Control Center Localization Korean
"{4B759796-0626-D564-6CE0-D0421C995CD1}" = Catalyst Control Center Localization Spanish
"{4F252E5A-F52E-E337-5EB4-D514BA019CF8}" = Catalyst Control Center Localization Greek
"{56FC0340-ABFF-43C9-6F33-8F012D8DBEF6}" = CCC Help Chinese Standard
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5C53C986-5AA0-1123-D8F9-58CCC5973B26}" = Catalyst Control Center Localization Hungarian
"{5D356C69-C1FE-884E-8519-DD68FEA3D555}" = CCC Help Portuguese
"{5F132F97-A0FD-3F62-EEAB-19483951BAF3}" = Catalyst Control Center Localization Chinese Traditional
"{63376681-3B57-1FB1-DA9D-D00C1D332643}" = Catalyst Control Center Graphics Previews Common
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6DAAC734-8076-51D6-94EB-9258D3882792}" = Catalyst Control Center Localization Turkish
"{70B7E764-7117-1452-EA8C-3894FC1570EA}" = CCC Help Swedish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7A085B75-CA0D-DD78-C946-132C12E16BD9}" = Catalyst Control Center Localization Italian
"{7CCC7010-D0FE-2E3D-5AC3-0235BCE464F2}" = Catalyst Control Center Localization Norwegian
"{86023B97-8280-3106-F27B-CCA091CE3733}" = Catalyst Control Center Localization Swedish
"{8611D7BC-7594-9C7B-7FFB-40AD0AB0659D}" = CCC Help Italian
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ABDE213-501B-27DB-6082-709EE5AD408D}" = Catalyst Control Center Localization Finnish
"{8ED407A6-2B26-42FE-D806-575ED7EF904F}" = Catalyst Control Center Core Implementation
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{913574EA-B946-D166-B4E1-E18F54561C5C}" = Skins
"{9292B575-0270-BB9C-9CD9-BB6205F0FB92}" = CCC Help English
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A0998D79-27D3-128E-BD2F-ED039E060969}" = Catalyst Control Center Localization Portuguese
"{A1C19116-33E2-D2C6-8C38-7AB6D44BF73B}" = CCC Help Turkish
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4BEE562-FD1A-B834-454B-9AEBE79BA35A}" = ccc-core-preinstall
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC629411-9BF8-E825-6034-95B649FD7196}" = ccc-utility
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B33E1644-2097-C80B-3A88-4746DED78022}" = CCC Help Chinese Traditional
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B41F81C2-71C5-4848-AFBC-5049FC724584}" = PS8100
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B4900863-2A42-467E-B607-03A70A633F1B}" = Brother HL-2040
"{B5837D44-429B-0625-F760-5115753B7451}" = Catalyst Control Center Localization Japanese
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BF1057E3-910C-50F9-874B-D63E9C043A61}" = CCC Help Czech
"{BF2A8383-ED7C-07B7-BB17-F4BBF99DCB12}" = CCC Help Dutch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3735ECA-1972-378A-6720-48015B503E3D}" = CCC Help Finnish
"{C4B6914D-E6DA-8764-C0FA-639196A9334E}" = Catalyst Control Center Localization Chinese Standard
"{C4D08984-28CA-471D-8F25-DD0467298976}" = Catalyst Control Center Localization Russian
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB0FEE8C-320B-A515-B373-344CD4B0214F}" = CCC Help Russian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE74CBBC-1DD1-88B4-89DA-8EE23321916D}" = CCC Help Korean
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFA43C94-07AF-0A2A-F2BE-239848A073EC}" = CCC Help Danish
"{F00E17C5-E9D4-0E83-9E47-A5E3996F54E0}" = CCC Help Spanish
"{F0622510-B2D0-CEF5-C3D7-317C83A94504}" = CCC Help Norwegian
"{F4EE52C6-5B61-8CDC-DCEF-EEB397CDAB8D}" = Catalyst Control Center Graphics Full New
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FD131FEE-4543-945E-2155-BE8AD15FD124}" = ccc-core-static
"{FEC6A9F8-77A5-4B90-134A-613961747CEC}" = CCC Help Greek
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"All ATI Software" = ATI - Software Uninstall Utility
"Antivirus Live Basic" = Antivirus Live Basic
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"ERUNT_is1" = ERUNT 1.1j
"exPressit S.E. 2.2" = exPressit S.E. 2.2
"FIREHOUSE Software 6" = FIREHOUSE Software 6
"FIREHOUSE Software 6 Documentation" = FIREHOUSE Software 6 Documentation
"FLV Player" = FLV Player 2.0 (build 25)
"Folder Marker_is1" = Folder Marker Home v 3.0
"HP Photo & Imaging" = HP Image Zone 4.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Videora iPod Converter" = Videora iPod Converter 5.03
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"videocodecpack" = VideoCodecPack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2010 7:57:21 AM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: SecurityToolFraud in File: Unavailable by:
Invalid : (15) scan. Action: Reboot Required. Action Description:

Error - 2/21/2010 7:59:18 AM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: SecurityToolFraud in File: Unavailable by:
Invalid : (15) scan. Action: Delete failed. Action Description: The file was
left unchanged.

Error - 2/21/2010 7:59:19 AM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: SecurityToolFraud in File: c:\documents
and settings\all users\application data\17151722\17151722.exe by: Startup scan.
Action: Quarantine failed. Action Description: The file was left unchanged.

Error - 2/21/2010 7:59:20 AM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: SecurityToolFraud in File: c:\documents
and settings\all users\application data\17151722\17151722.exe by: Startup scan.
Action: Terminate Process Required. Action Description:

Error - 2/21/2010 7:59:23 AM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: SecurityToolFraud in File: Unavailable by:
Invalid : (15) scan. Action: Reboot Required. Action Description:

Error - 2/21/2010 7:59:29 AM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: SecurityToolFraud in File: Unavailable by:
Invalid : (15) scan. Action: Delete failed. Action Description: The file was
left unchanged.

Error - 2/21/2010 7:59:29 AM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: SecurityToolFraud in File: Unavailable by:
Invalid : (15) scan. Action: Reboot Required. Action Description:

Error - 2/21/2010 8:46:28 AM | Computer Name = JACKDUDLEY | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.

Error - 2/22/2010 11:52:27 PM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: SecurityToolFraud in File: c:\documents
and settings\all users\application data\17151722\17151722.exe by: Manual scan.
Action: Quarantine failed. Action Description: The file was left unchanged.

Error - 2/22/2010 11:52:27 PM | Computer Name = JACKDUDLEY | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: SecurityToolFraud in File: c:\documents
and settings\all users\application data\17151722\17151722.exe by: Manual scan.
Action: Terminate Process Required. Action Description:

[ System Events ]
Error - 2/24/2010 8:13:36 PM | Computer Name = JACKDUDLEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/24/2010 8:14:44 PM | Computer Name = JACKDUDLEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdPPM eeCtrl Fips SAVRT SAVRTPEL SPBBCDrv SYMTDI

Error - 2/24/2010 8:15:01 PM | Computer Name = JACKDUDLEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/25/2010 6:24:59 PM | Computer Name = JACKDUDLEY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 3/1/2010 1:49:19 PM | Computer Name = JACKDUDLEY | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/1/2010 1:49:20 PM | Computer Name = JACKDUDLEY | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 3/1/2010 1:49:21 PM | Computer Name = JACKDUDLEY | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/1/2010 1:49:21 PM | Computer Name = JACKDUDLEY | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 3/1/2010 1:49:21 PM | Computer Name = JACKDUDLEY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/1/2010 9:52:30 PM | Computer Name = JACKDUDLEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.7 for the Network Card with network
address 0024E81F82A6 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >


Thanks!!!!!

Edited by Technical.Angel, 02 March 2010 - 07:29 AM.

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders

Find these files and delete them manually..

C:\WINDOWS\system32\gptextu.dll
C:\WINDOWS\Tasks\xttpyeiurb.job

Reboot the computer and then do below...


Go HERE and download Dr.Web CureIt to the Desktop. It will be download as random filename.
  • Run Dr.Web CureIt and let it run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)

How's the computer now? :)

Edited by fenzodahl512, 02 March 2010 - 09:11 AM.

  • 0

#3
Technical.Angel

Technical.Angel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Do I run Dr. Web in safe mode?
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Any mode will do :)
  • 0

#5
Technical.Angel

Technical.Angel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Okay, Dr. Web Security Space Pro has totally screwed up the system.

I can't get it off. I tried going into safe mode, but safe mode won't let me uninstall it. Then I disabled all of it from startup, but it just comes back on startup and freezes the system to the point that Ctrl+Alt+Del won't bring up task manager.

Short of reformatting, I'm not sure what to do now.
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Go to another PC, and do below

After you have successfully burned the OTLPE ISO to disc you will need to transfer the disc to the CD drive of your sick computer and boot from it.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  • Please be patient as "Windows" loads
  • Your system should now display a REATOGO-X-PE desktop.
  • Find and delete Dr.Web from the computer and then reboot into Normal Mode

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP