Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

virus/malware opening & running programs from start menu


  • This topic is locked This topic is locked

#1
malviti

malviti

    New Member

  • Member
  • Pip
  • 9 posts
This started 2 weeks ago. I have been running avast virus scans, reg fixes, S&D, tryed running ad-aware, but it closes unexpectedly when almost done. I bought PC Pitstops EXTERMINATOR, initially it found a few things, but since then nothing. Once my scan on this program was canceled while running, but not by me. This thing also attempts to close my internet browser, copies the pages from the internet & opens windows that are links on the page I'm on. About every 5 minutes it opens the windows start button on my pc & sometimes starts running programs. The only way I can make it stop whatever it is doing is to open the task manager. When it opens the start menu sometimes it will flash really fast. I followed all the steps up to the OTL log. When I trying to save GMER log the 1st time, "it" closed the window on me & I had to rescan. This thing is exhausting me. I hope you can help.
Thanks,
Melisa

OTL
OTL logfile created on: 9/19/2010 6:07:27 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 51.00 Mb Available Physical Memory | 20.00% Memory free
626.00 Mb Paging File | 196.00 Mb Available in Paging File | 31.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 61.93 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALVITI
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/19 17:41:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/09/17 00:59:16 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/16 02:15:25 | 001,512,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/19 17:41:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\McAfee\McAfee Firewall\CPD.EXE -- (McAfee Firewall)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/16 02:14:48 | 001,355,928 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/06/26 10:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Auto | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 08:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2005/11/23 16:51:38 | 000,245,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/02/09 13:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.97
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/10/26 02:25:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 00:59:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 00:59:35 | 000,000,000 | ---D | M]

[2010/09/16 02:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/16 02:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions
[2010/09/19 16:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/11/19 02:30:40 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 iesnare.com www.iesnare.com mpsnare.iesnare.com ci-mpsnare.iovation.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/01 15:25:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/09/19 16:42:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/19 16:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/19 15:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/09/19 14:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/09/19 14:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/09/19 14:51:35 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/19 14:51:34 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/19 14:51:32 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/19 14:51:31 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/19 14:51:29 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/19 14:51:28 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/19 14:51:27 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/19 14:50:52 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/19 14:50:51 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/19 13:57:01 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/09/17 19:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2010/09/17 01:03:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/09/16 19:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/16 19:38:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/16 19:38:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/16 19:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/16 19:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/16 16:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2010/09/16 16:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2010/09/16 16:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/09/16 14:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/09/16 14:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/09/16 14:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/09/16 02:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/16 02:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/16 02:50:49 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\My Documents\spybotsd162.exe
[2010/09/16 02:46:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/09/16 02:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/09/16 02:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/09/16 02:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/09/16 02:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/09/16 02:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/09/16 02:26:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/09/16 02:18:12 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/15 23:50:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/15 23:24:25 | 133,582,520 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/09/13 19:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/13 18:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Memorex exPressit Label Design Studio
[2010/09/12 10:12:45 | 000,000,000 | ---D | C] -- C:\71b749bf2c0db56a46b6
[2010/09/10 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/09/10 20:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/09/10 20:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/08 21:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/07 04:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/06 21:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/09/06 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/05 01:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/03 17:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/03 03:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/01 21:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Gimp-2.0
[2009/10/18 03:01:48 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe
[2008/03/03 17:21:11 | 059,163,944 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2008/02/12 12:34:52 | 006,029,648 | ---- | C] (Mozilla) -- C:\Program Files\Firefox_Setup_2.0.0.12.exe
[2008/02/07 22:19:30 | 013,905,056 | ---- | C] (AOL LLC.) -- C:\Program Files\Install_AIM.exe

========== Files - Modified Within 90 Days ==========

[2010/09/19 17:03:28 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/19 17:03:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/19 16:43:53 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/19 16:41:50 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/09/19 16:41:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/09/19 14:53:59 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/19 14:53:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/09/19 14:52:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 13:55:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/09/19 13:50:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/19 13:50:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/19 05:40:47 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/09/19 05:40:47 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/09/19 00:01:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/18 23:55:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/18 23:55:23 | 004,768,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/17 04:05:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/16 19:39:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/16 17:26:14 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor_sch_07D42794-C1D9-11DF-BCC0-0019A6529B25.job
[2010/09/16 16:18:38 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ParetoLogic PC Health Advisor.lnk
[2010/09/16 16:18:36 | 000,113,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/16 02:51:47 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/16 02:51:47 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/09/16 02:51:01 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\My Documents\spybotsd162.exe
[2010/09/16 02:17:30 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/15 23:50:20 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/15 23:36:09 | 133,582,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/09/13 19:06:37 | 000,320,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/10 21:35:14 | 000,000,525 | ---- | M] () -- C:\0.bak
[2010/09/10 20:46:13 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/09/10 20:41:35 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/09/10 20:41:35 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2010/09/10 20:41:24 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/06 21:03:34 | 001,199,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/09/06 05:26:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/12 08:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

========== Files Created - No Company Name ==========

[2010/09/19 17:09:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/09/19 16:41:50 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/09/19 16:41:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/09/19 14:53:59 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/19 14:53:58 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/09/19 14:52:08 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 14:51:42 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/19 13:55:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/09/19 05:40:47 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/09/19 05:40:47 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/09/16 19:39:00 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/16 17:26:13 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor_sch_07D42794-C1D9-11DF-BCC0-0019A6529B25.job
[2010/09/16 16:18:38 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ParetoLogic PC Health Advisor.lnk
[2010/09/16 02:51:47 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/16 02:51:47 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/09/15 23:50:20 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/10 21:33:41 | 000,000,525 | ---- | C] () -- C:\0.bak
[2010/09/10 20:46:13 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/09/10 20:41:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/09/10 20:41:35 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2010/09/10 20:41:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/09/06 21:03:14 | 001,199,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2009/06/18 01:46:05 | 000,000,286 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2008/02/01 14:18:38 | 021,364,592 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2008/01/31 11:54:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/01/31 11:35:33 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/01/31 11:24:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/25 22:11:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2006/12/16 19:26:23 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/16 19:02:47 | 000,000,064 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2004LE.ini
[2006/08/12 23:38:03 | 000,059,970 | ---- | C] () -- C:\Program Files\taxreturn.pdf
[2006/08/10 22:01:54 | 000,125,581 | ---- | C] () -- C:\Program Files\f911.pdf
[2006/08/06 12:02:50 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/08/06 12:01:08 | 000,000,779 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/08/05 22:12:50 | 000,000,016 | ---- | C] () -- C:\WINDOWS\QH32.INI
[2006/08/04 09:25:31 | 000,000,271 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/08/03 23:53:09 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/08/03 23:52:15 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/08/03 23:52:15 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/08/02 20:54:43 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/08/02 20:42:58 | 000,000,105 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2006/08/21 22:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Business Logic
[2010/09/16 16:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2010/09/16 16:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2010/09/08 21:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/10 20:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/19 00:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2006/08/22 20:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/08/04 22:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/03/18 14:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/15 23:51:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/19 00:01:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/05/28 17:24:29 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job
[2010/09/10 20:46:13 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/09/10 20:41:24 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2010/09/10 20:41:35 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2010/09/10 20:41:35 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
[2010/09/16 17:26:14 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor_sch_07D42794-C1D9-11DF-BCC0-0019A6529B25.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/31 11:44:55 | 000,000,606 | ---- | M] () -- C:\0
[2010/09/10 21:35:14 | 000,000,525 | ---- | M] () -- C:\0.bak
[2010/09/19 13:50:05 | 000,141,823 | ---- | M] () -- C:\aaw7boot.log
[2006/08/02 01:41:28 | 000,000,000 | ---- | M] () -- C:\ADSClient.txt
[2006/08/02 01:36:30 | 000,000,000 | ---- | M] () -- C:\ADSServer.txt
[2006/08/02 20:32:39 | 000,000,969 | ---- | M] () -- C:\ADSService.txt
[2009/09/08 20:57:04 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2006/08/02 05:19:50 | 000,028,672 | ---- | M] () -- C:\AluriaCacheFile.dat
[2006/08/01 15:25:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/04/25 09:48:04 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/08/01 15:25:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/01 15:25:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/03/18 14:46:18 | 000,003,678 | -H-- | M] () -- C:\IPH.PH
[2006/08/01 15:25:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/08/21 04:56:00 | 000,000,007 | ---- | M] () -- C:\NOTACER.ID
[2006/08/03 14:45:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/08/03 14:45:48 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2006/08/01 16:27:33 | 000,000,000 | ---- | M] () -- C:\nvlog.txt
[2010/09/19 13:50:07 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2008/02/26 13:34:23 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/01 11:07:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/01 11:07:19 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/01 11:07:18 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-19 07:02:29
< End of report >

OTLEXTRAS
OTL Extras logfile created on: 9/19/2010 6:07:27 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 51.00 Mb Available Physical Memory | 20.00% Memory free
626.00 Mb Paging File | 196.00 Mb Available in Paging File | 31.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 61.93 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALVITI
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"7062:TCP" = 7062:TCP:*:Disabled:BitComet 7062 TCP
"7062:UDP" = 7062:UDP:*:Disabled:BitComet 7062 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Disabled:Age of Empires II -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\ParetoLogic\PCHA\PCHA.exe" = C:\Program Files\ParetoLogic\PCHA\PCHA.exe:*:Disabled:ParetoLogic PC Health Advisor -- (ParetoLogic, Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{50915408-4940-4C36-B4CC-0D9944FA4C59}" =
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{89C43B94-02D9-47CB-A338-8CEC0E70F638}" =
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" =
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"ABBYY FineReader 5.0 Sprint" =
"Ad-Aware" = Ad-Aware
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"avast5" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Branding" =
"CCleaner" = CCleaner
"Connection Manager" =
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"ERUNT_is1" = ERUNT 1.1j
"Fontcore" =
"Google Chrome" = Google Chrome
"ICW" =
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie8" = Windows Internet Explorer 8
"IEData" =
"LimeWire" = LimeWire 5.3.6
"Microsoft NetShow Player 2.0" =
"MobileOptionPack" =
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MsJavaVM" =
"MVApplication1" = Memorex exPressit Label Design Studio
"NetMeeting" =
"OutlookExpress" =
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"PCHealth" =
"SchedulingAgent" =
"Shockwave" =
"STDU Explorer_is1" = STDU Explorer version 1.0.195.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"Zynga Toolbar" = Zynga Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2010 7:52:03 PM | Computer Name = ALVITI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/15/2010 3:01:10 AM | Computer Name = ALVITI | Source = .NET Runtime | ID = 0
Description =

Error - 9/15/2010 11:55:40 PM | Computer Name = ALVITI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/16/2010 1:45:06 AM | Computer Name = ALVITI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/16/2010 2:18:57 AM | Computer Name = ALVITI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/16/2010 2:42:04 AM | Computer Name = ALVITI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/16/2010 4:37:52 AM | Computer Name = ALVITI | Source = .NET Runtime | ID = 0
Description =

Error - 9/16/2010 10:09:19 PM | Computer Name = ALVITI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/18/2010 3:00:22 AM | Computer Name = ALVITI | Source = .NET Runtime | ID = 0
Description =

Error - 9/19/2010 3:02:21 AM | Computer Name = ALVITI | Source = .NET Runtime | ID = 0
Description =

[ System Events ]
Error - 9/19/2010 5:08:24 PM | Computer Name = ALVITI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/19/2010 5:09:53 PM | Computer Name = ALVITI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/19/2010 5:12:44 PM | Computer Name = ALVITI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/19/2010 5:12:52 PM | Computer Name = ALVITI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/19/2010 5:37:23 PM | Computer Name = ALVITI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/19/2010 5:56:19 PM | Computer Name = ALVITI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/19/2010 6:03:56 PM | Computer Name = ALVITI | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 9/19/2010 6:03:57 PM | Computer Name = ALVITI | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 9/19/2010 6:07:37 PM | Computer Name = ALVITI | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 9/19/2010 6:07:38 PM | Computer Name = ALVITI | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-19 22:51:17
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdrpod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF92B087E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF92B0BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\ExtendedErrors@ Extended Error Service
Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\ExtendedErrors\{C0932C62-38E5-11d0-97AB-00C04FC2AD98}
Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\ExtendedErrors\{C0932C62-38E5-11d0-97AB-00C04FC2AD98}@ SQLOLEDB Error Lookup
Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\Implemented Categories\{D267E19A-0B97-11D2-BB1C-00C04FC9B532}
Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\InprocServer32@ C:\Program Files\Common Files\System\OLE DB\sqloledb.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\OLE DB Provider@ Microsoft OLE DB Provider for SQL Server
Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\ProgID@ SQLOLEDB.1
Reg HKLM\SOFTWARE\Classes\CLSID\{2B281F75-2A00-CEB2-C5CE-143F6EB652C1}\VersionIndependentProgID@ SQLOLEDB
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@Class System.Runtime.Remoting.Metadata.W3cXsd2001.SoapIdrefs
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32\1.0.5000.0@Class System.Runtime.Remoting.Metadata.W3cXsd2001.SoapIdrefs
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\ProgId@ System.Runtime.Remoting.Metadata.W3cXsd2001.SoapIdrefs

---- EOF - GMER 1.0.15 ----


Malware Bytes wouln't let me run a scan @ 1st I got an "vbAceelerator SGrid 11 control" Run-time error '0', I unistalled & then reistalled.
Here's my log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4653

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

9/19/2010 8:20:39 PM
mbam-log-2010-09-19 (20-20-39).txt

Scan type: Quick scan
Objects scanned: 175128
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by malviti, 19 September 2010 - 09:05 PM.

  • 0

Advertisement


#2
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 21,331 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

ComboFix
Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
malviti

malviti

    New Member

  • Member
  • Pip
  • 9 posts
Hi Azarl,
Thanks for looking at this for me. :D Also, just so you know, my anti-virus was not enabled. I don't know why it thinks it was. I went to services & disabled it myself.


ComboFix 10-09-25.07 - Administrator 09/26/2010 8:20.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.98 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-25 07:26 . 2010-09-25 07:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-25 05:38 . 2010-09-25 05:38 -------- d-----w- c:\documents and settings\MOE CREAM Recordz\Local Settings\Application Data\Google
2010-09-25 01:48 . 2010-09-05 20:42 58368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
2010-09-25 01:48 . 2010-09-25 05:33 58368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\{c1a37d9e-42f6-4c79-a5a5-2b5543ad5e57}\components\FFExternalAlert.dll
2010-09-25 01:48 . 2010-09-25 05:33 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\{c1a37d9e-42f6-4c79-a5a5-2b5543ad5e57}\components\RadioWMPCore.dll
2010-09-25 01:48 . 2010-09-05 20:42 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
2010-09-25 00:06 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-25 00:06 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-09-25 00:05 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-25 00:05 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-25 00:05 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-25 00:03 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-23 08:27 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-22 03:12 . 2010-09-22 03:12 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 03:11 . 2010-09-22 03:11 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 03:11 . 2010-09-22 03:11 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 03:11 . 2010-09-22 03:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-09-22 03:06 . 2010-09-22 03:06 52224 ----a-w- c:\documents and settings\Skye\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 03:05 . 2010-09-22 03:05 117760 ----a-w- c:\documents and settings\Skye\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 03:03 . 2010-09-22 03:03 -------- d-----w- c:\documents and settings\Skye\Application Data\SUPERAntiSpyware.com
2010-09-22 03:03 . 2010-09-22 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-22 03:01 . 2010-09-22 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-22 02:55 . 2010-09-22 02:55 -------- d-sh--w- c:\documents and settings\Skye\IECompatCache
2010-09-21 03:57 . 2010-09-21 03:57 -------- d-----w- c:\windows\system32\scripting
2010-09-21 03:57 . 2010-09-21 03:57 -------- d-----w- c:\windows\l2schemas
2010-09-21 03:57 . 2010-09-21 03:57 -------- d-----w- c:\windows\system32\en
2010-09-20 23:26 . 2002-09-03 16:33 55296 ----a-w- c:\documents and settings\Skye\Application Data\Yahoo!\Mail\attach\freecell.exe
2010-09-20 00:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 00:02 . 2010-09-22 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 00:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-19 23:33 . 2010-09-19 23:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2010-09-19 20:41 . 2010-09-19 20:41 -------- d-----w- c:\program files\ERUNT
2010-09-19 19:54 . 2010-09-19 19:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-09-19 18:52 . 2010-09-19 18:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-09-19 18:51 . 2010-09-19 18:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-09-19 18:51 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-19 18:51 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-19 18:51 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-19 18:51 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-19 18:51 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-19 18:51 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-19 18:51 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-19 18:50 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-19 18:50 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-19 17:57 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-17 21:44 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2010-09-17 21:43 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2010-09-16 23:39 . 2010-09-16 23:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-16 23:38 . 2010-09-16 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-16 20:18 . 2010-09-16 20:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2010-09-16 20:18 . 2010-09-16 20:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic
2010-09-16 18:51 . 2010-09-19 19:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-09-16 06:51 . 2010-09-23 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-16 06:51 . 2010-09-16 06:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-16 06:46 . 2010-09-16 06:46 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-09-16 06:28 . 2010-09-16 06:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-16 06:26 . 2010-09-16 06:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-16 06:18 . 2010-09-16 06:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-16 03:56 . 2010-09-16 03:56 -------- d-----w- c:\documents and settings\Skye\Local Settings\Application Data\Sunbelt Software
2010-09-16 03:51 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-16 03:50 . 2010-09-16 03:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-16 03:24 . 2010-09-16 03:36 133582520 ----a-w- c:\program files\Ad-AwareInstall.exe
2010-09-16 01:58 . 2010-09-16 01:58 -------- d-----w- c:\documents and settings\Skye\Local Settings\Application Data\Identities
2010-09-14 05:05 . 2010-09-14 05:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-13 23:40 . 2010-09-13 23:40 -------- d-sh--w- c:\documents and settings\Bryan.OWNER-EBH62BKPG\PrivacIE
2010-09-13 23:01 . 2010-09-13 23:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-13 22:48 . 2010-09-13 22:48 -------- d-sh--w- c:\documents and settings\Owner\UserData
2010-09-13 22:48 . 2010-09-13 22:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2010-09-13 22:48 . 2010-09-13 22:48 -------- d-----w- c:\documents and settings\Owner\Incomplete
2010-09-12 14:12 . 2010-09-12 14:13 -------- d-----w- C:\71b749bf2c0db56a46b6
2010-09-11 23:36 . 2010-09-11 23:36 -------- d-----w- c:\documents and settings\MOE CREAM Recordz\Local Settings\Application Data\Mozilla
2010-09-11 23:28 . 2010-09-11 23:28 -------- d-----w- c:\documents and settings\MOE CREAM Recordz\IECompatCache
2010-09-11 00:44 . 2010-09-11 00:44 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2010-09-11 00:43 . 2010-09-11 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic
2010-09-11 00:41 . 2010-09-11 00:41 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-09-11 00:41 . 2010-09-11 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-11 00:41 . 2010-09-11 00:41 -------- d-----w- c:\program files\ParetoLogic
2010-09-09 01:36 . 2010-09-09 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-07 08:16 . 2010-09-13 23:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-07 01:01 . 2010-09-13 23:03 -------- d-----w- c:\program files\PC Tools Security
2010-09-07 00:56 . 2010-09-13 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 19:03 . 2009-10-31 15:51 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-25 04:45 . 2006-12-20 20:45 -------- d-----w- c:\documents and settings\MOE CREAM Recordz\Application Data\LimeWire
2010-09-25 04:20 . 2009-12-09 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-09-22 05:12 . 2006-08-22 02:44 94936 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-22 02:51 . 2009-12-09 14:03 -------- d-----w- c:\program files\PCPitstop
2010-09-22 01:29 . 2006-08-07 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-21 04:02 . 2006-08-01 19:25 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-09-19 18:53 . 2008-02-10 13:20 -------- d-----w- c:\program files\Google
2010-09-14 05:58 . 2008-03-02 03:36 -------- d-----w- c:\documents and settings\Skye\Application Data\Yahoo!
2010-09-13 02:25 . 2006-08-03 00:11 94936 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-09 01:36 . 2006-08-03 05:44 -------- d-----w- c:\program files\Alwil Software
2010-09-07 01:03 . 2010-09-07 01:03 1199264 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 12:15 . 2009-10-20 04:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-10-20 03:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-22 15:49 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-10-17 14:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-05 05:45 . 2010-07-05 05:45 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-30 12:31 . 2002-09-03 16:58 149504 ----a-w- c:\windows\system32\schannel.dll
2009-10-18 07:07 . 2009-10-18 07:01 3309072 -c--a-w- c:\program files\ccsetup224.exe
2008-02-12 16:34 . 2008-02-12 16:34 6029648 -c--a-w- c:\program files\Firefox_Setup_2.0.0.12.exe
2008-02-01 18:21 . 2008-02-01 18:18 21364592 -c--a-w- c:\program files\aaw2007.exe
2006-08-13 03:38 . 2006-08-13 03:38 59970 -c--a-w- c:\program files\taxreturn.pdf
2006-08-11 02:01 . 2006-08-11 02:01 125581 -c--a-w- c:\program files\f911.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

c:\documents and settings\MOE CREAM Recordz\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"7062:TCP"= 7062:TCP:*:Disabled:BitComet 7062 TCP
"7062:UDP"= 7062:UDP:*:Disabled:BitComet 7062 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/19/2009 11:59 PM 64288]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/19/2010 2:51 PM 165584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/19/2010 2:51 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/19/2010 2:51 PM 136176]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/9/2009 10:03 AM 85504]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/19/2010 8:02 PM 38224]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
.
Contents of the 'Scheduled Tasks' folder

2010-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 06:15]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 18:51]

2010-05-28 c:\windows\Tasks\Install.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-05-02 15:21]

2010-09-11 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-09-11 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-09-11 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]

2010-09-11 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]

2010-09-16 c:\windows\Tasks\PC Health Advisor_sch_07D42794-C1D9-11DF-BCC0-0019A6529B25.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\{c1a37d9e-42f6-4c79-a5a5-2b5543ad5e57}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\{c1a37d9e-42f6-4c79-a5a5-2b5543ad5e57}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 08:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-1614895754-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,06,b4,42,47,a8,4e,40,84,15,50,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,06,b4,42,47,a8,4e,40,84,15,50,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2010-09-26 08:29:52
ComboFix-quarantined-files.txt 2010-09-26 12:29

Pre-Run: 65,020,358,656 bytes free
Post-Run: 65,000,153,088 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - B5E53F9573ABD6904FC4694D7D7E0DB4
  • 0

#4
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 21,331 posts
» Step 1 «

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes 
    
    :Services
    
    :OTL
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...aploader_v6.cab (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    
    
    :Commands
    [purity]
    [emptytemp]
    
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

++++++++++ oOo +++++++++


» Step 2 «

ComboFix Script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

RegLock::
[HKEY_USERS\S-1-5-21-583907252-1614895754-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I need you to include in your next reply.

++++++++++ oOo +++++++++


» Step 3 «

We need to get your Anti-virus working, any idea why it's stopped?
  • 0

#5
malviti

malviti

    New Member

  • Member
  • Pip
  • 9 posts
I followed the steps.
Here is my log. My anti virus was disabled by me to run the scans needed. It works fine.
I'm still having the issues with my pc :D

ComboFix 10-09-27.05 - Administrator 09/28/2010 8:36.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.147 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-28 12:19 . 2010-09-28 12:19 -------- d-----w- c:\windows\LastGood
2010-09-28 12:15 . 2010-09-28 12:15 -------- d-----w- C:\_OTL
2010-09-25 07:26 . 2010-09-25 07:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-25 05:38 . 2010-09-25 05:38 -------- d-----w- c:\documents and settings\MOE CREAM Recordz\Local Settings\Application Data\Google
2010-09-25 01:48 . 2010-09-05 20:42 58368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
2010-09-25 01:48 . 2010-09-25 05:33 58368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\{c1a37d9e-42f6-4c79-a5a5-2b5543ad5e57}\components\FFExternalAlert.dll
2010-09-25 01:48 . 2010-09-25 05:33 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\{c1a37d9e-42f6-4c79-a5a5-2b5543ad5e57}\components\RadioWMPCore.dll
2010-09-25 01:48 . 2010-09-05 20:42 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
2010-09-25 00:06 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-25 00:06 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-09-25 00:05 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-25 00:05 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-25 00:05 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-25 00:03 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-23 08:27 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-22 03:12 . 2010-09-22 03:12 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-22 03:11 . 2010-09-22 03:11 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 03:11 . 2010-09-22 03:11 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 03:11 . 2010-09-22 03:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-09-22 03:06 . 2010-09-22 03:06 52224 ----a-w- c:\documents and settings\Skye\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-22 03:05 . 2010-09-22 03:05 117760 ----a-w- c:\documents and settings\Skye\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-22 03:03 . 2010-09-22 03:03 -------- d-----w- c:\documents and settings\Skye\Application Data\SUPERAntiSpyware.com
2010-09-22 03:03 . 2010-09-22 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-22 03:01 . 2010-09-22 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-22 02:55 . 2010-09-22 02:55 -------- d-sh--w- c:\documents and settings\Skye\IECompatCache
2010-09-21 03:57 . 2010-09-21 03:57 -------- d-----w- c:\windows\system32\scripting
2010-09-21 03:57 . 2010-09-21 03:57 -------- d-----w- c:\windows\l2schemas
2010-09-21 03:57 . 2010-09-21 03:57 -------- d-----w- c:\windows\system32\en
2010-09-20 23:26 . 2002-09-03 16:33 55296 ----a-w- c:\documents and settings\Skye\Application Data\Yahoo!\Mail\attach\freecell.exe
2010-09-20 00:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 00:02 . 2010-09-22 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 00:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-19 23:33 . 2010-09-19 23:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2010-09-19 20:41 . 2010-09-19 20:41 -------- d-----w- c:\program files\ERUNT
2010-09-19 19:54 . 2010-09-19 19:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-09-19 18:52 . 2010-09-19 18:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-09-19 18:51 . 2010-09-19 18:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-09-19 18:51 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-19 18:51 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-19 18:51 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-19 18:51 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-19 18:51 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-19 18:51 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-19 18:51 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-19 18:50 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-19 18:50 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-19 17:57 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-17 21:44 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2010-09-17 21:43 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2010-09-16 23:39 . 2010-09-16 23:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-16 23:38 . 2010-09-16 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-16 20:18 . 2010-09-16 20:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2010-09-16 20:18 . 2010-09-16 20:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic
2010-09-16 18:51 . 2010-09-19 19:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-09-16 06:51 . 2010-09-23 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-16 06:51 . 2010-09-16 06:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-16 06:46 . 2010-09-16 06:46 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-09-16 06:28 . 2010-09-16 06:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-16 06:26 . 2010-09-16 06:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-16 06:18 . 2010-09-16 06:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-16 03:56 . 2010-09-16 03:56 -------- d-----w- c:\documents and settings\Skye\Local Settings\Application Data\Sunbelt Software
2010-09-16 03:51 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-16 03:50 . 2010-09-16 03:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-16 03:24 . 2010-09-16 03:36 133582520 ----a-w- c:\program files\Ad-AwareInstall.exe
2010-09-16 01:58 . 2010-09-16 01:58 -------- d-----w- c:\documents and settings\Skye\Local Settings\Application Data\Identities
2010-09-14 05:05 . 2010-09-14 05:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-13 23:40 . 2010-09-13 23:40 -------- d-sh--w- c:\documents and settings\Bryan.OWNER-EBH62BKPG\PrivacIE
2010-09-13 23:01 . 2010-09-13 23:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-13 22:48 . 2010-09-13 22:48 -------- d-sh--w- c:\documents and settings\Owner\UserData
2010-09-13 22:48 . 2010-09-13 22:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2010-09-13 22:48 . 2010-09-13 22:48 -------- d-----w- c:\documents and settings\Owner\Incomplete
2010-09-12 14:12 . 2010-09-12 14:13 -------- d-----w- C:\71b749bf2c0db56a46b6
2010-09-11 23:36 . 2010-09-11 23:36 -------- d-----w- c:\documents and settings\MOE CREAM Recordz\Local Settings\Application Data\Mozilla
2010-09-11 23:28 . 2010-09-11 23:28 -------- d-----w- c:\documents and settings\MOE CREAM Recordz\IECompatCache
2010-09-11 00:44 . 2010-09-11 00:44 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2010-09-11 00:43 . 2010-09-11 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic
2010-09-11 00:41 . 2010-09-11 00:41 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-09-11 00:41 . 2010-09-11 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-11 00:41 . 2010-09-11 00:41 -------- d-----w- c:\program files\ParetoLogic
2010-09-09 01:36 . 2010-09-09 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-07 08:16 . 2010-09-13 23:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-07 01:01 . 2010-09-13 23:03 -------- d-----w- c:\program files\PC Tools Security
2010-09-07 00:56 . 2010-09-13 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 12:16 . 2009-12-09 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-09-26 22:38 . 2009-10-31 15:51 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-25 04:45 . 2006-12-20 20:45 -------- d-----w- c:\documents and settings\MOE CREAM Recordz\Application Data\LimeWire
2010-09-22 05:12 . 2006-08-22 02:44 94936 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-22 02:51 . 2009-12-09 14:03 -------- d-----w- c:\program files\PCPitstop
2010-09-22 01:29 . 2006-08-07 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-21 04:02 . 2006-08-01 19:25 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-09-19 18:53 . 2008-02-10 13:20 -------- d-----w- c:\program files\Google
2010-09-14 05:58 . 2008-03-02 03:36 -------- d-----w- c:\documents and settings\Skye\Application Data\Yahoo!
2010-09-13 02:25 . 2006-08-03 00:11 94936 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-09 01:36 . 2006-08-03 05:44 -------- d-----w- c:\program files\Alwil Software
2010-09-07 01:03 . 2010-09-07 01:03 1199264 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 12:15 . 2009-10-20 04:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-10-20 03:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-22 15:49 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-10-17 14:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-05 05:45 . 2010-07-05 05:45 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2009-10-18 07:07 . 2009-10-18 07:01 3309072 -c--a-w- c:\program files\ccsetup224.exe
2008-02-12 16:34 . 2008-02-12 16:34 6029648 -c--a-w- c:\program files\Firefox_Setup_2.0.0.12.exe
2008-02-01 18:21 . 2008-02-01 18:18 21364592 -c--a-w- c:\program files\aaw2007.exe
2006-08-13 03:38 . 2006-08-13 03:38 59970 -c--a-w- c:\program files\taxreturn.pdf
2006-08-11 02:01 . 2006-08-11 02:01 125581 -c--a-w- c:\program files\f911.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

c:\documents and settings\MOE CREAM Recordz\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"7062:TCP"= 7062:TCP:*:Disabled:BitComet 7062 TCP
"7062:UDP"= 7062:UDP:*:Disabled:BitComet 7062 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/19/2009 11:59 PM 64288]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/19/2010 2:51 PM 165584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/19/2010 2:51 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/19/2010 2:51 PM 136176]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/9/2009 10:03 AM 85504]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/19/2010 8:02 PM 38224]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
.
Contents of the 'Scheduled Tasks' folder

2010-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 06:15]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 18:51]

2010-05-28 c:\windows\Tasks\Install.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-05-02 15:21]

2010-09-11 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-09-11 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-09-11 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]

2010-09-11 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]

2010-09-16 c:\windows\Tasks\PC Health Advisor_sch_07D42794-C1D9-11DF-BCC0-0019A6529B25.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\{c1a37d9e-42f6-4c79-a5a5-2b5543ad5e57}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\{c1a37d9e-42f6-4c79-a5a5-2b5543ad5e57}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fnwzzard.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-XoftSpySE - c:\program files\XoftSpySE6\XoftSpySE.exe
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-28 08:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1664)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-28 08:46:14
ComboFix-quarantined-files.txt 2010-09-28 12:46
ComboFix2.txt 2010-09-26 12:29

Pre-Run: 65,119,617,024 bytes free
Post-Run: 65,102,966,784 bytes free

- - End Of File - - 1E8D1CC3C7C90F1BAFC62F0EE4E6EE74
  • 0

#6
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 21,331 posts
Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA technology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest vision.

Upgrading Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586-p.exe and select "Run as an Administrator.")
Running Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Diallers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#7
malviti

malviti

    New Member

  • Member
  • Pip
  • 9 posts
Hi,
I was able to remove the old versions of Java & download the new one to my desktop, but when I went to install it a box popped up that said " The system administrator has set policies to prevent this installation"
:D

Thanks,
Melisa
  • 0

#8
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 21,331 posts
Is this a work machine?
  • 0

#9
malviti

malviti

    New Member

  • Member
  • Pip
  • 9 posts
No, it's a home machine. I have admin rights, but don't want to mess with any settings. Any help would be appreciated.
Thanks,
Melisa
  • 0

#10
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 21,331 posts
Right-click on the program and select "Run as administrator"
  • 0
<

Advertisement


#11
malviti

malviti

    New Member

  • Member
  • Pip
  • 9 posts
Blah! "A device attached to the system is not functioning" How do I figure out that problem?
  • 0

#12
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 21,331 posts

Blah! "A device attached to the system is not functioning" How do I figure out that problem?


We'll try a different scanner now and come back to that when we've got you cleaned.

ESET Scanner
Please run a free online scan with the ESET Online Scanner
Note: Use Internet Explorer for this scan. (If you need to use Firefox or Opera, click on the download icon to download the ESET Installer and save to your desktop. When the download is complete double-click on the icon on the desktop.)
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#13
malviti

malviti

    New Member

  • Member
  • Pip
  • 9 posts
Welcome back!
I was able to run the scan. Here is my log. Some new things are happening though. When I'm online, I can perform 1 action (like opening a link) & then I can't do anything unless I hit the windows start button. I don't have any other buttons to try so I don't know if that is the only 1 that would work. Also, I haven't changed any settings, but when I went to get this log, I had to click "open" for each folder including the "my computer". I never had to do that before. I would just click & it would open. Very weird!
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=53acec412d312844935ebf7a7b97723c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-02 06:42:33
# local_time=2010-10-02 02:42:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 6760180 6760180 0 0
# compatibility_mode=768 16777215 100 0 1072704 1072704 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=42465
# found=0
# cleaned=0
# scan_time=11266

Thanks again,
Melisa
  • 0

#14
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 21,331 posts

Welcome back!


Thank you :D

Sounding more like a system problem this.

  • Click on Start > Run
  • In the "Run" Box type chkdsk /f (note the space between the 'k' and the '/') and hit the enter key
  • If you get the message "chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <y/n>" , answer Y
  • You will get the message: "This volume will be checked the next time the system restarts"
  • Reboot the system and chkdsk will start to run allow it to complete.
Notes:
  • It may take a considerable time to complete
  • Do not run any other programs or use the pc whilst chkdsk is running
  • Do not switch of the PC, it may damage the system.

++++++++++ oOo +++++++++


  • Click Start > Run and type cmd {enter}
  • Type SFC /scannow (Note the space between the c and the /)
  • You may need your Windows XP CD so have it ready.
    If you have Service Pack 2 (SP2) or SP3 installed, you will need the SP2 or SP3 version of the version of the CD.
  • Allow the scan to run and when completed, reboot the system.

  • 0

#15
malviti

malviti

    New Member

  • Member
  • Pip
  • 9 posts
Hello,
I was able to run the 1st scan. I don't have a recovery cd in my possession. The issue with the having to click the start button has stopped though :D
The rest of the problems are still here.

Melisa
  • 0

Advertisement




Similar Topics: virus/malware opening & running programs from start menu     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured