Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

found tons of malware, 'treated' but still major issues

Started by Poochure , Jul 02 2011 03:22 PM

  • This topic is locked This topic is locked

#1
Poochure
Posted 02 July 2011 - 03:22 PM

Poochure

    Member

  • Member
  • PipPip
  • 35 posts
HP Pavilion 2v5000
Intell Pentium 4
74.5 GB HD (15% used), 382 MB RAM
XP Home, SP 2
Arsenal: Avast, Malwarebytes


I took on helping my friend with her computer ails, after she'd lent it to other people who let the Norton expire and gave it back to her with the complaint that "it has a mind of its own."

Immediately I stopped needless start up communication, ran CCleaner, uninstalled Limewire and Itunes w/Revo, installed/performed full (day-long) scans with Avast and Malwarebytes. Avast first found dozens of infected files, folders, registry entries--adware, keylogger, trojan, rootkit-- which are now in the vault. Malwarebytes' last full scan showed dozens of issues supposedly deleted that the Avast scan did not catch--many associated with WIN32.

I then ran Avast and Malwarebytes quick scans and nothing turned up, but there are still major issues going on with this computer:
  • loud, constant beeps when booting
  • "v's" typed into fields automatically
  • other times cannot enter any text into fields
  • adware still visible (green underlined words)
  • navigating windows directories takes forever
  • overall performance is slow

These are the same issues that I encountered when taking the computer on. I know very limited about what I am doing, but something tells me that this computer still has something infectious. Please help. :)



OTL logfile created on: 7/2/2011 9:23:50 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Kahikina\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.98 Mb Total Physical Memory | 91.82 Mb Available Physical Memory | 23.98% Memory free
1.51 Gb Paging File | 1.16 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1400 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 61.52 Gb Free Space | 82.56% Space Free | Partition Type: NTFS

Computer Name: PUA | User Name: Kahikina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/02 09:20:33 | 000,580,096 | ---- | M] (OldTimer vvvvv-- C:\Documents and Settings\Kahikina\My
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/05/10 02:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 02:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/14 06:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 00:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/02 09:20:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXX\My Documents\Downloads\OTL.exe
MOD - [2011/05/10 02:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/08/25 05:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 02:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 02:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 02:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 02:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 02:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 01:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 01:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 01:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 02:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/12/01 22:26:00 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/24 01:19:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 08:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/04/14 07:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/04/14 06:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/25 12:54:24 | 000,680,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/23 05:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 17:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 14:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/06/06 10:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/04/23 05:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/02/18 14:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 10:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/02 07:52:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 05:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 05:33:16 | 000,000,000 | ---D | M]

[2009/11/02 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXX\Application Data\Mozilla\Extensions
[2009/11/02 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXX\Application Data\Mozilla\Firefox\Profiles\p0u0x2mc.default\extensions
[2011/05/08 05:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/02 07:52:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 06:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/12/31 22:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/03 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2711FB4B-C463-45CA-B7A3-E7FE6B91BBC6} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7D3AAC71-D954-44A8-93A0-03B76128A237} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9479191E-D5DF-A222-D17C-8DADDDC220C7} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B1EF246F-DB94-4C7C-9431-19C379CE475E} - No CLSID value found.
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (no name) - {CD98D247-AEF6-46DC-A243-E3F9D6B8D248} - No CLSID value found.
O2 - BHO: (no name) - {DA4F8BA1-C2DE-45FE-AEF5-DB133B265A1F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.25.227.55 209.18.47.61
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\edxwnase: DllName - edxwnase.dll - File not found
O20 - Winlogon\Notify\gebya: DllName - C:\WINDOWS\system32\gebya.dll - File not found
O20 - Winlogon\Notify\geedb: DllName - C:\WINDOWS\system32\geedb.dll - File not found
O20 - Winlogon\Notify\jkkjj: DllName - C:\WINDOWS\system32\jkkjj.dll - File not found
O20 - Winlogon\Notify\pmkjj: DllName - C:\WINDOWS\system32\pmkjj.dll - File not found
O20 - Winlogon\Notify\ssqpn: DllName - C:\WINDOWS\system32\ssqpn.dll - File not found
O20 - Winlogon\Notify\ssqqnoo: DllName - ssqqnoo.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\KahikiXXXX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/02 07:39:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/07/02 07:39:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/07/02 07:38:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/07/02 07:38:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/07/02 07:37:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/07/02 05:50:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kahikina\Recent
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2000 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/02 08:12:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/02 07:54:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/02 07:54:32 | 401,657,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/02 07:52:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/02 07:44:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/02 07:38:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/02 05:54:46 | 000,026,512 | ---- | M] () -- C:\Documents and Settings\XXX\My Documents\.reg
[2011/07/02 05:05:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2000 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/02 07:36:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/02 05:54:39 | 000,026,512 | ---- | C] () -- C:\Documents and Settings\XXXXX\My Documents\.reg
[2009/11/03 11:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/11/02 20:47:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/14 19:00:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/07 14:53:32 | 001,578,343 | -HS- | C] () -- C:\WINDOWS\System32\mokcuvfr.ini
[2008/03/06 10:54:17 | 001,286,441 | -HS- | C] () -- C:\WINDOWS\System32\xerolyvg.ini
[2008/03/06 09:51:20 | 001,286,321 | -HS- | C] () -- C:\WINDOWS\System32\soupcqfn.ini
[2008/03/05 13:13:50 | 001,286,261 | -HS- | C] () -- C:\WINDOWS\System32\bdgtyygf.ini
[2008/03/05 12:07:54 | 001,286,201 | -HS- | C] () -- C:\WINDOWS\System32\iaklewhr.ini
[2008/02/20 18:32:12 | 000,025,312 | -HS- | C] () -- C:\WINDOWS\System32\edxwnase.dllbox
[2008/02/14 15:48:44 | 001,286,141 | -HS- | C] () -- C:\WINDOWS\System32\yilaqhkj.ini
[2008/02/11 11:52:34 | 001,603,037 | -HS- | C] () -- C:\WINDOWS\System32\hjllm.ini2
[2008/02/04 03:02:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/23 08:06:19 | 000,776,553 | -HS- | C] () -- C:\WINDOWS\System32\oyjhhgos.ini
[2007/10/15 19:13:37 | 000,000,078 | ---- | C] () -- C:\WINDOWS\System32\wtkytwvf.dll
[2007/10/12 12:31:36 | 000,006,527 | -HS- | C] () -- C:\WINDOWS\System32\bdeeg.ini
[2007/10/08 18:13:59 | 000,693,538 | -HS- | C] () -- C:\WINDOWS\System32\jigvtufe.ini
[2007/10/08 16:51:20 | 000,693,477 | -HS- | C] () -- C:\WINDOWS\System32\cissbgvk.ini
[2007/10/08 15:44:34 | 000,693,538 | -HS- | C] () -- C:\WINDOWS\System32\gccwtseg.ini
[2007/10/07 21:47:21 | 000,693,468 | -HS- | C] () -- C:\WINDOWS\System32\raupcqrq.ini
[2007/09/26 07:07:10 | 000,694,007 | -HS- | C] () -- C:\WINDOWS\System32\tjmflhgw.ini
[2007/09/26 06:14:52 | 000,693,827 | -HS- | C] () -- C:\WINDOWS\System32\lwljqdtn.ini
[2007/09/25 23:52:49 | 000,693,707 | -HS- | C] () -- C:\WINDOWS\System32\pmimuttw.ini
[2007/09/23 17:50:43 | 000,693,587 | -HS- | C] () -- C:\WINDOWS\System32\fayvtupx.ini
[2007/09/23 17:41:01 | 000,693,467 | -HS- | C] () -- C:\WINDOWS\System32\mvvrfqjs.ini
[2007/09/17 15:43:54 | 000,695,876 | -HS- | C] () -- C:\WINDOWS\System32\gmmwafvt.ini
[2007/09/17 09:36:27 | 000,695,774 | -HS- | C] () -- C:\WINDOWS\System32\vioculqg.ini
[2007/09/17 08:03:10 | 000,695,645 | -HS- | C] () -- C:\WINDOWS\System32\unuenawf.ini
[2007/09/16 23:31:38 | 000,695,525 | -HS- | C] () -- C:\WINDOWS\System32\eexmrbkm.ini
[2007/09/16 12:20:41 | 000,695,396 | -HS- | C] () -- C:\WINDOWS\System32\ctwsyego.ini
[2007/09/15 22:21:06 | 000,695,225 | -HS- | C] () -- C:\WINDOWS\System32\adblnbeg.ini
[2007/09/15 14:09:41 | 000,695,105 | -HS- | C] () -- C:\WINDOWS\System32\myhdpgbr.ini
[2007/09/15 09:02:19 | 000,695,003 | -HS- | C] () -- C:\WINDOWS\System32\pkvmmfcm.ini
[2007/09/14 22:53:00 | 000,694,865 | -HS- | C] () -- C:\WINDOWS\System32\asmtojhf.ini
[2007/09/13 23:21:54 | 000,694,753 | -HS- | C] () -- C:\WINDOWS\System32\ougfcrri.ini
[2007/09/13 14:24:00 | 000,694,629 | -HS- | C] () -- C:\WINDOWS\System32\xkfgjgmx.ini
[2007/09/13 12:29:09 | 000,694,436 | -HS- | C] () -- C:\WINDOWS\System32\sjgideda.ini
[2007/09/13 09:10:26 | 000,694,333 | -HS- | C] () -- C:\WINDOWS\System32\dbverbxe.ini
[2007/09/13 06:52:37 | 000,694,204 | -HS- | C] () -- C:\WINDOWS\System32\xiryrsmg.ini
[2007/09/12 23:17:49 | 000,694,084 | -HS- | C] () -- C:\WINDOWS\System32\ggarqyws.ini
[2007/09/12 18:55:12 | 000,693,964 | -HS- | C] () -- C:\WINDOWS\System32\artpfeam.ini
[2007/09/11 22:18:49 | 000,693,845 | -HS- | C] () -- C:\WINDOWS\System32\crexfiiy.ini
[2007/09/08 16:49:19 | 000,693,716 | -HS- | C] () -- C:\WINDOWS\System32\ojljgtoh.ini
[2007/09/07 23:32:25 | 000,693,535 | -HS- | C] () -- C:\WINDOWS\System32\mdowgknc.ini
[2007/09/07 17:03:27 | 000,693,555 | -HS- | C] () -- C:\WINDOWS\System32\ntkrewwc.ini
[2007/09/07 13:20:45 | 000,627,679 | -HS- | C] () -- C:\WINDOWS\System32\munfykrk.ini
[2007/09/07 13:11:21 | 001,602,160 | -HS- | C] () -- C:\WINDOWS\System32\hjllm.ini
[2007/08/15 12:40:44 | 001,282,402 | -HS- | C] () -- C:\WINDOWS\System32\witifffd.ini
[2007/07/31 00:21:18 | 001,282,677 | -HS- | C] () -- C:\WINDOWS\System32\qjqihyfi.ini
[2007/07/27 21:14:46 | 001,253,251 | -HS- | C] () -- C:\WINDOWS\System32\ysebellh.ini
[2007/07/25 14:06:25 | 001,248,416 | -HS- | C] () -- C:\WINDOWS\System32\fhpslulp.ini
[2007/07/24 09:44:41 | 001,208,306 | -HS- | C] () -- C:\WINDOWS\System32\vfemyure.ini
[2007/07/22 23:40:38 | 000,000,608 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/22 21:17:46 | 000,006,737 | -HS- | C] () -- C:\WINDOWS\System32\aybeg.ini
[2007/07/06 09:08:01 | 001,138,412 | -HS- | C] () -- C:\WINDOWS\System32\vyelaedm.ini
[2007/05/08 07:18:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/05 14:04:52 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/01/05 14:04:52 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/01/05 14:04:52 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/01/05 14:04:52 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/01/05 14:04:52 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/01/05 14:04:52 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/01/05 14:04:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/01/05 14:04:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/01/05 14:04:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/01/05 14:04:52 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/01/05 14:04:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/01/05 14:04:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/01/05 14:04:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/01/05 14:04:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/05 14:02:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2005/06/07 15:21:12 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\XXXa\Application Data\wklnhst.dat
[2005/06/07 08:09:15 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\XXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/28 08:25:00 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\XXX\Local Settings\Application Data\fusioncache.dat
[2005/02/28 07:57:11 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/02/28 07:57:11 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/02/27 02:31:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/11/18 15:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 15:36:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/16 02:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 03:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 03:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 03:10:30 | 000,383,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 03:10:30 | 000,053,806 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 03:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 03:02:54 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 02:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 02:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/03 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 22:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/25 12:53:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/15 21:28:00 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/27 22:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/27 22:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/07 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\DriverCure
[2006/11/02 00:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\InterVideo
[2007/01/05 14:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Leadertech
[2005/06/07 15:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Template
[2011/05/07 12:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Total PC Health
[2011/05/07 11:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2004/11/18 16:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/11/02 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2007/09/27 00:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/08 18:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Total PC Health
[2009/05/26 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2007/10/22 08:28:34 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
[2007/09/27 21:33:59 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2007/09/27 21:33:59 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2007/09/27 21:33:42 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec\S?mantec) -- C:\WINDOWS\Sуmantec\Sуmantec
[2007/09/27 21:33:23 | 000,000,000 | ---D | C](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7

< End of report >

Edited by Poochure, 02 July 2011 - 03:28 PM.

  • 0

Advertisements

#2
Essexboy
Posted 02 July 2011 - 03:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there 'tis a bit of a mess

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {2711FB4B-C463-45CA-B7A3-E7FE6B91BBC6} - No CLSID value found.
    O2 - BHO: (no name) - {7D3AAC71-D954-44A8-93A0-03B76128A237} - No CLSID value found.
    O2 - BHO: (no name) - {9479191E-D5DF-A222-D17C-8DADDDC220C7} - No CLSID value found
    O2 - BHO: (no name) - {B1EF246F-DB94-4C7C-9431-19C379CE475E} - No CLSID value found.
    O2 - BHO: (no name) - {CD98D247-AEF6-46DC-A243-E3F9D6B8D248} - No CLSID value found.
    O2 - BHO: (no name) - {DA4F8BA1-C2DE-45FE-AEF5-DB133B265A1F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - No CLSID value found.
    O20 - Winlogon\Notify\edxwnase: DllName - edxwnase.dll - File not found
    O20 - Winlogon\Notify\gebya: DllName - C:\WINDOWS\system32\gebya.dll - File not found
    O20 - Winlogon\Notify\geedb: DllName - C:\WINDOWS\system32\geedb.dll - File not found
    O20 - Winlogon\Notify\jkkjj: DllName - C:\WINDOWS\system32\jkkjj.dll - File not found
    O20 - Winlogon\Notify\pmkjj: DllName - C:\WINDOWS\system32\pmkjj.dll - File not found
    O20 - Winlogon\Notify\ssqpn: DllName - C:\WINDOWS\system32\ssqpn.dll - File not found
    O20 - Winlogon\Notify\ssqqnoo: DllName - ssqqnoo.dll - File not found
    [2008/03/07 14:53:32 | 001,578,343 | -HS- | C] () -- C:\WINDOWS\System32\mokcuvfr.ini
    [2008/03/06 10:54:17 | 001,286,441 | -HS- | C] () -- C:\WINDOWS\System32\xerolyvg.ini
    [2008/03/06 09:51:20 | 001,286,321 | -HS- | C] () -- C:\WINDOWS\System32\soupcqfn.ini
    [2008/03/05 13:13:50 | 001,286,261 | -HS- | C] () -- C:\WINDOWS\System32\bdgtyygf.ini
    [2008/03/05 12:07:54 | 001,286,201 | -HS- | C] () -- C:\WINDOWS\System32\iaklewhr.ini
    [2008/02/20 18:32:12 | 000,025,312 | -HS- | C] () -- C:\WINDOWS\System32\edxwnase.dllbox
    [2008/02/14 15:48:44 | 001,286,141 | -HS- | C] () -- C:\WINDOWS\System32\yilaqhkj.ini
    [2008/02/11 11:52:34 | 001,603,037 | -HS- | C] () -- C:\WINDOWS\System32\hjllm.ini2
    [2007/11/23 08:06:19 | 000,776,553 | -HS- | C] () -- C:\WINDOWS\System32\oyjhhgos.ini
    [2007/10/15 19:13:37 | 000,000,078 | ---- | C] () -- C:\WINDOWS\System32\wtkytwvf.dll
    [2007/10/12 12:31:36 | 000,006,527 | -HS- | C] () -- C:\WINDOWS\System32\bdeeg.ini
    [2007/10/08 18:13:59 | 000,693,538 | -HS- | C] () -- C:\WINDOWS\System32\jigvtufe.ini
    [2007/10/08 16:51:20 | 000,693,477 | -HS- | C] () -- C:\WINDOWS\System32\cissbgvk.ini
    [2007/10/08 15:44:34 | 000,693,538 | -HS- | C] () -- C:\WINDOWS\System32\gccwtseg.ini
    [2007/10/07 21:47:21 | 000,693,468 | -HS- | C] () -- C:\WINDOWS\System32\raupcqrq.ini
    [2007/09/26 07:07:10 | 000,694,007 | -HS- | C] () -- C:\WINDOWS\System32\tjmflhgw.ini
    [2007/09/26 06:14:52 | 000,693,827 | -HS- | C] () -- C:\WINDOWS\System32\lwljqdtn.ini
    [2007/09/25 23:52:49 | 000,693,707 | -HS- | C] () -- C:\WINDOWS\System32\pmimuttw.ini
    [2007/09/23 17:50:43 | 000,693,587 | -HS- | C] () -- C:\WINDOWS\System32\fayvtupx.ini
    [2007/09/23 17:41:01 | 000,693,467 | -HS- | C] () -- C:\WINDOWS\System32\mvvrfqjs.ini
    [2007/09/17 15:43:54 | 000,695,876 | -HS- | C] () -- C:\WINDOWS\System32\gmmwafvt.ini
    [2007/09/17 09:36:27 | 000,695,774 | -HS- | C] () -- C:\WINDOWS\System32\vioculqg.ini
    [2007/09/17 08:03:10 | 000,695,645 | -HS- | C] () -- C:\WINDOWS\System32\unuenawf.ini
    [2007/09/16 23:31:38 | 000,695,525 | -HS- | C] () -- C:\WINDOWS\System32\eexmrbkm.ini
    [2007/09/16 12:20:41 | 000,695,396 | -HS- | C] () -- C:\WINDOWS\System32\ctwsyego.ini
    [2007/09/15 22:21:06 | 000,695,225 | -HS- | C] () -- C:\WINDOWS\System32\adblnbeg.ini
    [2007/09/15 14:09:41 | 000,695,105 | -HS- | C] () -- C:\WINDOWS\System32\myhdpgbr.ini
    [2007/09/15 09:02:19 | 000,695,003 | -HS- | C] () -- C:\WINDOWS\System32\pkvmmfcm.ini
    [2007/09/14 22:53:00 | 000,694,865 | -HS- | C] () -- C:\WINDOWS\System32\asmtojhf.ini
    [2007/09/13 23:21:54 | 000,694,753 | -HS- | C] () -- C:\WINDOWS\System32\ougfcrri.ini
    [2007/09/13 14:24:00 | 000,694,629 | -HS- | C] () -- C:\WINDOWS\System32\xkfgjgmx.ini
    [2007/09/13 12:29:09 | 000,694,436 | -HS- | C] () -- C:\WINDOWS\System32\sjgideda.ini
    [2007/09/13 09:10:26 | 000,694,333 | -HS- | C] () -- C:\WINDOWS\System32\dbverbxe.ini
    [2007/09/13 06:52:37 | 000,694,204 | -HS- | C] () -- C:\WINDOWS\System32\xiryrsmg.ini
    [2007/09/12 23:17:49 | 000,694,084 | -HS- | C] () -- C:\WINDOWS\System32\ggarqyws.ini
    [2007/09/12 18:55:12 | 000,693,964 | -HS- | C] () -- C:\WINDOWS\System32\artpfeam.ini
    [2007/09/11 22:18:49 | 000,693,845 | -HS- | C] () -- C:\WINDOWS\System32\crexfiiy.ini
    [2007/09/08 16:49:19 | 000,693,716 | -HS- | C] () -- C:\WINDOWS\System32\ojljgtoh.ini
    [2007/09/07 23:32:25 | 000,693,535 | -HS- | C] () -- C:\WINDOWS\System32\mdowgknc.ini
    [2007/09/07 17:03:27 | 000,693,555 | -HS- | C] () -- C:\WINDOWS\System32\ntkrewwc.ini
    [2007/09/07 13:20:45 | 000,627,679 | -HS- | C] () -- C:\WINDOWS\System32\munfykrk.ini
    [2007/09/07 13:11:21 | 001,602,160 | -HS- | C] () -- C:\WINDOWS\System32\hjllm.ini
    [2007/08/15 12:40:44 | 001,282,402 | -HS- | C] () -- C:\WINDOWS\System32\witifffd.ini
    [2007/07/31 00:21:18 | 001,282,677 | -HS- | C] () -- C:\WINDOWS\System32\qjqihyfi.ini
    [2007/07/27 21:14:46 | 001,253,251 | -HS- | C] () -- C:\WINDOWS\System32\ysebellh.ini
    [2007/07/25 14:06:25 | 001,248,416 | -HS- | C] () -- C:\WINDOWS\System32\fhpslulp.ini
    [2007/07/24 09:44:41 | 001,208,306 | -HS- | C] () -- C:\WINDOWS\System32\vfemyure.ini
    [2007/07/22 21:17:46 | 000,006,737 | -HS- | C] () -- C:\WINDOWS\System32\aybeg.ini
    [2007/07/06 09:08:01 | 001,138,412 | -HS- | C] () -- C:\WINDOWS\System32\vyelaedm.ini
    [2007/10/22 08:28:34 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
    [2007/09/27 21:33:59 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
    [2007/09/27 21:33:59 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
    [2007/09/27 21:33:42 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec\S?mantec) -- C:\WINDOWS\Sуmantec\Sуmantec
    [2007/09/27 21:33:23 | 000,000,000 | ---D | C](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Poochure
Posted 02 July 2011 - 04:03 PM

Poochure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 7/3/2011 5:37:21 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Kahikina\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.98 Mb Total Physical Memory | 146.46 Mb Available Physical Memory | 38.24% Memory free
1.51 Gb Paging File | 1.34 Gb Available in Paging File | 88.60% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1400 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 59.91 Gb Free Space | 80.39% Space Free | Partition Type: NTFS

Computer Name: PUA | User Name: Kahikina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/02 09:20:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kahikina\My Documents\Downloads\OTL.exe
PRC - [2011/05/10 02:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 02:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/02 09:20:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kahikina\My Documents\Downloads\OTL.exe
MOD - [2011/05/10 02:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2008/04/13 14:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 02:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 02:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 02:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 02:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 02:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 01:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 01:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 01:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/12/01 22:26:00 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/06/20 01:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/24 01:19:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 08:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/04/14 07:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/04/14 06:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/25 12:54:24 | 000,680,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/23 05:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 17:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 14:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/06/06 10:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/04/23 05:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/02/18 14:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 10:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/02 07:52:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 05:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 05:33:16 | 000,000,000 | ---D | M]

[2009/11/02 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kahikina\Application Data\Mozilla\Extensions
[2009/11/02 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kahikina\Application Data\Mozilla\Firefox\Profiles\p0u0x2mc.default\extensions
[2011/05/08 05:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/02 07:52:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 06:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/12/31 22:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/03 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2711FB4B-C463-45CA-B7A3-E7FE6B91BBC6} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7D3AAC71-D954-44A8-93A0-03B76128A237} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9479191E-D5DF-A222-D17C-8DADDDC220C7} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B1EF246F-DB94-4C7C-9431-19C379CE475E} - No CLSID value found.
O2 - BHO: (no name) - {CD98D247-AEF6-46DC-A243-E3F9D6B8D248} - No CLSID value found.
O2 - BHO: (no name) - {DA4F8BA1-C2DE-45FE-AEF5-DB133B265A1F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.25.227.55 209.18.47.61
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\edxwnase: DllName - edxwnase.dll - File not found
O20 - Winlogon\Notify\gebya: DllName - C:\WINDOWS\system32\gebya.dll - File not found
O20 - Winlogon\Notify\geedb: DllName - C:\WINDOWS\system32\geedb.dll - File not found
O20 - Winlogon\Notify\jkkjj: DllName - C:\WINDOWS\system32\jkkjj.dll - File not found
O20 - Winlogon\Notify\pmkjj: DllName - C:\WINDOWS\system32\pmkjj.dll - File not found
O20 - Winlogon\Notify\ssqpn: DllName - C:\WINDOWS\system32\ssqpn.dll - File not found
O20 - Winlogon\Notify\ssqqnoo: DllName - ssqqnoo.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Kahikina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kahikina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 05:22:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/02 15:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/02 15:31:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/02 15:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/07/02 15:31:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/02 15:31:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/02 15:23:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/07/02 15:17:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/02 15:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/07/02 13:47:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011/07/02 07:39:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/07/02 07:39:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/07/02 07:38:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/07/02 07:38:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/07/02 07:37:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/07/02 05:50:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kahikina\Recent
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1475 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/03 05:21:35 | 000,383,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 05:21:35 | 000,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/03 05:19:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/03 05:19:00 | 401,657,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/02 15:50:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/02 15:49:35 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/02 15:23:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/02 13:41:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kahikina\Desktop\MBR.dat
[2011/07/02 08:12:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/02 07:52:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/02 07:44:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kahikina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/02 05:54:46 | 000,026,512 | ---- | M] () -- C:\Documents and Settings\Kahikina\My Documents\vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.reg
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1475 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/02 13:41:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kahikina\Desktop\MBR.dat
[2011/07/02 05:54:39 | 000,026,512 | ---- | C] () -- C:\Documents and Settings\Kahikina\My Documents\vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.reg
[2009/11/03 11:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/11/02 20:47:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/14 19:00:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/07 14:53:32 | 001,578,343 | -HS- | C] () -- C:\WINDOWS\System32\mokcuvfr.ini
[2008/03/06 10:54:17 | 001,286,441 | -HS- | C] () -- C:\WINDOWS\System32\xerolyvg.ini
[2008/03/06 09:51:20 | 001,286,321 | -HS- | C] () -- C:\WINDOWS\System32\soupcqfn.ini
[2008/03/05 13:13:50 | 001,286,261 | -HS- | C] () -- C:\WINDOWS\System32\bdgtyygf.ini
[2008/03/05 12:07:54 | 001,286,201 | -HS- | C] () -- C:\WINDOWS\System32\iaklewhr.ini
[2008/02/20 18:32:12 | 000,025,312 | -HS- | C] () -- C:\WINDOWS\System32\edxwnase.dllbox
[2008/02/14 15:48:44 | 001,286,141 | -HS- | C] () -- C:\WINDOWS\System32\yilaqhkj.ini
[2008/02/11 11:52:34 | 001,603,037 | -HS- | C] () -- C:\WINDOWS\System32\hjllm.ini2
[2008/02/04 03:02:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/23 08:06:19 | 000,776,553 | -HS- | C] () -- C:\WINDOWS\System32\oyjhhgos.ini
[2007/10/15 19:13:37 | 000,000,078 | ---- | C] () -- C:\WINDOWS\System32\wtkytwvf.dll
[2007/10/12 12:31:36 | 000,006,527 | -HS- | C] () -- C:\WINDOWS\System32\bdeeg.ini
[2007/10/08 18:13:59 | 000,693,538 | -HS- | C] () -- C:\WINDOWS\System32\jigvtufe.ini
[2007/10/08 16:51:20 | 000,693,477 | -HS- | C] () -- C:\WINDOWS\System32\cissbgvk.ini
[2007/10/08 15:44:34 | 000,693,538 | -HS- | C] () -- C:\WINDOWS\System32\gccwtseg.ini
[2007/10/07 21:47:21 | 000,693,468 | -HS- | C] () -- C:\WINDOWS\System32\raupcqrq.ini
[2007/09/26 07:07:10 | 000,694,007 | -HS- | C] () -- C:\WINDOWS\System32\tjmflhgw.ini
[2007/09/26 06:14:52 | 000,693,827 | -HS- | C] () -- C:\WINDOWS\System32\lwljqdtn.ini
[2007/09/25 23:52:49 | 000,693,707 | -HS- | C] () -- C:\WINDOWS\System32\pmimuttw.ini
[2007/09/23 17:50:43 | 000,693,587 | -HS- | C] () -- C:\WINDOWS\System32\fayvtupx.ini
[2007/09/23 17:41:01 | 000,693,467 | -HS- | C] () -- C:\WINDOWS\System32\mvvrfqjs.ini
[2007/09/17 15:43:54 | 000,695,876 | -HS- | C] () -- C:\WINDOWS\System32\gmmwafvt.ini
[2007/09/17 09:36:27 | 000,695,774 | -HS- | C] () -- C:\WINDOWS\System32\vioculqg.ini
[2007/09/17 08:03:10 | 000,695,645 | -HS- | C] () -- C:\WINDOWS\System32\unuenawf.ini
[2007/09/16 23:31:38 | 000,695,525 | -HS- | C] () -- C:\WINDOWS\System32\eexmrbkm.ini
[2007/09/16 12:20:41 | 000,695,396 | -HS- | C] () -- C:\WINDOWS\System32\ctwsyego.ini
[2007/09/15 22:21:06 | 000,695,225 | -HS- | C] () -- C:\WINDOWS\System32\adblnbeg.ini
[2007/09/15 14:09:41 | 000,695,105 | -HS- | C] () -- C:\WINDOWS\System32\myhdpgbr.ini
[2007/09/15 09:02:19 | 000,695,003 | -HS- | C] () -- C:\WINDOWS\System32\pkvmmfcm.ini
[2007/09/14 22:53:00 | 000,694,865 | -HS- | C] () -- C:\WINDOWS\System32\asmtojhf.ini
[2007/09/13 23:21:54 | 000,694,753 | -HS- | C] () -- C:\WINDOWS\System32\ougfcrri.ini
[2007/09/13 14:24:00 | 000,694,629 | -HS- | C] () -- C:\WINDOWS\System32\xkfgjgmx.ini
[2007/09/13 12:29:09 | 000,694,436 | -HS- | C] () -- C:\WINDOWS\System32\sjgideda.ini
[2007/09/13 09:10:26 | 000,694,333 | -HS- | C] () -- C:\WINDOWS\System32\dbverbxe.ini
[2007/09/13 06:52:37 | 000,694,204 | -HS- | C] () -- C:\WINDOWS\System32\xiryrsmg.ini
[2007/09/12 23:17:49 | 000,694,084 | -HS- | C] () -- C:\WINDOWS\System32\ggarqyws.ini
[2007/09/12 18:55:12 | 000,693,964 | -HS- | C] () -- C:\WINDOWS\System32\artpfeam.ini
[2007/09/11 22:18:49 | 000,693,845 | -HS- | C] () -- C:\WINDOWS\System32\crexfiiy.ini
[2007/09/08 16:49:19 | 000,693,716 | -HS- | C] () -- C:\WINDOWS\System32\ojljgtoh.ini
[2007/09/07 23:32:25 | 000,693,535 | -HS- | C] () -- C:\WINDOWS\System32\mdowgknc.ini
[2007/09/07 17:03:27 | 000,693,555 | -HS- | C] () -- C:\WINDOWS\System32\ntkrewwc.ini
[2007/09/07 13:20:45 | 000,627,679 | -HS- | C] () -- C:\WINDOWS\System32\munfykrk.ini
[2007/09/07 13:11:21 | 001,602,160 | -HS- | C] () -- C:\WINDOWS\System32\hjllm.ini
[2007/08/15 12:40:44 | 001,282,402 | -HS- | C] () -- C:\WINDOWS\System32\witifffd.ini
[2007/07/31 00:21:18 | 001,282,677 | -HS- | C] () -- C:\WINDOWS\System32\qjqihyfi.ini
[2007/07/27 21:14:46 | 001,253,251 | -HS- | C] () -- C:\WINDOWS\System32\ysebellh.ini
[2007/07/25 14:06:25 | 001,248,416 | -HS- | C] () -- C:\WINDOWS\System32\fhpslulp.ini
[2007/07/24 09:44:41 | 001,208,306 | -HS- | C] () -- C:\WINDOWS\System32\vfemyure.ini
[2007/07/22 23:40:38 | 000,000,608 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/22 21:17:46 | 000,006,737 | -HS- | C] () -- C:\WINDOWS\System32\aybeg.ini
[2007/07/06 09:08:01 | 001,138,412 | -HS- | C] () -- C:\WINDOWS\System32\vyelaedm.ini
[2007/05/08 07:18:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/05 14:04:52 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/01/05 14:04:52 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/01/05 14:04:52 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/01/05 14:04:52 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/01/05 14:04:52 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/01/05 14:04:52 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/01/05 14:04:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/01/05 14:04:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/01/05 14:04:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/01/05 14:04:52 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/01/05 14:04:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/01/05 14:04:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/01/05 14:04:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/01/05 14:04:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/05 14:02:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2005/06/07 15:21:12 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\Kahikina\Application Data\wklnhst.dat
[2005/06/07 08:09:15 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Kahikina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/28 08:25:00 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Kahikina\Local Settings\Application Data\fusioncache.dat
[2005/02/28 07:57:11 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/02/28 07:57:11 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/02/27 02:31:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/11/18 15:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 15:36:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/16 02:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 03:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 03:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 03:10:30 | 000,383,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 03:10:30 | 000,053,806 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 03:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 03:02:54 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 02:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 02:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/03 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/25 12:53:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/15 21:28:00 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/27 22:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/27 22:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/07 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\DriverCure
[2006/11/02 00:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\InterVideo
[2007/01/05 14:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Leadertech
[2005/06/07 15:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Template
[2011/05/07 12:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Total PC Health
[2011/05/07 11:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2004/11/18 16:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/11/02 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2007/09/27 00:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/08 18:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Total PC Health
[2009/05/26 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2007/10/22 08:28:34 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
[2007/09/27 21:33:59 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2007/09/27 21:33:59 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2007/09/27 21:33:42 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec\S?mantec) -- C:\WINDOWS\Sуmantec\Sуmantec
[2007/09/27 21:33:23 | 000,000,000 | ---D | C](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7

< End of report >

Edited by Poochure, 03 July 2011 - 09:50 AM.

  • 0

#4
Poochure
Posted 02 July 2011 - 05:44 PM

Poochure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-02 13:15:19
-----------------------------
13:15:19.843 OS Version: Windows 5.1.2600 Service Pack 2
13:15:19.843 Number of processors: 2 586 0x209
13:15:19.843 ComputerName: PUA UserName:
13:15:21.406 Initialize success
13:15:23.500 AVAST engine defs: 11070202
13:15:34.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:15:34.578 Disk 0 Vendor: IC25N080ATMR04-0 MO4OAD5A Size: 76319MB BusType: 3
13:15:36.609 Disk 0 MBR read successfully
13:15:36.609 Disk 0 MBR scan
13:15:36.703 Disk 0 unknown MBR code
13:15:38.703 Disk 0 scanning sectors +156280320
13:15:38.750 Disk 0 scanning C:\WINDOWS\system32\drivers
13:15:52.703 Service scanning
13:15:54.468 Disk 0 trace - called modules:
13:15:54.515 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys atiide.sys PCIIDEX.SYS
13:15:54.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b90ab8]
13:15:54.531 3 CLASSPNP.SYS[f776e05b] -> nt!IofCallDriver -> \Device\00000077[0x82b3d650]
13:15:54.546 5 ACPI.sys[f76c4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82b3d030]
13:15:55.203 AVAST engine scan C:\WINDOWS
13:36:09.296 AVAST engine scan C:\Documents and Settings\Kahikina
13:39:16.156 AVAST engine scan C:\Documents and Settings\All Users
13:39:59.968 Scan finished successfully
13:41:43.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kahikina\Desktop\MBR.dat"
13:41:43.578 The log file has been saved successfully to "C:\Documents and Settings\Kahikina\Desktop\aswMBR.txt"
  • 0

#5
Essexboy
Posted 03 July 2011 - 02:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you appear to have posted the original OTL log OTL logfile created on: 7/2/2011 1:00:17 PM - Run 1

Could you run a fresh copy for me please and let me know what the current poroblems are
  • 0

#6
Poochure
Posted 03 July 2011 - 09:51 AM

Poochure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Oops, I replaced it. :)
  • 0

#7
Essexboy
Posted 03 July 2011 - 10:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope still says run one with the malware present

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
Poochure
Posted 03 July 2011 - 11:31 AM

Poochure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
:) It seems to be better, so far, but I have only been doing these tasks. ...no auto-typing and it seems to be running better with Firefox.

ComboFix 11-07-02.03 - Kahikina 07/03/2011 7:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.128 [GMT -10:00]
Running from: c:\documents and settings\Kahikina\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\mcroso~1
c:\windows\smante~1
c:\windows\smante~1\S?mantec\ctxad-554.0000
c:\windows\smante~1\S?mantec\ctxad-554.0001
c:\windows\smante~1\S?mantec\ctxad-554.0002
c:\windows\smante~1\S?mantec\ctxad-554.0003
c:\windows\smante~1\S?mantec\ctxad-554.0004
c:\windows\smante~1\S?mantec\ctxad-554.0005
c:\windows\smante~1\S?mantec\ctxad-554.0006
c:\windows\system32\adblnbeg.ini
c:\windows\system32\artpfeam.ini
c:\windows\system32\asmtojhf.ini
c:\windows\system32\aybeg.ini
c:\windows\system32\bdeeg.ini
c:\windows\system32\bdgtyygf.ini
c:\windows\system32\cissbgvk.ini
c:\windows\system32\crexfiiy.ini
c:\windows\system32\ctwsyego.ini
c:\windows\system32\dbverbxe.ini
c:\windows\system32\edxwnase.dllbox
c:\windows\system32\eexmrbkm.ini
c:\windows\system32\fayvtupx.ini
c:\windows\system32\fhpslulp.ini
c:\windows\system32\gccwtseg.ini
c:\windows\system32\ggarqyws.ini
c:\windows\system32\gmmwafvt.ini
c:\windows\system32\hjllm.bak2
c:\windows\system32\hjllm.ini
c:\windows\system32\hjllm.ini2
c:\windows\system32\hjllm.tmp
c:\windows\system32\hjllm.tmp2
c:\windows\system32\iaklewhr.ini
c:\windows\system32\jigvtufe.ini
c:\windows\system32\lwljqdtn.ini
c:\windows\system32\mdowgknc.ini
c:\windows\system32\mokcuvfr.ini
c:\windows\system32\munfykrk.ini
c:\windows\system32\mvvrfqjs.ini
c:\windows\system32\myhdpgbr.ini
c:\windows\system32\ntkrewwc.ini
c:\windows\system32\ojljgtoh.ini
c:\windows\system32\ougfcrri.ini
c:\windows\system32\oyjhhgos.ini
c:\windows\system32\pkvmmfcm.ini
c:\windows\system32\pmimuttw.ini
c:\windows\system32\qjqihyfi.ini
c:\windows\system32\raupcqrq.ini
c:\windows\system32\sjgideda.ini
c:\windows\system32\soupcqfn.ini
c:\windows\system32\tjmflhgw.ini
c:\windows\system32\unuenawf.ini
c:\windows\system32\vfemyure.ini
c:\windows\system32\vioculqg.ini
c:\windows\system32\vyelaedm.ini
c:\windows\system32\witifffd.ini
c:\windows\system32\xerolyvg.ini
c:\windows\system32\xiryrsmg.ini
c:\windows\system32\xkfgjgmx.ini
c:\windows\system32\yilaqhkj.ini
c:\windows\system32\ysebellh.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DOMAINSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 01:31 . 2011-07-03 01:31 -------- d-----w- c:\windows\system32\scripting
2011-07-03 01:31 . 2011-07-03 01:31 -------- d-----w- c:\windows\l2schemas
2011-07-03 01:31 . 2011-07-03 01:31 -------- d-----w- c:\windows\system32\en
2011-07-03 01:31 . 2011-07-03 01:31 -------- d-----w- c:\windows\system32\bits
2011-07-03 01:16 . 2011-07-03 01:16 -------- d-----w- c:\windows\EHome
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 19:11 . 2011-05-08 03:59 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 19:11 . 2011-05-08 03:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10 . 2011-05-07 21:28 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-05-07 21:28 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-07 21:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-05-07 21:30 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-05-07 21:30 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-05-07 21:29 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-05-07 21:29 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-05-07 21:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-05-07 21:29 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-05-07 21:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 16:26 . 2011-05-08 15:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-07 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wshbrz]
c:\windows\M?crosoft\s?chost.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-10-08 03:40 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 17:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-03-26 05:00 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-03-01 23:05 200766 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-08-19 19:50 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-13 01:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 23:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobiLink Lite]
2008-12-02 08:48 446553 ----a-w- c:\program files\Novatel Wireless\Mobilink\Lite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-06 02:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 13:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-07 23:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 09:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/18/2004 3:30 PM 5632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/7/2011 11:30 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/7/2011 11:30 AM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/7/2011 11:30 AM 19544]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
.
Contents of the 'Scheduled Tasks' folder
.
2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 22:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 24.25.227.55 209.18.47.61
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kahikina\Application Data\Mozilla\Firefox\Profiles\p0u0x2mc.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2711FB4B-C463-45CA-B7A3-E7FE6B91BBC6} - (no file)
BHO-{7D3AAC71-D954-44A8-93A0-03B76128A237} - (no file)
BHO-{9479191E-D5DF-A222-D17C-8DADDDC220C7} - (no file)
BHO-{B1EF246F-DB94-4C7C-9431-19C379CE475E} - (no file)
BHO-{CD98D247-AEF6-46DC-A243-E3F9D6B8D248} - (no file)
BHO-{DA4F8BA1-C2DE-45FE-AEF5-DB133B265A1F} - (no file)
Notify-gebya - c:\windows\system32\gebya.dll
Notify-geedb - c:\windows\system32\geedb.dll
Notify-jkkjj - c:\windows\system32\jkkjj.dll
Notify-pmkjj - c:\windows\system32\pmkjj.dll
Notify-ssqpn - c:\windows\system32\ssqpn.dll
Notify-ssqqnoo - ssqqnoo.dll
MSConfigStartUp-AGRSMMSG - AGRSMMSG.exe
MSConfigStartUp-irkzazsv - c:\documents and settings\All Users\Application Data\irkzazsv.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\UdaterUI.exe
MSConfigStartUp-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
MSConfigStartUp-Tbsa - c:\windows\SMANTE~1\msdtc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 07:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-03 07:28:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-03 17:28
.
Pre-Run: 63,997,767,680 bytes free
Post-Run: 63,862,403,072 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4B38026275FB4ED46AE98C528CFECF67

Edited by Poochure, 03 July 2011 - 11:33 AM.

  • 0

#9
Essexboy
Posted 03 July 2011 - 11:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm it looks as though you did not run the OTL fix on the first post

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\M?crosoft\s?chost.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wshbrz]



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply along with a new OTL log .
  • 0

#10
Poochure
Posted 03 July 2011 - 12:43 PM

Poochure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi! After dragging the text file into the combo fix it launched just the same as it did last time. It even prompted me to download the recovery console, again.

ComboFix 11-07-02.03 - Kahikina 07/03/2011 8:08.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.66 [GMT -10:00]
Running from: c:\documents and settings\Kahikina\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Kahikina\My Documents\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 01:31 . 2011-07-03 01:31 -------- d-----w- c:\windows\system32\scripting
2011-07-03 01:31 . 2011-07-03 01:31 -------- d-----w- c:\windows\l2schemas
2011-07-03 01:31 . 2011-07-03 01:31 -------- d-----w- c:\windows\system32\en
2011-07-03 01:31 . 2011-07-03 01:31 -------- d-----w- c:\windows\system32\bits
2011-07-03 01:16 . 2011-07-03 01:16 -------- d-----w- c:\windows\EHome
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 19:11 . 2011-05-08 03:59 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 19:11 . 2011-05-08 03:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10 . 2011-05-07 21:28 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-05-07 21:28 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-07 21:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-05-07 21:30 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-05-07 21:30 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-05-07 21:29 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-05-07 21:29 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-05-07 21:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-05-07 21:29 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-05-07 21:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 16:26 . 2011-05-08 15:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-07 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-10-08 03:40 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 17:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-03-26 05:00 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-03-01 23:05 200766 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-08-19 19:50 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-13 01:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 23:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobiLink Lite]
2008-12-02 08:48 446553 ----a-w- c:\program files\Novatel Wireless\Mobilink\Lite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-06 02:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 13:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-07 23:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 09:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/18/2004 3:30 PM 5632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/7/2011 11:30 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/7/2011 11:30 AM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/7/2011 11:30 AM 19544]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
.
Contents of the 'Scheduled Tasks' folder
.
2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 22:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 24.25.227.55 209.18.47.61
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kahikina\Application Data\Mozilla\Firefox\Profiles\p0u0x2mc.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 08:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-03 08:22:53
ComboFix-quarantined-files.txt 2011-07-03 18:22
ComboFix2.txt 2011-07-03 17:29
.
Pre-Run: 63,864,545,280 bytes free
Post-Run: 63,850,237,952 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E385A6D94C18733B34070B9AF3149EAF
  • 0

Advertisements

#11
Poochure
Posted 03 July 2011 - 12:44 PM

Poochure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 7/3/2011 8:32:25 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Kahikina\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.98 Mb Total Physical Memory | 121.90 Mb Available Physical Memory | 31.83% Memory free
1.51 Gb Paging File | 1.35 Gb Available in Paging File | 89.51% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1400 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 59.50 Gb Free Space | 79.84% Space Free | Partition Type: NTFS

Computer Name: PUA | User Name: Kahikina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/02 09:20:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kahikina\My Documents\Downloads\OTL.exe
PRC - [2011/05/10 02:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 02:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/02 09:20:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kahikina\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 14:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 02:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/10 02:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 02:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 02:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 02:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 01:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 01:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 01:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/12/01 22:26:00 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/06/20 01:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/24 01:19:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 08:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/04/14 07:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/04/14 06:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/25 12:54:24 | 000,680,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/23 05:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 17:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 14:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/06/06 10:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/04/23 05:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/02/18 14:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2001/08/17 10:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/02 07:52:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 05:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 05:33:16 | 000,000,000 | ---D | M]

[2009/11/02 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kahikina\Application Data\Mozilla\Extensions
[2009/11/02 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kahikina\Application Data\Mozilla\Firefox\Profiles\p0u0x2mc.default\extensions
[2011/05/08 05:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/02 07:52:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 06:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/12/31 22:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/03 07:22:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.25.227.55 209.18.47.61
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Kahikina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kahikina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 08:22:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/03 08:06:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/03 06:55:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/03 06:55:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/03 06:55:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/03 06:55:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/03 06:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/03 06:51:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 06:51:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kahikina\Start Menu\Programs\Administrative Tools
[2011/07/02 15:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/02 15:31:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/02 15:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/07/02 15:31:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/02 15:31:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/02 15:23:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/07/02 15:17:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/02 15:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/07/02 13:47:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011/07/02 07:39:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/07/02 07:39:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/07/02 07:38:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/07/02 07:38:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/07/02 07:37:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/07/02 05:50:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kahikina\Recent
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/03 08:06:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/03 07:22:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/03 07:21:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/03 07:21:13 | 401,657,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/03 07:06:09 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2011/07/03 06:49:31 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\Kahikina\Desktop\Shortcut to ComboFix.lnk
[2011/07/03 05:21:35 | 000,383,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 05:21:35 | 000,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/02 15:50:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/02 15:49:35 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/02 15:23:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/02 13:41:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kahikina\Desktop\MBR.dat
[2011/07/02 08:12:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/02 07:52:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/02 07:44:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kahikina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/02 05:54:46 | 000,026,512 | ---- | M] () -- C:\Documents and Settings\Kahikina\My Documents\vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.reg
[2011/06/25 20:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/03 07:06:09 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2011/07/03 07:06:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/03 06:55:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/03 06:55:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/03 06:55:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/03 06:55:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/03 06:55:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/03 06:49:31 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Kahikina\Desktop\Shortcut to ComboFix.lnk
[2011/07/02 13:41:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kahikina\Desktop\MBR.dat
[2011/07/02 05:54:39 | 000,026,512 | ---- | C] () -- C:\Documents and Settings\Kahikina\My Documents\vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.reg
[2009/11/03 11:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/11/02 20:47:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/14 19:00:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/04 03:02:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/15 19:13:37 | 000,000,078 | ---- | C] () -- C:\WINDOWS\System32\wtkytwvf.dll
[2007/07/22 23:40:38 | 000,000,608 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/08 07:18:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/05 14:04:52 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/01/05 14:04:52 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/01/05 14:04:52 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/01/05 14:04:52 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/01/05 14:04:52 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/01/05 14:04:52 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/01/05 14:04:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/01/05 14:04:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/01/05 14:04:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/01/05 14:04:52 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/01/05 14:04:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/01/05 14:04:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/01/05 14:04:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/01/05 14:04:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/05 14:02:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2005/06/07 15:21:12 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\Kahikina\Application Data\wklnhst.dat
[2005/06/07 08:09:15 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Kahikina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/28 08:25:00 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Kahikina\Local Settings\Application Data\fusioncache.dat
[2005/02/28 07:57:11 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/02/28 07:57:11 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/02/27 02:31:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/11/18 15:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 15:36:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/16 02:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 03:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 03:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 03:10:30 | 000,383,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 03:10:30 | 000,053,806 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 03:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 03:02:54 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 02:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 02:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/03 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/25 12:53:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/15 21:28:00 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/27 22:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/27 22:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/07 11:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2004/11/18 16:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/11/02 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2007/09/27 00:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/08 18:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Total PC Health
[2009/05/26 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/07 12:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\DriverCure
[2006/11/02 00:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\InterVideo
[2007/01/05 14:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Leadertech
[2005/06/07 15:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Template
[2011/05/07 12:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kahikina\Application Data\Total PC Health

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7

< End of report >
  • 0

#12
Essexboy
Posted 03 July 2011 - 02:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you just updated to SP3 ?

As something is not quite right OTL is still saying run 1, Combofix will only install the recovery console once yet the system time is correct - On completion of this can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    [2011/07/02 05:54:46 | 000,026,512 | ---- | M] () -- C:\Documents and Settings\Kahikina\My Documents\vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.reg

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
Poochure
Posted 05 July 2011 - 12:03 PM

Poochure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Essexboy! I keep forgetting to turn off automatic updates for windows. This last shutdown had 75 to install.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
C:\Documents and Settings\Kahikina\My Documents\vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv.reg moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kahikina\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Kahikina\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Faye
->Temp folder emptied: 4320521 bytes
->Temporary Internet Files folder emptied: 24457607 bytes
->Java cache emptied: 33612 bytes
->Flash cache emptied: 9844 bytes

User: Kahikina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Java cache emptied: 5611372 bytes
->FireFox cache emptied: 46191359 bytes
->Flash cache emptied: 1529698 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 17997329 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3045692 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 99.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Faye
->Flash cache emptied: 0 bytes

User: Kahikina
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.25.0 log created on 07052011_075053

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#14
Essexboy
Posted 05 July 2011 - 12:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#15
Poochure
Posted 05 July 2011 - 02:31 PM

Poochure

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi, again! Original issues:
  • loud, constant beeps when booting (gone)
  • "v's" typed into fields automatically (gone)
  • other times cannot enter any text into fields (gone)
  • adware still visible (gone)
  • navigating windows directories takes forever (gone)
  • overall performance is slow (much better!)

The only issue that I can see now is that I cannot tell where I have placed the cursor to type text. That is new.

I already had Malwarebytes installed and updated it prior to scanning. I hope that was okay. The quick scan took a fraction of the time compared to the last time I did it. Here is the log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7029

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/5/2011 10:19:29 AM
mbam-log-2011-07-05 (10-19-29).txt

Scan type: Quick scan
Objects scanned: 160223
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP