Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows security center virus w32/blaster.worm

Started by terina1181 , Jul 23 2011 08:47 PM

  • This topic is locked This topic is locked

#1
terina1181
Posted 23 July 2011 - 08:47 PM

terina1181

    New Member

  • Member
  • Pip
  • 5 posts
Hello,
I believe I have contracted the Windows Security Center virus. I am running Windows XP service pack 3 on a Compaq Presario(dinosaur I know, I can't afford anything better right now lol) I had a pop up that said I had w32/blaster.worm and a few others I can't remember and I needed to buy a fix for it. I "x"ed out of it for a couple hours then it shut down all my programs and wouldn't allow me to access any programs or the internet. I rebooted hoping something would change, it didn't. Then a larger pop up box came up saying I was infected, when it popped up it made a screaming sound, like The Exorcist. A friend gave me a link in PC World http://forums.pcworl...y-center-virus/ about cleaning it out. I rebooted in safe mode with networking, downloaded http://www.superanti...tispyware.html. and http://www.raktor.ne.../exeHelper.com. It quarantine 100+ infected files, etc. I rebooted and the security center still popped up saying I was infected and I couldn't access any programs/internet. I then followed the next step on that thread and tried to download an exe on stopzilla.com, it wouldn't run so I called the customer service # and they asked if I was infected within the last 30 days I said yes, they said they would have to have someone clean it out because it blocking the fix. I tried doing a system restore by pressing f8 and choosing system restore from that start up menu, that did nothing. Can someone please help me clean this malware out? Thank you so much for your time

OTL logfile created on: 7/23/2011 8:09:43 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 41.72 Mb Available Physical Memory | 16.86% Memory free
606.17 Mb Paging File | 349.92 Mb Available in Paging File | 57.73% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.18 Gb Total Space | 13.47 Gb Free Space | 40.60% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.83 Gb Free Space | 20.39% Space Free | Partition Type: FAT32

Computer Name: YOUR-C8BH3JAGLT | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/23 20:02:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/06/22 22:24:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/23 20:02:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/11/06 14:57:32 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2005/06/10 20:59:56 | 001,422,336 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/03/04 17:47:48 | 000,368,640 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\\QosServM.exe -- (iClarityQoSService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 15:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2005/10/17 19:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/06/10 20:58:16 | 000,298,571 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/05/17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/26 05:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/07/28 19:02:18 | 000,396,192 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/06/29 10:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/02 22:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 21:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/12 08:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/24 19:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ie.redirect.h...rio&pf=desktop"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {41FADD2A-D0E3-4C74-BB4C-C9228ECA1A9E}:1.9.1
FF - prefs.js..network.proxy.no_proxies_on: "localhost"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{41FADD2A-D0E3-4C74-BB4C-C9228ECA1A9E}: C:\Documents and Settings\Owner\Local Settings\Application Data\{41FADD2A-D0E3-4C74-BB4C-C9228ECA1A9E} [2011/05/01 01:06:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 09:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 14:44:18 | 000,000,000 | ---D | M]

[2008/10/28 15:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/07/23 16:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z4f2bd6e.default\extensions
[2009/09/29 00:13:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z4f2bd6e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/05 13:11:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z4f2bd6e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/18 14:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/01 01:06:35 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{41FADD2A-D0E3-4C74-BB4C-C9228ECA1A9E}
[2009/05/04 18:55:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/02/13 02:08:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Alalubi] C:\WINDOWS\owatejed.dll (Andrea Electronics Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [idcnrsen] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] File not found
O4 - HKCU..\Run: [Cvaqu] C:\WINDOWS\msxmclol.dll (madshi.net)
O4 - HKCU..\Run: [Security Protection] C:\Documents and Settings\All Users\Application Data\defender.exe (Kaspersky Lab)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwreset.lnk = C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe (Avaya Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1225397971609 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 02:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2e6bc29c-ae44-11e0-a98e-001109133ec7}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bc29c-ae44-11e0-a98e-001109133ec7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e6bc29c-ae44-11e0-a98e-001109133ec7}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 09:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/07/18 09:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/18 09:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/18 09:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/17 23:01:28 | 000,878,080 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/07/17 23:01:14 | 000,966,144 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\0.5012822805877208.exe
[2011/07/17 05:02:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/07/16 13:38:06 | 000,023,424 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\Motousbnet.sys
[2011/07/16 13:38:06 | 000,006,016 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motfilt.sys
[2011/07/16 13:38:02 | 000,024,064 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2011/07/16 13:37:59 | 000,020,480 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys
[2011/07/16 13:37:59 | 000,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys
[2011/07/16 13:37:59 | 000,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys
[2011/07/16 13:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Motorola
[2011/07/16 13:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2011/07/16 13:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/07/16 13:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/07/14 12:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\medicalapp2011_files
[2008/11/19 14:27:40 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao350.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/23 18:13:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/22 19:20:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/18 21:22:48 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/07/18 11:07:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Btegalafo.bin
[2011/07/18 09:45:45 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/17 23:02:05 | 000,878,080 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/07/17 23:01:29 | 000,966,144 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\0.5012822805877208.exe
[2011/07/17 14:12:30 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Icukesazuyu.dat
[2011/07/16 13:27:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/07/16 13:25:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/07/16 13:25:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/07/16 13:23:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/07/16 13:23:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/07/16 13:23:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/07/16 13:22:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/07/16 13:21:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/07/14 12:28:59 | 000,007,503 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\medicalapp2011.htm
[2011/07/14 05:46:45 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 05:27:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/06 22:33:12 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/07/06 10:04:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/05 14:44:20 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/07/05 14:44:20 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2011/06/27 14:17:56 | 000,021,161 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\C__DOCUME~1_Owner_LOCALS~1_Temp_plugtmp-60_plugin-forms.pdf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/18 09:46:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/18 09:45:45 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/16 13:25:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/07/16 13:25:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/07/16 13:23:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/07/16 13:23:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/07/16 13:23:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/07/16 13:22:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/07/16 13:21:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/07/14 12:28:56 | 000,007,503 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\medicalapp2011.htm
[2011/07/05 14:44:20 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/07/05 14:44:20 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2011/07/05 14:44:18 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/06/27 22:37:13 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/27 14:17:55 | 000,021,161 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\C__DOCUME~1_Owner_LOCALS~1_Temp_plugtmp-60_plugin-forms.pdf
[2011/05/01 01:06:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Btegalafo.bin
[2011/05/01 01:06:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Icukesazuyu.dat
[2010/04/19 22:28:44 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/28 00:40:34 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/19 14:28:09 | 000,000,079 | ---- | C] () -- C:\WINDOWS\Cvalocal.ini
[2008/11/19 14:27:40 | 000,073,184 | ---- | C] () -- C:\Program Files\Common Files\dao2535.tlb
[2008/11/19 14:22:31 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/11/19 14:22:27 | 000,177,152 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/11/06 17:45:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/10/28 15:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/11 14:39:11 | 000,000,569 | ---- | C] () -- C:\WINDOWS\TSLIB.INI
[2004/06/24 11:40:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/06/24 11:40:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/06/24 11:39:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/06/24 11:39:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/24 11:12:37 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/06/24 11:12:37 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/06/24 11:12:34 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/06/24 11:12:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/06/24 11:12:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/03 02:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 01:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 01:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 18:17:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/04/02 18:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 18:03:59 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66L.exe
[2004/04/02 18:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 18:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 04:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 03:52:33 | 000,000,889 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/02 03:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 03:08:00 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/04/02 03:04:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/04/02 03:04:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/04/02 03:04:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/04/02 02:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 02:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 02:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 02:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 02:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 02:05:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/04/02 02:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/04/02 00:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/02 00:52:18 | 000,442,888 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/04/02 00:52:18 | 000,072,154 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/04/01 17:57:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/01 17:56:18 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/11/19 14:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-492471DE
[2009/06/16 21:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4A3867E3
[2010/05/10 08:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2009/09/22 22:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/19 22:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2004/04/02 19:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/04/28 12:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/03/15 20:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific

========== Purity Check ==========



< End of report >


This report came up too, it may be because I pushed quick scan twice.

OTL Extras logfile created on: 7/23/2011 8:09:43 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 41.72 Mb Available Physical Memory | 16.86% Memory free
606.17 Mb Paging File | 349.92 Mb Available in Paging File | 57.73% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.18 Gb Total Space | 13.47 Gb Free Space | 40.60% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.83 Gb Free Space | 20.39% Space Free | Partition Type: FAT32

Computer Name: YOUR-C8BH3JAGLT | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Avaya\Avaya IP Agent\IpAgent.exe" = C:\Program Files\Avaya\Avaya IP Agent\IpAgent.exe:*:Enabled:Avaya IP Agent -- (Avaya Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\intelliscript\agentapp.exe" = C:\intelliscript\agentapp.exe:*:Enabled:agentapp -- (O'Currance)
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"{06AB77FA-AABF-43E8-A6B0-40F46E169866}" = Agent
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1C7589DD-6D83-42A7-BD36-58E6FAF99808}" = Avaya IP Agent
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}" = Motorola Mobile Drivers Installation 5.1.0
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BlackBerry_{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX210IS" = Canon PowerShot SX210 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"InstallShield_{06AB77FA-AABF-43E8-A6B0-40F46E169866}" = Agent
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"NVIDIA" =
"OCurrance Agent Application" = OCurrance Agent Application
"O'Currance Software" = O'Currance Software
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PS2" = PS2
"QuickTime" = QuickTime
"QwestQuickCare_is1" = Qwest Quickcare 2.6
"RealPlayer 6.0" = RealOne Player
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2011 2:15:47 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Application Error | ID = 1001
Description = Fault bucket 00000009.

Error - 7/16/2011 2:15:58 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Application Hang | ID = 1001
Description = Fault bucket 00000009.

Error - 7/16/2011 3:46:24 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4182, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 7/16/2011 8:31:35 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Application Error | ID = 1001
Description = Fault bucket 00000009.

Error - 7/16/2011 8:54:24 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2011 8:54:36 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Application Hang | ID = 1001
Description = Fault bucket 00000009.

Error - 7/18/2011 2:18:09 AM | Computer Name = YOUR-C8BH3JAGLT | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Standard Edition 2003 -- Error 1719. The
Windows Installer Service could not be accessed. This can occur if you are running
Windows in safe mode, or if the Windows Installer is not correctly installed. Contact
your support personnel for assistance.

Error - 7/18/2011 2:18:09 AM | Computer Name = YOUR-C8BH3JAGLT | Source = MsiInstaller | ID = 1021
Description = Product: Microsoft Office Standard Edition 2003 - Update 'Security
Update for Office 2003 (KB951535): MSXML5' could not be removed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 7/18/2011 6:13:16 PM | Computer Name = YOUR-C8BH3JAGLT | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\Owner\LOCALS~1\Temp\STOPzilla!\SZPro5.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 7/18/2011 6:37:39 PM | Computer Name = YOUR-C8BH3JAGLT | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\Owner\LOCALS~1\Temp\STOPzilla!\SZPro5.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

[ System Events ]
Error - 7/22/2011 6:18:44 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBT service which failed
to start because of the following error: %%31

Error - 7/22/2011 6:18:44 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 7/22/2011 6:18:44 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 7/22/2011 6:18:44 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7001
Description = The Cisco Systems, Inc. VPN Service service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%31

Error - 7/22/2011 6:18:44 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/22/2011 6:18:44 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

Error - 7/22/2011 9:19:29 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/22/2011 9:21:06 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/22/2011 9:22:03 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm SASDIFSV SASKUTIL

Error - 7/23/2011 8:14:45 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 24 July 2011 - 08:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of this run could you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/01 01:06:35 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{41FADD2A-D0E3-4C74-BB4C-C9228ECA1A9E}
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [Alalubi] C:\WINDOWS\owatejed.dll (Andrea Electronics Corporation)
    O4 - HKCU..\Run: [Cvaqu] C:\WINDOWS\msxmclol.dll (madshi.net)
    O4 - HKCU..\Run: [Security Protection] C:\Documents and Settings\All Users\Application Data\defender.exe (Kaspersky Lab)
    [2011/07/17 23:01:28 | 000,878,080 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\defender.exe
    [2011/07/17 23:01:14 | 000,966,144 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\0.5012822805877208.exe
    [2011/07/18 11:07:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Btegalafo.bin
    [2011/07/17 23:02:05 | 000,878,080 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\defender.exe
    [2011/07/17 23:01:29 | 000,966,144 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\0.5012822805877208.exe
    [2011/07/17 14:12:30 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Icukesazuyu.dat
    [2011/05/01 01:06:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Btegalafo.bin
    [2011/05/01 01:06:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Icukesazuyu.dat


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
terina1181
Posted 24 July 2011 - 06:48 PM

terina1181

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for taking the time to help me Essexboy. :)


All processes killed
========== OTL ==========
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{41FADD2A-D0E3-4C74-BB4C-C9228ECA1A9E}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{41FADD2A-D0E3-4C74-BB4C-C9228ECA1A9E}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{41FADD2A-D0E3-4C74-BB4C-C9228ECA1A9E} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alalubi deleted successfully.
C:\WINDOWS\owatejed.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Cvaqu deleted successfully.
C:\WINDOWS\msxmclol.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Security Protection deleted successfully.
C:\Documents and Settings\All Users\Application Data\defender.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\defender.exe not found.
C:\Documents and Settings\Owner\0.5012822805877208.exe moved successfully.
C:\WINDOWS\Btegalafo.bin moved successfully.
File C:\Documents and Settings\All Users\Application Data\defender.exe not found.
File C:\Documents and Settings\Owner\0.5012822805877208.exe not found.
C:\WINDOWS\Icukesazuyu.dat moved successfully.
File C:\WINDOWS\Btegalafo.bin not found.
File C:\WINDOWS\Icukesazuyu.dat not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 3467666 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 68438 bytes
->Temporary Internet Files folder emptied: 604358 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 549508437 bytes
->Temporary Internet Files folder emptied: 95990190 bytes
->Java cache emptied: 80498489 bytes
->FireFox cache emptied: 87581083 bytes
->Flash cache emptied: 529167 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124117649 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 130033382 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 638995690 bytes

Total Files Cleaned = 1,632.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

OTL by OldTimer - Version 3.2.26.1 log created on 07242011_182714

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-24 18:38:45
-----------------------------
18:38:45.828 OS Version: Windows 5.1.2600 Service Pack 3
18:38:45.828 Number of processors: 1 586 0x303
18:38:45.843 ComputerName: YOUR-C8BH3JAGLT UserName: Owner
18:38:51.625 Initialize success
18:40:04.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:40:04.140 Disk 0 Vendor: ST340015A 3.15 Size: 38166MB BusType: 3
18:40:04.218 Disk 0 MBR read successfully
18:40:04.234 Disk 0 MBR scan
18:40:04.234 Disk 0 unknown MBR code
18:40:04.281 Disk 0 scanning sectors +78140160
18:40:04.531 Disk 0 scanning C:\WINDOWS\system32\drivers
18:40:39.015 Service scanning
18:40:59.109 Service CD-Lock E:\cdm.sys **LOCKED** 21
18:41:05.546 Modules scanning
18:41:53.781 Disk 0 trace - called modules:
18:41:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
18:41:53.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81ae6030]
18:41:53.875 3 CLASSPNP.SYS[f9588fd7] -> nt!IofCallDriver -> \Device\0000006c[0x81b45f18]
18:41:53.921 5 ACPI.sys[f94df620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81af8b58]
18:41:53.984 Scan finished successfully
18:42:33.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:42:33.984 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 25 July 2011 - 10:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets have a further check on your mbr , as it looks a tad iffy. Could you run these in normal mode please :)

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#5
terina1181
Posted 25 July 2011 - 06:07 PM

terina1181

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks again so much, you really are a lifesaver. :) I noticed there are some old jpeg files that have reappeared on my desktop but they are only preview versions, they should be ok to delete, right?

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7277

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/25/2011 5:15:58 PM
mbam-log-2011-07-25 (17-15-58).txt

Scan type: Quick scan
Objects scanned: 165797
Time elapsed: 15 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\idcnrsen (Trojan.FakeAlert.Gen) -> Value: idcnrsen -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\AAF3.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\0.25090118783495186.exe (Exploit.Dropper) -> Quarantined and deleted successfully.
  • 0

#6
Essexboy
Posted 26 July 2011 - 10:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If they are old ones you know about - then yes, but we will hide your system files again at the end

What problems do you have at the moment ?
  • 0

#7
terina1181
Posted 26 July 2011 - 10:28 AM

terina1181

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I think you have solved all my problems :) I just need to get a new pc, this one runs so slow... Thank you so much :unsure:
  • 0

#8
Essexboy
Posted 26 July 2011 - 10:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets clear my rubbish and see if we can give your system a kick start :yes:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#9
terina1181
Posted 26 July 2011 - 10:46 AM

terina1181

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you so much for everything, you have no idea how much it means to me! :) So just run as is for 24 hrs then run OTL with your clean up or run the clean up and wait 24 hrs? Sorry, just want to make sure.
  • 0

#10
Essexboy
Posted 26 July 2011 - 10:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope run the cleanup now, it may well improve your system speed... Then if there is nothing further heard I will close the thread in a few days

Keep safe now :)
  • 0

#11
Essexboy
Posted 28 July 2011 - 11:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP