Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Opencloud


  • This topic is locked This topic is locked

#1
zakkwylde

zakkwylde

    New Member

  • Member
  • Pip
  • 3 posts
I followed the instructions on the thread about removing Opencloud security and Malwarebytes just closes after I try starting the scan. I already had Malwarebytes installed before I got infected. I reinstalled it a few different times to try scanning. I also installed AVG and it hasn't done much either.

I'm also getting a blue screen of death at times, but then it goes to the windows logo that shows when you're booting your computer. Then it will go right back to my screen as it was. I'm not sure if that's also something that Opencloud does or if it's some other malware infecting my system. Please help!
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello zakkwylde and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#3
zakkwylde

zakkwylde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is the OTL log. I forgot to say that I am running XP Pro SP3.

OTL logfile created on: 10/1/2011 6:57:46 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Dr Seus\My Documents\Downloads
Windows XP Professional Edition Service Pack 3, v.3244 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3244)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.98 Mb Total Physical Memory | 55.78 Mb Available Physical Memory | 7.27% Memory free
1.83 Gb Paging File | 1.18 Gb Available in Paging File | 64.67% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 4.31 Gb Free Space | 11.26% Space Free | Partition Type: NTFS
Drive D: | 31.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: [bleep]ER | User Name: Dr Seus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\2525528137:3061806953.exe
PRC - [2011/10/01 18:56:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr Seus\My Documents\Downloads\OTL.scr
PRC - [2011/09/27 21:16:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2007/10/30 16:32:28 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 21:16:58 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007/10/30 16:31:54 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/09/01 14:50:48 | 001,117,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/09/01 11:38:54 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/28 19:50:58 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Mozilla Firefox\TrueSight.sys -- (TrueSight)
DRV - [2011/08/23 11:45:00 | 000,326,688 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/08/18 09:31:02 | 000,184,536 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/12/17 14:54:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/02/26 18:19:16 | 001,519,424 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2005/11/11 13:53:22 | 000,067,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2001/08/17 06:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/28 07:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\FireFox\ [2011/09/28 17:35:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/27 21:17:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 19:36:12 | 000,000,000 | ---D | M]

[2010/10/01 21:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dr Seus\Application Data\Mozilla\Extensions
[2010/10/01 21:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dr Seus\Application Data\Mozilla\Firefox\Profiles\4m8kjb00.default\extensions
[2011/05/07 19:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/03 01:37:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/03 00:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/28 07:39:54 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/04/03 00:38:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/28 17:35:23 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2011/09/27 21:17:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/03 00:38:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 19:36:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bFFF4pmmH5Q8234A] C:\WINDOWS\system32\kUUUCekkIBzPNx.exe ()
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F4FCC37-1B39-410C-B011-A9292299590E}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dr Seus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dr Seus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/01 16:49:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 17:43:07 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 01:27:40 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/01 18:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\ZBBttzP0yc1iDoF
[2011/10/01 18:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\xmH6sWJ7ELgTqjC
[2011/09/28 20:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\hwkkIVrzONtAuv2
[2011/09/28 20:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\UD2onFamHsWfLg
[2011/09/28 20:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\h3ppnGGaQH6WKfL
[2011/09/28 20:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\cAA1ivD2n4mH
[2011/09/28 20:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\KmHH5sQJ7dE8gZh
[2011/09/28 20:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\IL9gTXUCkBrPyx1
[2011/09/28 19:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\iggTZhCwIrlNt
[2011/09/28 19:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\I00ucSibF
[2011/09/28 19:40:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/28 19:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\LPPNNyxA1uv2oF
[2011/09/28 19:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\ipppmH5sQJ7dLgR
[2011/09/28 19:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\kccS11ibD3o
[2011/09/28 19:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\JZZ9hYXwkUVlBtP
[2011/09/28 19:14:37 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/09/28 19:14:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/09/28 19:14:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/28 19:14:24 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2011/09/28 18:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\AVG
[2011/09/28 18:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/09/28 18:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\noonnG4aQH6WKfL
[2011/09/28 18:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\BUUVelOBtx0yS1b
[2011/09/28 18:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\UhhYYXwjUVeOtz0
[2011/09/28 18:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\kGG55aQJ6dE8fZ
[2011/09/28 18:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\seany
[2011/09/28 18:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dr Seus\Recent
[2011/09/28 17:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/28 17:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/28 17:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Desktop\RK_Quarantine
[2011/09/28 17:35:18 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/09/28 17:35:18 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/09/28 17:35:18 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/09/28 17:31:47 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/09/28 17:31:47 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/09/28 17:31:45 | 000,252,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/09/28 17:31:32 | 000,326,688 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/09/28 17:31:32 | 000,162,200 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/09/28 17:31:28 | 000,184,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/09/28 17:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/09/28 17:31:23 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/09/28 17:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/28 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/09/28 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/28 17:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/28 17:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\iexplore
[2011/09/28 16:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\XrllOBBtxPucSiD
[2011/09/28 16:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\JRRZZqhYXwkV
[2011/09/28 10:46:20 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/28 10:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\t22iibDpnGaQHdK
[2011/09/28 10:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\EhhYCwkkUrlOtx0
[2011/09/28 10:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\Z22ibF3pG5aQ
[2011/09/28 10:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\iTZqhYwkIlt0c
[2011/09/28 10:04:39 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dr Seus\Desktop\seany.exe
[2011/09/28 09:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\HhYwVlBtzPySi34
[2011/09/28 09:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\jaaQQH6dW8fR9hX
[2011/09/28 08:03:24 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/09/28 07:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\AVG2012
[2011/09/28 07:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/28 07:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/28 07:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/09/28 07:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/28 07:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/28 07:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/28 07:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\ZjjjUCelIBrPNc1
[2011/09/28 07:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\nuvvD22onFpm5sJ
[2011/09/28 07:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\vJJJ6ddEK8
[2011/09/28 07:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\o55ssWJ7fEL8Tqj
[2011/09/28 07:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\FCCwkkIVrzOtx0v
[2011/09/28 07:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\tJ77fEEL8gZqYCk
[2011/09/28 07:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\yvvDD2onF4am5W
[2011/09/28 03:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\cHHH6dWWKfRLhTw
[2011/09/28 03:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\ObbDD3pnG5
[2011/09/28 02:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/28 02:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/28 01:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/28 01:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/28 01:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/28 01:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/28 01:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\RTTTXwwjUVeIBzP
[2011/09/28 01:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\h5aaQJWKfRZ9
[2011/09/28 01:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Seus\Application Data\SHH66sWK7fRLgTq
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/01 18:57:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/01 18:51:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2525528137
[2011/10/01 18:51:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/01 18:51:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/01 18:51:43 | 804,311,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 19:48:25 | 000,091,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 19:42:58 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/28 19:40:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 19:19:41 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Dr Seus\Desktop\TrueSight.sys
[2011/09/28 18:51:27 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Dr Seus\Desktop\AVG PC Tuneup 2011.lnk
[2011/09/28 17:56:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/28 17:31:55 | 000,492,452 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/28 17:31:29 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus Free.lnk
[2011/09/28 17:10:40 | 105,280,362 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/28 11:16:46 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Dr Seus\Local Settings\Application Data\housecall.guid.cache
[2011/09/28 10:04:59 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dr Seus\Desktop\seany.exe
[2011/09/28 07:39:54 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/28 01:09:43 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\Dr Seus\Application Data\ldr.ini
[2011/09/28 01:05:57 | 002,404,352 | ---- | M] () -- C:\WINDOWS\System32\kUUUCekkIBzPNx.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/28 19:40:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 19:19:28 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Dr Seus\Desktop\TrueSight.sys
[2011/09/28 18:51:27 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Dr Seus\Desktop\AVG PC Tuneup 2011.lnk
[2011/09/28 17:56:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/28 17:35:19 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/09/28 17:35:18 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/09/28 17:35:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/09/28 17:35:18 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/09/28 17:35:18 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/09/28 17:31:49 | 000,492,452 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/28 17:31:29 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus Free.lnk
[2011/09/28 17:10:40 | 105,280,362 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/28 11:16:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dr Seus\Local Settings\Application Data\housecall.guid.cache
[2011/09/28 07:39:54 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/28 01:15:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/28 01:06:33 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\Dr Seus\Application Data\ldr.ini
[2011/09/28 01:05:57 | 002,404,352 | ---- | C] () -- C:\WINDOWS\System32\kUUUCekkIBzPNx.exe
[2011/09/28 01:01:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2525528137
[2011/05/05 19:06:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2011/04/03 01:38:05 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/16 18:10:44 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2010/12/16 18:10:19 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2010/12/16 18:10:16 | 000,002,376 | ---- | C] () -- C:\WINDOWS\cmudax3.ini
[2010/11/06 21:39:34 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/04 04:31:20 | 000,245,248 | ---- | C] () -- C:\Documents and Settings\Dr Seus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 21:00:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/01 16:52:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/01 16:45:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/30 16:44:44 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/10/30 16:31:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/12/30 23:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/12/29 12:22:36 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/07 17:17:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/07 17:16:25 | 000,091,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/09/28 07:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/28 07:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/17 14:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/10/02 00:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/09/28 19:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/26 20:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/12/10 05:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PY_Software
[2011/10/01 18:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/28 18:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\AVG
[2011/09/28 07:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\AVG2012
[2011/09/28 18:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\BUUVelOBtx0yS1b
[2011/09/28 20:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\cAA1ivD2n4mH
[2010/10/25 21:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\Camfrog
[2011/09/28 03:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\cHHH6dWWKfRLhTw
[2011/09/28 18:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\DAEMON Tools Lite
[2011/09/28 10:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\EhhYCwkkUrlOtx0
[2011/09/28 07:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\FCCwkkIVrzOtx0v
[2011/09/28 20:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\h3ppnGGaQH6WKfL
[2011/09/28 01:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\h5aaQJWKfRZ9
[2011/09/28 09:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\HhYwVlBtzPySi34
[2011/09/28 20:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\hwkkIVrzONtAuv2
[2011/09/28 19:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\I00ucSibF
[2011/09/28 19:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\iggTZhCwIrlNt
[2011/09/28 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\IL9gTXUCkBrPyx1
[2011/09/28 19:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\ipppmH5sQJ7dLgR
[2011/09/28 10:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\iTZqhYwkIlt0c
[2011/09/28 09:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\jaaQQH6dW8fR9hX
[2011/09/28 16:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\JRRZZqhYXwkV
[2011/09/28 19:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\JZZ9hYXwkUVlBtP
[2011/09/28 19:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\kccS11ibD3o
[2011/09/28 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\kGG55aQJ6dE8fZ
[2011/09/28 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\KmHH5sQJ7dE8gZh
[2011/09/28 19:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\LPPNNyxA1uv2oF
[2011/09/28 18:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\noonnG4aQH6WKfL
[2011/09/28 07:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\nuvvD22onFpm5sJ
[2011/09/28 07:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\o55ssWJ7fEL8Tqj
[2011/09/28 03:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\ObbDD3pnG5
[2011/09/28 08:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\RTTTXwwjUVeIBzP
[2011/09/28 01:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\SHH66sWK7fRLgTq
[2011/09/28 10:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\t22iibDpnGaQHdK
[2011/09/28 07:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\tJ77fEEL8gZqYCk
[2011/09/28 20:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\UD2onFamHsWfLg
[2011/09/28 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\UhhYYXwjUVeOtz0
[2011/09/28 18:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\uTorrent
[2011/09/28 07:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\vJJJ6ddEK8
[2011/10/01 18:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\xmH6sWJ7ELgTqjC
[2011/09/28 16:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\XrllOBBtxPucSiD
[2011/09/28 07:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\yvvDD2onF4am5W
[2011/09/28 10:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\Z22ibF3pG5aQ
[2011/10/01 18:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\ZBBttzP0yc1iDoF
[2011/09/28 07:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Seus\Application Data\ZjjjUCelIBrPNc1

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/10/01 18:54:19 | 000,748,643 | ---- | M] (maliprog @ Geekstogo) MD5=036621107C359B7FC3BE7C3757EE7F60 -- C:\Documents and Settings\Dr Seus\My Documents\Downloads\explorer.exe
[2007/10/30 16:32:28 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=54B20714BCF2C49A4C3A182EE24E7736 -- C:\WINDOWS\explorer.exe
[2007/10/30 16:32:28 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=54B20714BCF2C49A4C3A182EE24E7736 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2007/10/30 16:32:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=9AE650AD5D3DF02FBD28CE26746CCA5B -- C:\WINDOWS\system32\dllcache\svchost.exe
[2007/10/30 16:32:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=9AE650AD5D3DF02FBD28CE26746CCA5B -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2007/10/30 16:33:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=371F47017847266EE67B5DBF4450C61F -- C:\WINDOWS\system32\dllcache\userinit.exe
[2007/10/30 16:33:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=371F47017847266EE67B5DBF4450C61F -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2007/10/30 16:33:02 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=56ADF995FFF58EB7D0DD0819343FB0EB -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2007/10/30 16:33:02 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=56ADF995FFF58EB7D0DD0819343FB0EB -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/27 21:16:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/27 21:16:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/27 21:16:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/27 21:16:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/27 21:16:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/27 21:16:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2007/10/30 16:32:54 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2007/10/30 16:32:54 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2007/10/30 16:32:54 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2007/10/30 16:32:32 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/27 21:16:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/27 21:16:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/27 21:16:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/27 21:16:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/27 21:16:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/27 21:16:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2007/10/30 16:32:54 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2007/10/30 16:32:54 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2007/10/30 16:32:54 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2007/10/30 16:32:32 | 000,093,184 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB16105$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\WINDOWS\2525528137:3061806953.exe
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
  • 0

#4
zakkwylde

zakkwylde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here's the OTL Extras log. Sorry about the computer name, I'm glad it bleeps it out.

OTL Extras logfile created on: 10/1/2011 6:57:46 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Dr Seus\My Documents\Downloads
Windows XP Professional Edition Service Pack 3, v.3244 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3244)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.98 Mb Total Physical Memory | 55.78 Mb Available Physical Memory | 7.27% Memory free
1.83 Gb Paging File | 1.18 Gb Available in Paging File | 64.67% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 4.31 Gb Free Space | 11.26% Space Free | Partition Type: NTFS
Drive D: | 31.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: [bleep]ER | User Name: Dr Seus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module -- (Camshare LC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{56839333-0802-40D6-9A50-EBB9EB2BF541}" = AVG 2012
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A1713E14-4A72-4DE1-B555-5354F710D51E}" = AVG 2012
"{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = SanDisk ImageMate Reader/Writer
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E0990010-9FC0-47CB-0095-C4F40C9432A9}" = The Sims 2 University
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"1602 A.D." = 1602 A.D.
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Video FX Utility" = Advanced Video FX Utility
"AVG" = AVG 2012
"Browser Defender_is1" = Browser Defender 3.0
"Camfrog 5.5" = Camfrog Video Chat 5.5
"CCleaner" = CCleaner
"C-Media PCI Sound" = Diamond Xtreme Audio
"Creative PD0630" = Creative WebCam Live! Driver (2.00.06.0000)
"Easy Audio CD Burner 3.8" = Easy Audio CD Burner 3.8
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Spyware Doctor" = PC Tools AntiVirus Free 8.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2011 11:11:00 PM | Computer Name = [bleep]ER | Source = SecurityCenter | ID = 1804
Description = The Windows Security Center Service was unable to load instances of
AntiVirusProduct from WMI.

Error - 9/28/2011 11:23:54 PM | Computer Name = [bleep]ER | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE
TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'"
could not be (re)activated in namespace "//./ROOT/SecurityCenter" because of error
0x80041010. Events may not be delivered through this filter until the problem is
corrected.

Error - 9/28/2011 11:23:55 PM | Computer Name = [bleep]ER | Source = SecurityCenter | ID = 1803
Description = The Windows Security Center Service was unable to load instances of
FirewallProduct from WMI.

Error - 9/28/2011 11:23:55 PM | Computer Name = [bleep]ER | Source = SecurityCenter | ID = 1804
Description = The Windows Security Center Service was unable to load instances of
AntiVirusProduct from WMI.

Error - 9/28/2011 11:37:21 PM | Computer Name = [bleep]ER | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE
TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'"
could not be (re)activated in namespace "//./ROOT/SecurityCenter" because of error
0x80041010. Events may not be delivered through this filter until the problem is
corrected.

Error - 9/28/2011 11:37:21 PM | Computer Name = [bleep]ER | Source = SecurityCenter | ID = 1803
Description = The Windows Security Center Service was unable to load instances of
FirewallProduct from WMI.

Error - 9/28/2011 11:37:21 PM | Computer Name = [bleep]ER | Source = SecurityCenter | ID = 1804
Description = The Windows Security Center Service was unable to load instances of
AntiVirusProduct from WMI.

Error - 10/1/2011 9:52:09 PM | Computer Name = [bleep]ER | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE
TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'"
could not be (re)activated in namespace "//./ROOT/SecurityCenter" because of error
0x80041010. Events may not be delivered through this filter until the problem is
corrected.

Error - 10/1/2011 9:52:09 PM | Computer Name = [bleep]ER | Source = SecurityCenter | ID = 1803
Description = The Windows Security Center Service was unable to load instances of
FirewallProduct from WMI.

Error - 10/1/2011 9:52:09 PM | Computer Name = [bleep]ER | Source = SecurityCenter | ID = 1804
Description = The Windows Security Center Service was unable to load instances of
AntiVirusProduct from WMI.

[ System Events ]
Error - 7/10/2011 10:13:00 AM | Computer Name = [bleep]ER | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/10/2011 10:13:00 AM | Computer Name = [bleep]ER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/10/2011 10:13:15 AM | Computer Name = [bleep]ER | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/10/2011 10:13:15 AM | Computer Name = [bleep]ER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/15/2011 12:53:35 AM | Computer Name = [bleep]ER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 7/19/2011 2:44:11 AM | Computer Name = [bleep]ER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 7/31/2011 5:49:59 PM | Computer Name = [bleep]ER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/7/2011 4:40:05 PM | Computer Name = [bleep]ER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/13/2011 2:32:35 AM | Computer Name = [bleep]ER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/16/2011 12:23:33 AM | Computer Name = [bleep]ER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi zakkwylde

Please read carefully my steps (at least two times) because you have very nasty malware on your system.

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

After this please continue with steps below.


Step 2

Please download ComboFix from Here or Here to your desktop.

Don't run it yet!

Step 3

We have to install Recovery Console. (If you already have installed Recovery Console please proceed with step 3)

If you use Windows XP and do not have the Windows CD, ComboFix includes a method of installing the Windows Recovery console by downloading a file from Microsoft. To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions:

  • Click on the following link to go to Microsoft's Web site:

    http://support.micro....com/kb/310994
  • At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. If you are using Windows XP Service Pack 3 (SP3), then select the Service Pack 2 download. If you are using Windows XP Media Center, then you should select the Windows XP Pro Service Pack 2 download.
  • Once the Microsoft file has finished downloading, you should drag it on top of the ComboFix icon and let your mouse button go. This is shown in the following image.

    Posted Image
  • ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer.
  • Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. Press No button.

Step 4

  • Reboot your computer and as Windows starts it will present you with your startup options as shown in the figure below.
    Posted Image
  • With the arrows keys on your keyboard select the option listed as Microsoft Windows Recovery Console and press the enter key on your keyboard.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
  • It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this.
  • If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
  • Type in the following two commands and press Enter after each:

    del 2525528137

    rmdir $NtUninstallKB16105$
  • Once finished type Exit boot into Windows and proceed with Step 5

Step 5


Please do this quickly after you are in Windows to avoid ZeroAcces reactivation!

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combofix.txt" for further review
Step 6

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP