Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Log in and fake file recovery problems [Solved]

Started by stevecb1300 , Aug 12 2012 06:26 PM

This topic is locked

#16
Dakeyras

Posted 26 August 2012 - 09:01 AM

Anti-Malware Mammoth

Expert
9,772 posts

Acknowledged.

#17
stevecb1300

Posted 26 August 2012 - 09:04 AM

Member

Topic Starter
Member
38 posts

OTL logfile created on: 26/08/2012 15:37:55 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Steven\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 73.39 Mb Available Physical Memory | 28.72% Memory free
618.02 Mb Paging File | 346.43 Mb Available in Paging File | 56.05% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.56 Gb Total Space | 58.52 Gb Free Space | 78.48% Space Free | Partition Type: NTFS

Computer Name: DORIS | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Steven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12082600\algo.dll ()
MOD - C:\Program Files\Scansoft\PaperPort\BliceCtr.dll ()

========== Services (SafeList) ==========

SRV - (Winkbxu) -- C:\WINDOWS\System32\Winkbxu.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (Beep) -- File not found
DRV - (AmeLanPc) -- System32\DRIVERS\AmeLanPc.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (GdFsHook) -- C:\WINDOWS\system32\drivers\gdfshk.sys (Network Associates, Inc.)
DRV - (GdTdi) -- C:\WINDOWS\system32\drivers\gdtdi.sys (Network Associates, Inc.)
DRV - (cmpci) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (usbcm) -- C:\WINDOWS\system32\drivers\usbcm.sys (Microsystems Corp)
DRV - (hpt3xx) -- C:\WINDOWS\system32\drivers\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation)
DRV - (BrUsbScn) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\basic2.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\system32\drivers\v124nt.sys (Conexant Systems)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\rksample.sys (Conexant Systems)
DRV - (Cnxtdiag) -- C:\WINDOWS\system32\drivers\cnxtdiag.sys (Conexant Systems)
DRV - (K56) -- C:\WINDOWS\system32\drivers\k56nt.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\fsksnt.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\faxnt.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\tonesnt.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\fallback.sys (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Home Page = http://kon4ay.biz/
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/index_narrow.html
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\..\SearchScopes,DefaultScope = {E6EB4AD1-4DD8-4360-AF49-90EEBDA6FBCB}
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\..\SearchScopes\{E6EB4AD1-4DD8-4360-AF49-90EEBDA6FBCB}: "URL" = http://uk.search.yah...=UTF-8&meta=vc=
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

O1 HOSTS File: ([2008/10/19 19:36:03 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2389969595-1605616401-496393314-1005..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://codecs.micros...86/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {00000045-9980-0010-8000-00AA00389B71} http://codecs.micros...86/sg726acm.cab (Reg Error: Key error.)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.micros...386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1095177284202 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.c...bio4_0_2_10.cab (Yahoo! Toolbar)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01935C10-B9DC-4377-B20F-A03050259A31}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - http://www.androidbl...ogirlfriend.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {20d8bda1-1958-11d6-b00f-00b0d0c6b6a5} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 15:23:58 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTL.exe
[2012/08/26 14:03:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/26 11:04:42 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/08/26 11:02:24 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/08/26 11:00:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/08/26 10:57:26 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/08/26 10:57:18 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/08/26 10:50:41 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2012/08/26 10:39:08 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/08/26 10:33:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/08/26 03:19:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Steven\IECompatCache
[2012/08/26 02:43:11 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/26 02:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/26 02:30:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/26 02:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/26 02:28:59 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steven\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/26 02:20:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Steven\PrivacIE
[2012/08/26 02:16:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Steven\IETldCache
[2012/08/26 01:48:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/08/26 01:30:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/26 01:24:11 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/08/26 01:22:37 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/08/26 00:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/08/25 23:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/08/25 23:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/08/25 23:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2012/08/25 23:32:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/08/25 19:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/08/25 19:20:50 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/25 19:20:49 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/25 19:20:34 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/25 19:20:31 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/25 19:20:29 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/25 19:20:24 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/25 19:20:24 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/25 19:20:21 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/25 19:17:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/25 19:17:07 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/25 19:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/25 19:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/19 12:46:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steven\Recent
[2012/08/18 15:55:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/18 15:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/08/18 14:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2007/06/10 20:23:40 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Steven\mqdmmdm.sys
[2007/06/10 20:23:40 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Steven\mqdmserd.sys
[2007/06/10 20:23:40 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Steven\mqdmbus.sys
[2007/06/10 20:23:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Steven\usbsermptxp.sys
[2007/06/10 20:23:40 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Steven\mqdmmdfl.sys
[2007/06/10 20:23:40 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Steven\mqdmcmnt.sys
[2007/06/10 20:23:40 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Steven\mqdmwhnt.sys
[2007/06/10 20:23:40 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Steven\mqdmcr.sys
[2007/06/10 20:23:38 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Steven\usbsermpt.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/26 15:24:04 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTL.exe
[2012/08/26 15:22:51 | 000,881,581 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\SecurityCheck.exe
[2012/08/26 15:14:55 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/26 15:10:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/26 15:10:33 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/26 15:10:32 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 15:08:57 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/08/26 14:48:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/26 05:55:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/26 02:30:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 02:29:09 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steven\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/26 02:18:12 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/26 01:06:49 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/26 01:06:49 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/26 01:00:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/25 23:13:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/08/25 19:42:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/25 19:20:51 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/25 19:10:58 | 093,654,616 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\avast_free_antivirus_setup.exe
[2012/08/25 18:41:00 | 001,359,824 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\pc-decrapifier-2.2.8.exe
[2012/08/21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 10:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 10:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 10:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 10:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 10:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 10:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 10:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/19 17:18:03 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 16:57:51 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\dt.dat
[2012/08/18 14:57:37 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/26 15:22:49 | 000,881,581 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\SecurityCheck.exe
[2012/08/26 10:38:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/26 10:38:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/08/26 02:30:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 02:18:11 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Steven\Start Menu\Programs\Internet Explorer.lnk
[2012/08/25 19:20:51 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/25 19:20:27 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/25 19:09:55 | 093,654,616 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\avast_free_antivirus_setup.exe
[2012/08/25 18:40:51 | 001,359,824 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\pc-decrapifier-2.2.8.exe
[2012/08/25 16:16:02 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/18 16:57:51 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\dt.dat
[2012/08/18 14:57:37 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/03 15:38:26 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2008/10/17 17:51:32 | 000,019,043 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\cukocy.sys
[2008/10/17 17:51:32 | 000,017,017 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cami.reg
[2008/10/17 17:51:32 | 000,016,643 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uvokazuq._sy
[2008/10/17 17:51:32 | 000,015,920 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ygifamo.bin
[2008/10/17 17:51:32 | 000,015,396 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\ymyfegekyb.bin
[2008/10/17 17:51:32 | 000,015,252 | ---- | C] () -- C:\Program Files\Common Files\zizamaqyqe.bat
[2008/10/17 17:51:32 | 000,015,203 | ---- | C] () -- C:\Program Files\Common Files\qowonykajo.bin
[2008/10/17 17:51:32 | 000,014,487 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\eradenolu.dat
[2008/10/17 17:51:32 | 000,014,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ozak.bin
[2008/10/17 17:51:32 | 000,013,256 | ---- | C] () -- C:\Program Files\Common Files\ocuzymixy.dll
[2008/10/17 17:51:32 | 000,012,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\huwakanym.com
[2008/10/17 17:51:32 | 000,012,379 | ---- | C] () -- C:\Program Files\Common Files\ekunigycyd.exe
[2008/10/17 17:51:32 | 000,010,962 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\gyfityl.ban
[2008/10/17 07:51:55 | 000,019,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ydebenyv.sys
[2008/10/17 07:51:55 | 000,016,779 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\oluxes.inf
[2008/10/17 07:51:55 | 000,016,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nityjuw._sy
[2008/10/17 07:51:55 | 000,011,112 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\ekexu.inf
[2008/10/17 07:51:54 | 000,016,961 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\pyxum._sy
[2008/10/17 07:51:54 | 000,010,571 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\gyzik.dat
[2007/06/10 20:23:40 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Steven\MCCI_MDM.INF
[2007/06/10 20:23:40 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Steven\USB_MOT_BRIT.INF
[2007/06/10 20:23:40 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Steven\MCCI_BUS.INF
[2007/06/10 20:23:40 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Steven\USBMOT2000XP.INF
[2007/06/10 20:23:40 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Steven\USB_MOT_A1000.INF
[2007/06/10 20:23:40 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Steven\USB_CMCS_2000.INF
[2007/06/10 20:23:40 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Steven\MCCI_SDM.INF
[2007/06/10 20:23:38 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Steven\USBMOT2000.INF
[2005/03/31 20:43:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\dm.ini
[2004/09/22 18:18:24 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Steven\fbackup.hiv
[2004/09/22 18:18:16 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Steven\backup.hiv
[2004/01/19 12:09:55 | 000,179,882 | ---- | C] () -- C:\Documents and Settings\Steven\~
[2002/09/07 06:54:28 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

#18
stevecb1300

Posted 26 August 2012 - 09:06 AM

Member

Topic Starter
Member
38 posts

OTL Extras logfile created on: 26/08/2012 15:37:55 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Steven\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 73.39 Mb Available Physical Memory | 28.72% Memory free
618.02 Mb Paging File | 346.43 Mb Available in Paging File | 56.05% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.56 Gb Total Space | 58.52 Gb Free Space | 78.48% Space Free | Partition Type: NTFS

Computer Name: DORIS | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D88122D" = MSP3885-E 56K PCI Modem
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"ffdshow_is1" = ffdshow [rev 918] [2007-02-12]
"GNU Backgammon for Windows_is1" = GNU Backgammon
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iexpedition" = Internet Expedition
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PCI Audio Driver" = PCI Audio Driver
"Q903235" = Internet Explorer Q903235
"Shockwave" = Shockwave
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/06/2012 09:10:55 | Computer Name = DORIS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/07/2012 07:41:40 | Computer Name = DORIS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/08/2012 21:48:00 | Computer Name = DORIS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/08/2012 08:12:52 | Computer Name = DORIS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/08/2012 22:12:08 | Computer Name = DORIS | Source = ESENT | ID = 490
Description = svchost (1192) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 19/08/2012 07:29:49 | Computer Name = DORIS | Source = MsiInstaller | ID = 11705
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
1705. SA_Error1705: StandardAction(0xC00706A9): A previous installation for this
product is in progress. You must undo the changes made by that installation to
continue. Do you want to undo those changes?

Error - 25/08/2012 11:06:10 | Computer Name = DORIS | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/08/2012 21:42:14 | Computer Name = DORIS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/08/2012 22:10:02 | Computer Name = DORIS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/08/2012 04:10:34 | Computer Name = DORIS | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.87, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 25/08/2012 12:44:52 | Computer Name = DORIS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 25/08/2012 13:23:04 | Computer Name = DORIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 25/08/2012 17:27:23 | Computer Name = DORIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 25/08/2012 20:02:22 | Computer Name = DORIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 25/08/2012 20:04:44 | Computer Name = DORIS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 25/08/2012 21:17:30 | Computer Name = DORIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 25/08/2012 22:13:52 | Computer Name = DORIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 25/08/2012 23:11:39 | Computer Name = DORIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 26/08/2012 10:12:57 | Computer Name = DORIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 26/08/2012 10:14:33 | Computer Name = DORIS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

< End of report >

#19
Dakeyras

Posted 26 August 2012 - 01:59 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

I take it the Malwarebytes Anti-Malware log is not available? If so not a problem as I will be advising you run another scan shortly anyway.

Next:

Out of date Adobe installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update these in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0
Adobe Download Manager 2.0
Adobe Flash Player 10

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please go here and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double-click on erunt-setup.exe to Install ERUNTby following the prompts.
Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

Double-click on OTL.exe to start the program.
Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Home Page = http://kon4ay.biz/
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://codecs.micros...86/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {00000045-9980-0010-8000-00AA00389B71} http://codecs.micros...86/sg726acm.cab (Reg Error: Key error.)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.micros...386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1095177284202 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.c...bio4_0_2_10.cab (Yahoo! Toolbar)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {20d8bda1-1958-11d6-b00f-00b0d0c6b6a5} - No CLSID value found.
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2008/10/17 17:51:32 | 000,019,043 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\cukocy.sys
[2008/10/17 17:51:32 | 000,017,017 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cami.reg
[2008/10/17 17:51:32 | 000,016,643 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uvokazuq._sy
[2008/10/17 17:51:32 | 000,015,920 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ygifamo.bin
[2008/10/17 17:51:32 | 000,015,396 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\ymyfegekyb.bin
[2008/10/17 17:51:32 | 000,015,252 | ---- | C] () -- C:\Program Files\Common Files\zizamaqyqe.bat
[2008/10/17 17:51:32 | 000,015,203 | ---- | C] () -- C:\Program Files\Common Files\qowonykajo.bin
[2008/10/17 17:51:32 | 000,014,487 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\eradenolu.dat
[2008/10/17 17:51:32 | 000,014,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ozak.bin
[2008/10/17 17:51:32 | 000,013,256 | ---- | C] () -- C:\Program Files\Common Files\ocuzymixy.dll
[2008/10/17 17:51:32 | 000,012,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\huwakanym.com
[2008/10/17 17:51:32 | 000,012,379 | ---- | C] () -- C:\Program Files\Common Files\ekunigycyd.exe
[2008/10/17 17:51:32 | 000,010,962 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\gyfityl.ban
[2008/10/17 07:51:55 | 000,019,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ydebenyv.sys
[2008/10/17 07:51:55 | 000,016,779 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\oluxes.inf
[2008/10/17 07:51:55 | 000,016,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nityjuw._sy
[2008/10/17 07:51:55 | 000,011,112 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\ekexu.inf
[2008/10/17 07:51:54 | 000,016,961 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\pyxum._sy
[2008/10/17 07:51:54 | 000,010,571 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\gyzik.dat
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The log-file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

#20
stevecb1300

Posted 26 August 2012 - 05:50 PM

Member

Topic Starter
Member
38 posts

Hi,

Ok then, Before your last reply I already removed the adobe reader 7, adobe flash player 10. These were replaced with adobe flash player 11 and adobe reader X. I think I removed the adobe download manager to, cant remember to be honest but its not in the add/remove programms list anymore..

The PC seems a little more stable, Some times it works better than others, occasionally have to reboot and it works a bit faster!!

I backed up the registry as suggested and did the custom fix thing in OTL. The log is below and I will post the malwarebytes log in the next post..
I had deleted the previous log.. It had removed 1 item, trogan I think.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-2389969595-1605616401-496393314-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Home Page| /E : value set successfully!
Starting removal of ActiveX control {0000000A-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmsp9dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0000000A-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000000A-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0000000A-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000000A-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {00000045-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\SG726ACM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000045-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000045-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000045-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000045-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {00000075-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\voxacm.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {00000161-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\msaudio.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000161-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000161-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000161-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000161-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {0F9B4CA4-A30F-480A-841D-69B45C50A8F8}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0F9B4CA4-A30F-480A-841D-69B45C50A8F8}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0F9B4CA4-A30F-480A-841D-69B45C50A8F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F9B4CA4-A30F-480A-841D-69B45C50A8F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0F9B4CA4-A30F-480A-841D-69B45C50A8F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F9B4CA4-A30F-480A-841D-69B45C50A8F8}\ not found.
Starting removal of ActiveX control {33363249-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\i263_32.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33363249-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33363249-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33363249-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33363249-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\WINDOWS\Downloaded Program Files\wuweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {EF99BD32-C1FB-11D2-892F-0090271D4F88}
C:\WINDOWS\Downloaded Program Files\ycomp4,0,2,10.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5}\ not found.
C:\WINDOWS\001180_.tmp deleted successfully.
C:\WINDOWS\003899_.tmp deleted successfully.
C:\WINDOWS\006037_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\krnl386.exe.tmp deleted successfully.
C:\WINDOWS\System32\OLD1A.tmp deleted successfully.
C:\WINDOWS\System32\SET13.tmp deleted successfully.
C:\WINDOWS\System32\SET2.tmp deleted successfully.
C:\WINDOWS\System32\SET2F.tmp deleted successfully.
C:\WINDOWS\System32\SET35.tmp deleted successfully.
C:\WINDOWS\System32\SET3E.tmp deleted successfully.
C:\WINDOWS\System32\SET47.tmp deleted successfully.
C:\WINDOWS\System32\SET82.tmp deleted successfully.
C:\WINDOWS\System32\SET84.tmp deleted successfully.
C:\WINDOWS\System32\SET87.tmp deleted successfully.
C:\WINDOWS\System32\SET8D.tmp deleted successfully.
C:\WINDOWS\System32\wowexec.exe.tmp deleted successfully.
C:\WINDOWS\System32\drivers\OLD34.tmp deleted successfully.
C:\Documents and Settings\Steven\Application Data\cukocy.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\cami.reg moved successfully.
C:\Documents and Settings\All Users\Application Data\uvokazuq._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\ygifamo.bin moved successfully.
C:\Documents and Settings\Steven\Application Data\ymyfegekyb.bin moved successfully.
C:\Program Files\Common Files\zizamaqyqe.bat moved successfully.
C:\Program Files\Common Files\qowonykajo.bin moved successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\eradenolu.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\ozak.bin moved successfully.
C:\Program Files\Common Files\ocuzymixy.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\huwakanym.com moved successfully.
C:\Program Files\Common Files\ekunigycyd.exe moved successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\gyfityl.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\ydebenyv.sys moved successfully.
C:\Documents and Settings\Steven\Application Data\oluxes.inf moved successfully.
C:\Documents and Settings\All Users\Application Data\nityjuw._sy moved successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\ekexu.inf moved successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\pyxum._sy moved successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\gyzik.dat moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Steven\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Steven\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ACRORD32.EXE-13285B88.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\AVAST.SETUP-10F48C5B.pf moved successfully.
C:\WINDOWS\prefetch\AVASTEMUPDATE.EXE-033BD90D.pf moved successfully.
C:\WINDOWS\prefetch\AVASTSVC.EXE-2FF42CC2.pf moved successfully.
C:\WINDOWS\prefetch\AVASTUI.EXE-0B3C80E5.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.
C:\WINDOWS\prefetch\CSRSS.EXE-12B63473.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT-SETUP.EXE-10E5A5CC.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-10F447C7.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\E_FATIEGE.EXE-1FC1995F.pf moved successfully.
C:\WINDOWS\prefetch\FIND.EXE-0EC32F1E.pf moved successfully.
C:\WINDOWS\prefetch\FXSSVC.EXE-3B8F7819.pf moved successfully.
C:\WINDOWS\prefetch\GCCHECK.EXE-2431D696.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
C:\WINDOWS\prefetch\INDEXSEARCH.EXE-1C3940E7.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-2395F30B.pf moved successfully.
C:\WINDOWS\prefetch\IS-K6C7B.TMP-02642ED3.pf moved successfully.
C:\WINDOWS\prefetch\JAVA.EXE-1E21D4DA.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-021F87DA.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-21B69FF4.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0F4A509D.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LIFEEXP.EXE-0B22B21E.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\LSASS.EXE-20DB6D1B.pf moved successfully.
C:\WINDOWS\prefetch\MBAM.EXE-0BEE0439.pf moved successfully.
C:\WINDOWS\prefetch\MPNOTIFY.EXE-3631A846.pf moved successfully.
C:\WINDOWS\prefetch\MSCAMS32.EXE-0322BB5E.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\NVSVC32.EXE-1F9EED18.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-2D4CCD07.pf moved successfully.
C:\WINDOWS\prefetch\PING.EXE-31216D26.pf moved successfully.
C:\WINDOWS\prefetch\PPTD40NT.EXE-1E4A0D52.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-3329220B.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1218E1AC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-132B2031.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-33113202.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-415F88EC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4A5A9D78.pf moved successfully.
C:\WINDOWS\prefetch\SERVICES.EXE-2F433351.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-155124B8.pf moved successfully.
C:\WINDOWS\prefetch\SSTEXT3D.SCR-17B3B9DD.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.
C:\WINDOWS\prefetch\UNPACK200.EXE-37627EF0.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.
C:\WINDOWS\prefetch\VVX1000.EXE-307017DB.pf moved successfully.
C:\WINDOWS\prefetch\WINLOGON.EXE-32C57D49.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 4610452 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 5170790 bytes
->Temporary Internet Files folder emptied: 8322671 bytes
->Flash cache emptied: 3042 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 223747 bytes
->Flash cache emptied: 478 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Steven
->Temp folder emptied: 15346141 bytes
->Temporary Internet Files folder emptied: 8263835 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 627 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45080 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4610452 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 818779 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

OTL by OldTimer - Version 3.2.59.1 log created on 08272012_002046

Files\Folders moved on Reboot...
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\W1MLG3P8\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\N09816P2\ads[3].htm moved successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\LJWD48JX\ads[3].htm moved successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\LJWD48JX\page__st__15[1].htm moved successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\ARS4YOSV\ads[1].htm moved successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\ARS4YOSV\ads[2].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#21
stevecb1300

Posted 26 August 2012 - 06:32 PM

Member

Topic Starter
Member
38 posts

Hi there,
Here is the latest Malwarebytes log..

Just so you know after it finished I had to "end now" as it was'nt responding, the same with IE8. I know were never gonna get this machine running like a new model but at least I think your getting it useable! Thanks again...

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steven :: DORIS [administrator]

27/08/2012 00:56:49
mbam-log-2012-08-27 (00-56-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237941
Time elapsed: 25 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#22
Dakeyras

Posted 27 August 2012 - 05:34 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Ok then, Before your last reply I already removed the adobe reader 7, adobe flash player 10. These were replaced with adobe flash player 11 and adobe reader X. I think I removed the adobe download manager to, cant remember to be honest but its not in the add/remove programms list anymore..

OK/fair play.

The PC seems a little more stable, Some times it works better than others, occasionally have to reboot and it works a bit faster!!

Some some in-depth maintenance will probably(help) improve things, which we will address in due course anyway.

Just so you know after it finished I had to "end now" as it was'nt responding, the same with IE8. I know were never gonna get this machine running like a new model but at least I think your getting it useable! Thanks again...

Acknowledged/you're welcome!

Check Hard Disk For Errors:

Click on Start >> Run..., then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate download is here.

Double click on adwcleaner.exe to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

Double-click on aswMBR.exe to launch the application.
When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
Now click on the Scan button to start scan
On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Next:

Post the three requested logs in your next reply and we will go from there, thank you.

#23
stevecb1300

Posted 27 August 2012 - 09:32 AM

Member

Topic Starter
Member
38 posts

The type of the file system is NTFS.
Volume label is 50_02_13.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
Recovering orphaned file Uninst.bat (27693) into directory file 21088.
Recovering orphaned file ADWCLE~1.JPG (27696) into directory file 21088.
Recovering orphaned file AdwCleaner.jpg (27696) into directory file 21088.
Recovering orphaned file Search.jpg (27702) into directory file 21088.
Recovering orphaned file Delete.jpg (27707) into directory file 21088.
Recovering orphaned file UNINST~1.JPG (27713) into directory file 21088.
Recovering orphaned file Uninstall.jpg (27713) into directory file 21088.
Recovering orphaned file ~DFE04B.tmp (27737) into directory file 21088.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

78180290 KB total disk space.
17187728 KB in 72321 files.
38840 KB in 6132 indexes.
64 KB in bad sectors.
439682 KB in use by the system.
43024 KB occupied by the log file.
60513976 KB available on disk.

4096 bytes in each allocation unit.
19545072 total allocation units on disk.
15128494 allocation units available on disk.

#24
stevecb1300

Posted 27 August 2012 - 09:33 AM

Member

Topic Starter
Member
38 posts

# AdwCleaner v1.801 - Logfile created 08/27/2012 at 15:52:39
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steven - DORIS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Steven\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [648 octets] - [27/08/2012 15:52:39]

########## EOF - C:\AdwCleaner[R1].txt - [775 octets] ##########

#25
stevecb1300

Posted 27 August 2012 - 09:34 AM

Member

Topic Starter
Member
38 posts

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 15:55:59
-----------------------------
15:55:59.546 OS Version: Windows 5.1.2600 Service Pack 3
15:55:59.546 Number of processors: 1 586 0x204
15:55:59.546 ComputerName: DORIS UserName:
15:56:28.125 Initialize success
15:56:39.750 AVAST engine defs: 12082601
15:58:00.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:58:00.890 Disk 0 Vendor: SAMSUNG_SV8004H QR100-09 Size: 76351MB BusType: 3
15:58:00.984 Disk 0 MBR read successfully
15:58:00.984 Disk 0 MBR scan
15:58:01.109 Disk 0 Windows XP default MBR code
15:58:01.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76347 MB offset 63
15:58:01.187 Disk 0 scanning sectors +156360645
15:58:01.468 Disk 0 scanning C:\WINDOWS\system32\drivers
15:59:38.750 Service scanning
16:02:02.687 Modules scanning
16:04:16.390 Disk 0 trace - called modules:
16:04:16.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys HALAACPI.DLL atapi.sys intelide.sys
16:04:16.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82761030]
16:04:16.437 3 CLASSPNP.SYS[f9ab1fd7] -> nt!IofCallDriver -> \Device\00000064[0x82751208]
16:04:16.437 5 ACPI.sys[f9a28620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82751320]
16:04:40.687 AVAST engine scan C:\WINDOWS
16:06:20.359 AVAST engine scan C:\WINDOWS\system32
16:12:39.515 AVAST engine scan C:\WINDOWS\system32\drivers
16:13:11.656 AVAST engine scan C:\Documents and Settings\Steven
16:16:54.906 AVAST engine scan C:\Documents and Settings\All Users
16:17:32.015 Scan finished successfully
16:19:07.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven\Desktop\MBR.dat"
16:19:07.765 The log file has been saved successfully to "C:\Documents and Settings\Steven\Desktop\aswMBR.txt"

#26
Dakeyras

Posted 27 August 2012 - 10:49 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Any particular reason when you scanned with awsMBR you chose the option to scan with the Anti-Virus? Not a problem nor any harm done but kind of defeats the object actually because you already have avast! Free Antivirus installed and active in system memory.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click Start >> Run... then type in CMD and click on OK.
At the Command Prompt C:\ > type the following:
CD C:\ and hit the Enter/Return key.
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
This may take some time, when completed the Command Prompt C:\ > will appear.
Now type in CHKDSK C: /R and hit the Enter/Return key.
When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

Hit the Y key then at the Command Prompt C:\ >
Type in EXIT and and hit the Enter/Return key.
Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Next:

Let myself know when completed the above and if any further issues remaining. If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.

#27
stevecb1300

Posted 27 August 2012 - 11:28 AM

Member

Topic Starter
Member
38 posts

•Double-click on aswMBR.exe to launch the application.

•When prompted with The application can use the Avast! Free Antivirus for scanning >> select No

I was'nt given the above prompt/option.. Or at least I didn't see it, sorry...

Ok then, I'll crack on with the next step and report back!! Thanks..

#28
Dakeyras

Posted 27 August 2012 - 11:50 AM

Anti-Malware Mammoth

Expert
9,772 posts

OK and not a problem in the least as I mentioned prior.

#29
stevecb1300

Posted 27 August 2012 - 04:37 PM

Member

Topic Starter
Member
38 posts

Ok then,

I completed the CHKDSK thing and I then did the defrag, In that order. Is that ok? I have a defrag report saved on desktop if you need to see it..

Thanks...