Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot access Microsoft sites or Avast antivirus site [Solved]


  • This topic is locked This topic is locked

#1
Doppelbok67

Doppelbok67

    New Member

  • Member
  • Pip
  • 6 posts
Hi! I have a Dell Latitude laptop that I'm starting to have some issues with, and I think some malware found it's way through the firewall. I'm not able to access Microsoft sites or antivirus sites, and I also at times hear a clicking sound (the Windows nav sound, I think) and hear advertisements when no browsers are open. I get no popups, though.

I didn't want to try a restore point, since I don't know how far the infection, if I have one, goes.

So I'll start this by pasting from RootRepeal and OTL. Thanks so much for your help! :)

Uh, oh... can't run RootRepeal. It tells me I don't have the proper permissions, so I can bet it's the malware putting up it's guard.

Let me try OTL.


OTL.TXT

OTL logfile created on: 10/8/2009 10:28:28 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 304.84 Mb Available Physical Memory | 30.02% Memory free
2.39 Gb Paging File | 1.66 Gb Available in Paging File | 69.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 47.56 Gb Free Space | 85.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.08 Gb Total Space | 11.32 Gb Free Space | 3.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP-C3333F65
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2007/02/21 14:28:36 | 00,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/02/21 14:16:48 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/02/21 14:19:40 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2008/05/12 15:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/04/30 16:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/02/21 14:10:00 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2004/08/04 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 14:19:58 | 00,839,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2007/02/21 14:17:42 | 00,991,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2007/12/14 06:42:38 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
PRC - [2005/12/09 23:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/08/04 06:00:00 | 00,238,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2006/10/03 14:37:04 | 00,102,400 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/11/05 14:22:16 | 00,241,664 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/06/06 20:06:44 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007/02/21 14:13:26 | 00,507,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/06/06 20:10:40 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/11/05 13:55:48 | 00,031,232 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2009/05/08 10:35:50 | 02,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/01 16:20:57 | 03,634,024 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/09/24 21:06:06 | 05,145,912 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/06/02 08:59:46 | 05,451,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\vid.exe
PRC - [2009/05/08 10:34:08 | 00,559,888 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009/08/24 16:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 06:00:00 | 00,151,040 | ---- | M] (MainConcept CO,.@ FileDescription) -- C:\WINDOWS\System32\opeia.exe
PRC - [2004/08/04 06:00:00 | 00,114,688 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\FastNetSrv.exe
PRC - [2009/10/08 21:33:20 | 00,541,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Downloads\OTL.exe
PRC - [2004/08/04 06:00:00 | 00,040,960 | ---- | M] (njwu vcexnrsyi ptnqxfjwynauhlgfixspxow) -- C:\WINDOWS\System32\lsm32.sys

========== Win32 Services (SafeList) ==========

SRV - [2008/05/12 15:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2007/02/21 14:28:36 | 00,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,114,688 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\FastNetSrv.exe -- (fastnetsrv [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,094,208 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/30 16:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/02/21 14:10:00 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/11/05 14:15:12 | 00,901,120 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/05 14:13:00 | 00,180,224 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007/02/21 14:16:48 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2006/09/14 17:54:34 | 00,094,208 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/02/21 14:19:40 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,046,080 | ---- | M] (X-Ways Software Technology) -- C:\WINDOWS\System32\BtwSrv.dll -- (BtwSrv [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/b...d/espn360/index
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/06 18:21:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/06 20:22:33 | 00,000,000 | ---D | M]

[2009/10/06 18:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\mozilla\Extensions
[2009/10/06 18:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/08 20:53:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\mozilla\Firefox\Profiles\6nq4bh1w.default\extensions
[2009/10/06 18:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\mozilla\Firefox\Profiles\6nq4bh1w.default\extensions\[email protected]
[2009/10/06 17:48:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/06 17:48:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/07 17:20:42 | 00,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2009/07/07 17:20:42 | 00,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/23 18:00:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: BtwSrv - C:\WINDOWS\System32\BtwSrv.dll (X-Ways Software Technology)
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/10/06 18:03:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/06 18:03:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/10/06 21:12:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/10/08 20:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/06 19:34:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/07 00:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/06 18:09:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/10/06 18:03:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\acccore
[2009/10/06 18:09:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Adobe
[2009/10/08 00:10:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Desktopicon
[2009/10/06 18:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\foobar2000
[2009/10/06 18:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Macromedia
[2009/10/08 20:13:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2009/10/06 18:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Move Networks
[2009/10/06 18:21:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Mozilla
[2009/10/08 00:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Mp3tag
[2009/10/07 23:34:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\NewsLeecher
[2009/10/06 19:30:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Opera
[2009/10/08 02:46:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\WinRAR
[2009/10/06 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\AIM
[2009/10/06 18:15:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\AIM Toolbar
[2009/10/06 18:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\AOL
[2009/10/06 17:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Google
[2009/10/06 21:15:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\LogiShrd
[2009/10/06 18:21:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla
[2009/10/06 19:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Opera
[2009/10/08 02:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\QuickPar
[2009/10/06 17:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Temp
[2009/10/06 18:10:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Yahoo
[2009/10/06 18:09:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Yahoo!
[2009/10/06 18:03:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/10/06 21:12:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2009/10/06 18:03:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/10/08 00:17:12 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/10/06 18:03:43 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/10/06 18:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2009/10/06 17:36:49 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/06 18:30:24 | 00,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2009/10/06 21:12:05 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/10/08 20:12:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/06 17:48:57 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/08 00:07:56 | 00,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2009/10/07 23:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\NewsLeecher
[2009/10/06 17:50:44 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/10/08 00:06:23 | 00,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2009/10/07 00:24:06 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/08 01:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/06 18:08:51 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/10/08 20:13:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/08 20:12:59 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/08 20:07:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/08 00:59:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/06 21:16:44 | 00,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Videos
[2009/10/06 21:02:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/10/06 18:03:47 | 00,000,000 | ---D | C] -- C:\searchplugins
[2009/10/06 17:57:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/06 17:55:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/06 17:55:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/10/06 17:52:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Downloads
[2009/10/06 17:37:27 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/06 17:37:26 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/06 17:37:25 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/06 17:37:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/06 17:37:19 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/06 17:37:19 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/06 17:37:19 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/06 17:37:19 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/06 17:36:54 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/06 17:26:05 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\admin\Desktop\avast_home_setup.exe

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/10/08 22:25:20 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to RootRepeal.exe.lnk
[2009/10/08 22:25:14 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to OTL.exe.lnk
[2009/10/08 20:24:02 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/08 20:24:02 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/08 20:24:02 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/08 20:19:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/08 20:19:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/08 20:19:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/10/08 20:19:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/10/08 20:13:04 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 20:11:36 | 00,000,203 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/08 01:36:03 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\WinRAR.lnk
[2009/10/08 00:20:55 | 00,575,954 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\lame-3.98.2.zip
[2009/10/08 00:15:41 | 01,327,643 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\lame-398-2.tar.gz
[2009/10/08 00:13:49 | 00,001,030 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to RazorLame.exe.lnk
[2009/10/08 00:07:59 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2009/10/08 00:06:23 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\QuickPar.lnk
[2009/10/07 23:33:41 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\NewsLeecher.lnk
[2009/10/07 01:12:00 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Windows Media Player.lnk
[2009/10/07 00:24:13 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2009/10/06 21:15:43 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Vid.lnk
[2009/10/06 21:12:19 | 00,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2009/10/06 21:08:15 | 05,879,350 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2009/10/06 19:24:46 | 00,000,486 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\foobar2000 0.9.6.8.lnk
[2009/10/06 18:30:26 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\foobar2000.lnk
[2009/10/06 18:21:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/10/06 18:15:35 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Internet Explorer.lnk
[2009/10/06 18:09:02 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/10/06 18:03:53 | 00,000,382 | -H-- | M] () -- C:\IPH.PH
[2009/10/06 18:03:47 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/10/06 17:57:43 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/06 17:50:46 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/10/06 17:49:02 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/06 17:44:21 | 00,031,952 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/06 17:39:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/06 17:37:27 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/06 17:37:19 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/06 17:26:10 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\admin\Desktop\avast_home_setup.exe

========== Files - No Company Name ==========
[2009/10/08 22:25:20 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to RootRepeal.exe.lnk
[2009/10/08 22:25:14 | 00,000,629 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to OTL.exe.lnk
[2009/10/08 20:13:04 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 01:36:03 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\WinRAR.lnk
[2009/10/08 00:20:51 | 00,575,954 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\lame-3.98.2.zip
[2009/10/08 00:15:33 | 01,327,643 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\lame-398-2.tar.gz
[2009/10/08 00:13:49 | 00,001,030 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to RazorLame.exe.lnk
[2009/10/08 00:07:59 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2009/10/08 00:06:23 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\QuickPar.lnk
[2009/10/07 23:33:41 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\NewsLeecher.lnk
[2009/10/07 01:12:00 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Windows Media Player.lnk
[2009/10/07 00:24:13 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2009/10/06 21:15:43 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Vid.lnk
[2009/10/06 21:15:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/10/06 21:14:30 | 00,266,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2009/10/06 21:14:03 | 00,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/06 21:14:03 | 00,034,068 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2009/10/06 21:13:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/10/06 21:12:19 | 00,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2009/10/06 19:24:46 | 00,000,486 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\foobar2000 0.9.6.8.lnk
[2009/10/06 18:30:26 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\foobar2000.lnk
[2009/10/06 18:21:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/06 18:15:35 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Internet Explorer.lnk
[2009/10/06 18:09:02 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/10/06 18:03:47 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/10/06 18:03:29 | 00,000,382 | -H-- | C] () -- C:\IPH.PH
[2009/10/06 17:50:46 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/10/06 17:49:02 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/06 17:44:21 | 00,031,952 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/06 17:37:27 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/06 17:36:54 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2008/06/23 18:13:14 | 05,879,350 | -H-- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2008/06/23 18:06:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\admin\Application Data\desktop.ini
[2008/06/23 10:48:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/08 20:13:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\admin\Application Data
[2009/10/06 18:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\acccore
[2009/10/08 18:45:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Desktopicon
[2009/10/08 22:21:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\foobar2000
[2008/06/23 18:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Intel
[2009/10/06 18:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Move Networks
[2009/10/08 19:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mp3tag
[2009/10/08 01:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\NewsLeecher
[2009/10/06 19:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Opera
[2008/06/23 18:44:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Roxio
[2009/10/08 20:12:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/06 18:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/06 18:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2008/06/23 18:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/10/06 21:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2008/06/23 18:39:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/08 20:19:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/10/06 17:35:54 | 08,117,248 | ---- | M] (AOL LLC.) -- C:\Install_AIM.exe
[2009/10/06 17:34:50 | 00,451,144 | ---- | M] (Yahoo! Inc.) -- C:\msgr10us.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Downloads:Roxio EMC Stream
< End of report >



EXTRAS.TXT

OTL Extras logfile created on: 10/8/2009 10:28:28 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 304.84 Mb Available Physical Memory | 30.02% Memory free
2.39 Gb Paging File | 1.66 Gb Available in Paging File | 69.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 47.56 Gb Free Space | 85.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.08 Gb Total Space | 11.32 Gb Free Space | 3.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP-C3333F65
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\NewsLeecher\newsLeecher.exe" = C:\Program Files\NewsLeecher\newsLeecher.exe:*:Enabled:NewsLeecher -- ()
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"avast!" = avast! Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"foobar2000" = foobar2000 v0.9.6.9
"ie8" = Windows Internet Explorer 8
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mp3tag" = Mp3tag v2.44
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"ProInst" = Intel® PROSet/Wireless Software
"QuickPar" = QuickPar 0.9
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2009 8:22:55 PM | Computer Name = LAPTOP-C3333F65 | Source = Application Error | ID = 1004
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00fb02a1.

Error - 10/8/2009 8:22:58 PM | Computer Name = LAPTOP-C3333F65 | Source = Application Error | ID = 1004
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00fb02a1.

Error - 10/8/2009 8:23:01 PM | Computer Name = LAPTOP-C3333F65 | Source = Application Error | ID = 1004
Description = Faulting application wuauclt.exe, version 5.4.3790.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00fb02a1.

Error - 10/8/2009 10:14:07 PM | Computer Name = LAPTOP-C3333F65 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/8/2009 10:14:07 PM | Computer Name = LAPTOP-C3333F65 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 10:14:07 PM | Computer Name = LAPTOP-C3333F65 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 10:14:07 PM | Computer Name = LAPTOP-C3333F65 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 10:14:21 PM | Computer Name = LAPTOP-C3333F65 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 10:14:21 PM | Computer Name = LAPTOP-C3333F65 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 10:14:21 PM | Computer Name = LAPTOP-C3333F65 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 8/29/2009 3:44:19 PM | Computer Name = LAPTOP-C3333F65 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{934A5635-0249-4503-8911-CC5AE3E5EFA0}
because another computer on the network has the same name. The server could not
start.

Error - 8/29/2009 3:44:22 PM | Computer Name = LAPTOP-C3333F65 | Source = NetBT | ID = 4321
Description = The name "LAPTOP-C3333F65:0" could not be registered on the Interface
with IP address 192.168.10.85. The machine with the IP address 192.168.10.1 did
not allow the name to be claimed by this machine.

Error - 8/29/2009 3:44:22 PM | Computer Name = LAPTOP-C3333F65 | Source = NetBT | ID = 4321
Description = The name "LAPTOP-C3333F65:20" could not be registered on the Interface
with IP address 192.168.10.85. The machine with the IP address 192.168.10.1 did
not allow the name to be claimed by this machine.

Error - 8/29/2009 3:44:44 PM | Computer Name = LAPTOP-C3333F65 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/29/2009 3:44:44 PM | Computer Name = LAPTOP-C3333F65 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/29/2009 3:45:00 PM | Computer Name = LAPTOP-C3333F65 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/29/2009 3:45:00 PM | Computer Name = LAPTOP-C3333F65 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/6/2009 6:03:32 PM | Computer Name = LAPTOP-C3333F65 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/6/2009 6:03:32 PM | Computer Name = LAPTOP-C3333F65 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 10/6/2009 6:03:32 PM | Computer Name = LAPTOP-C3333F65 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\admin\LOCALS~1\Temp\IMAPP_~1.4\imappver.dll.
Reference
error message: The operation completed successfully. .


< End of report >



Here is the MBAM quick scan log:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

10/8/2009 10:43:17 PM
mbam-log-2009-10-08 (22-43-17).txt

Scan type: Quick Scan
Objects scanned: 91626
Time elapsed: 8 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.


Just now, I had an ad playing for GoDaddy radio... :) Please help me get rid of this! Thank you.

Edit: I just found out that a file called lsm32.sys is responsible for the sounds. I delete it from task manager and it reappears a few seconds later. Please help!

Edited by Doppelbok67, 09 October 2009 - 12:20 AM.

  • 0

Advertisements


#2
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello Doppelbok67 and and welcome to Geeks To Go. :)

I am jwang01 and I will be assisting you with your issue.

Please note that I am still in training here and all my post's need to be checked by an Expert before I can post them. This may cause a slight delay in my respones.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

I am currently reviewing your logs and will reply with instructions in my next reply. :)
  • 0

#3
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#4
Doppelbok67

Doppelbok67

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, sorry for not being able to get back to you sooner. I tried running ComboFix.exe has directed, as Combo-Fix.exe on the desktop, and it stopped with an error stating it wasn't safe to run and that I may be infected with the 'Virut' virus.

:)
  • 0

#5
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Please delete the old copy of ComboFix you have and download it again. Only this time rename it to svchost.com and try running it again. If it still won't let you run it, we will try something else. :)
  • 0

#6
Doppelbok67

Doppelbok67

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Should that be svchost.com or svchost.com.exe? When it tries to save as an application, it adds that file type when I save?
  • 0

#7
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


When you click on the download link, choose save, and save it as svchost.com. It shouldn't add the EXE file extention with it.
  • 0

#8
Doppelbok67

Doppelbok67

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
It continues to save as a 'binary file' with the filename 'svchost.com.exe'. I have 'show file types' turned on in Windows, btw. If I save as 'All Files' it saves with the same filename.

Do you want me to still try running it?
  • 0

#9
Doppelbok67

Doppelbok67

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I was able to finally save as just 'svchost.com', but then I ran the program and it told me once again it wasn't safe to run and that I may have a 'virut' virus. Then it deleted itself as before.
  • 0

#10
Doppelbok67

Doppelbok67

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Well, as things would turn out, the virus 'Win32.Vitro' wiped me out last night, infecting the rest of the critical exe files until Windows was left totally helpless and could no longer run.

Rather than fight a losing battle, I had no choice but to reformat the laptop.

Thanks for your help, though, and I'll remember this place for any future troubles. You can consider this topic closed. :)
  • 0

#11
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Yes, Vitro is a nasty polymorphic file infector of the Virut family and the only way to rid yourself of it is to reformat and re-install.

Did you back up any data? If you backed up any of the following file types you may be re-infected, as those types of files are likely infected.


  • .exe
  • .scr
  • .htm
  • .html
  • .xml
  • .zip
  • .rar
  • .doc
  • .jpg
  • .pdf


I will leave this open for a bit in case you have any more questions. I'm sorry I couldn't help you out more here.
  • 0

#12
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


I would also like to give you some prevention tips. :)


Now the next list is some programs I like to recommend to people to help keep your computer safer. Keep in mind that these are all optional.

MalwareBytes Anti Malware
This is an exellent On Access Anti-Malware Scanner.

SuperAntiSpyware
This is an Anti-Spyware program that will help protect your PC with Real Time Protection. You should have one Anti-Spyware program that scans in real time. This will help prevent your PC from picking up any more malware.


TFC
This will help delete all temporary files.

Firefox
This is an alternative for Internet Explorer. Firefox is a more secure internet browser.



You should also make sure Windows is up to date. You can simply go to Start and go to Windows Update to find out. I would recommend turning on Automatic Updates.

Heres how to do it:

  • Go to Start
  • Click on the Control Panel
  • Click on Security
  • Then click on Windows update
  • Then settings to turn Windows Update On/Off


You should check and make sure that you keep your Anti-Virus up to date. This is also a crucial part of your security. You can do this by clicking on your Anti-Virus and clicking on update. If your AV has an automatic update feature, i would recommend turning it on in the settings menu.

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein)

Good luck and safe surfing :)
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP