« previous next »
Pages: 1 [2] 3

Author Topic: Browsing, Downloading Issues  (Read 3800 times)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Browsing, Downloading Issues
« Reply #20 on: October 18, 2009, 11:03:19 AM »
Can you please do the following:
=Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 
Code: [Select]
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Double click on fix.reg and allow to add/merge to the registry at the prompt

Go to START>>RUN>>Type in cmd and hit ok
At the prompt, type the following
[color=\"#FF0000\"]ipconfig /flushdns[/color]
Then hit enter on your keyboard
Note the single space after ipconfig and before the /

TFC (Temp file Cleaner)
Download [color=\"#0000FF\"]TFC[/color] to your desktop, or other location.
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
If you are not prompted to reboot, can you reboot manually
Back in Windows

Download HostsXpert [color=\"red\"]Here[/color] and unzip it to your desktop.
Next, open HostsXpert
  • Make sure that the "make hosts writable?" button in the upper left corner is checked>>Should read 'Make Readonly'
  • then click on 'Restore MS host files'>>OK
  • Close HostsXpert.

Go to this link
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to this file on your hard disk
d:\windows\system32\rss.exe<--this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Or just post the link to the results page

Are you now able to open Malwarebytes AntiMalware and do all the following?

  • Check for Updates by opening the Update tab
  • If an update is found, it will download and install the latest version.
  • Select "Perform Quick Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also, are you now able to run AVG and update it?
If so, run a scan with it and post back the results
« Last Edit: October 18, 2009, 01:33:54 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #21 on: October 19, 2009, 07:26:21 AM »
The problem still persisting is that the “Generic Hosts Process for Win 32 Services………” message pops up and disables the internet connection.  The internet connection icon says that it is still connected, but I can’t download anything after this window shows up.  So I am posting replies in bits and pieces within the time before this window pops up.

   

   

  I also cannot post the Virustotal log, but here is the link:

   

  http://www.virustotal.com/analisis/d593b8a...4d38-1255595597
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #22 on: October 19, 2009, 08:03:02 AM »
I was able to Update Malware Bytes and Scan.  The Win 32 Svcs window showed up inbetween though.  Had to restart my computer and will try AVG next.

MBAM Log:

Malwarebytes' Anti-Malware 1.41
Database version: 2985
Windows 5.1.2600 Service Pack 2

10/19/2009 6:15:51 PM
mbam-log-2009-10-19 (18-15-51).txt

Scan type: Quick Scan
Objects scanned: 100848
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\d:\windows\fonts\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\Fonts\unwise_.exe (Worm.Archive) -> Delete on reboot.
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #23 on: October 19, 2009, 08:56:10 AM »
After downloading nearly 85% of AVG (at about 33 kbps), the "Generic Host...Win 32 Services...." windoe came up and interrupted the process.  I will try again after a few hours when I may get better download speeds.
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #24 on: October 19, 2009, 09:28:09 AM »
Downloaded AVG, but while installing, it said there was an error.  It created a log file which I saved, but is a pretty big file (7.9 Mb).  Please let me know if you want me to put it on Rapidshare.  Thank you.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Browsing, Downloading Issues
« Reply #25 on: October 19, 2009, 11:35:30 PM »
Yes please, and upload it if you can
Use Radidshare or another file share program
http://www.rapidshare.com/

Link to the upload please

Were you able to get AVG installed? If not we'll try an alternative methods
« Last Edit: October 19, 2009, 11:59:00 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #26 on: October 20, 2009, 02:01:20 AM »
I am attaching the AVG log link on RapidShare.  I was able to download AVG, but there was an error in installing it.  So, no, I was not able to install it.

  http://rapidshare.com/files/295369455/avg9inst.log.html

  MD5: C245F8A3B232F50E0312DF90DB0B0039
 
 Thank you.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Browsing, Downloading Issues
« Reply #27 on: October 20, 2009, 10:33:21 PM »
Please save [color=\"#0000FF\"]this[/color] file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Can you once again, delete your copy of ComboFix
Redownload a fresh copy from
[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]KillAll::

File::
d:\windows\system32\rss.exe

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..
Can I see that log again

In addition: Can you once again run Malwarebytes AntiMalware
It's important that you first check for updates
Then run another quick scan
Remove anything found and reboot if prompted
Come back here and post it's log also
« Last Edit: October 21, 2009, 12:37:29 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #28 on: October 21, 2009, 04:14:40 AM »
Win32 Log:

Running from: D:\Documents and Settings\user\desktop\win32kdiag.exe

Log file at : D:\Documents and Settings\user\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...





Finished!

_________________________________________________

ComboFix Log:

ComboFix 09-10-20.03 - user 10/21/2009 14:05.4.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.223.58 [GMT 5.5:30]
Running from: d:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\user\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
"d:\windows\system32\rss.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\Fonts\unwise_.exe
d:\windows\Installer\91fb3.msi
d:\windows\system32\rss.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_HOSTS_CONTROLLER
-------\Service_Windows Hosts Controller


(((((((((((((((((((((((((   Files Created from 2009-09-21 to 2009-10-21  )))))))))))))))))))))))))))))))
.

2009-10-19 16:06 . 2009-10-19 16:06    141454    ----a-w-    d:\windows\system32\man8.exe
2009-10-16 08:05 . 2009-10-16 08:05    --------    d-----w-    d:\documents and settings\user\DoctorWeb
2009-10-14 16:52 . 2009-10-14 16:52    --------    d-----w-    d:\documents and settings\user\Application Data\MozillaControl
2009-10-12 14:35 . 2009-10-12 14:35    --------    d-----w-    D:\FOUND.028

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 08:44 . 2002-01-06 23:31    196    ----a-w-    d:\windows\system32\drivers\ALCICH.DAT
2009-09-10 09:24 . 2001-12-31 20:46    38224    ----a-w-    d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 09:23 . 2001-12-31 20:46    19160    ----a-w-    d:\windows\system32\drivers\mbam.sys
1998-12-08 13:23 . 1998-12-08 13:23    99840    ----a-w-    d:\program files\Common Files\IRAABOUT.DLL
1998-12-08 13:23 . 1998-12-08 13:23    70144    ----a-w-    d:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    48640    ----a-w-    d:\program files\Common Files\IRALPTTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    31744    ----a-w-    d:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    186368    ----a-w-    d:\program files\Common Files\IRAREG.DLL
1998-12-08 13:23 . 1998-12-08 13:23    17920    ----a-w-    d:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-14_14.38.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 15:24 . 2009-07-11 15:24    65536              d:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    49152              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    49152              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    57344              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    65536              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    45056              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    40960              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 19:37 . 2009-07-11 19:37    57856              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 19:49 . 2009-07-11 19:49    69632              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 14:11 . 2009-07-11 14:11    97280              d:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-10-21 08:44 . 2009-10-21 08:44    16384              d:\windows\temp\Perflib_Perfdata_610.dat
+ 2009-07-11 19:42 . 2009-07-11 19:42    632656              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 19:39 . 2009-07-11 19:39    554832              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 19:38 . 2009-07-11 19:38    479232              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-10-19 14:07 . 2009-10-19 14:07    424448              d:\windows\Installer\163814.msi
+ 2009-07-11 15:16 . 2009-07-11 15:16    1093120              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 15:16 . 2009-07-11 15:16    1105920              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2002-01-01 149280]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=d:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=d:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:TCP"= 9999:TCP:PORT1
"1013:TCP"= 1013:TCP:BS
"55322:TCP"= 55322:TCP:FD
"9991:TCP"= 9991:TCP:PORT2
"58311:TCP"= 58311:TCP:FD
"56500:TCP"= 56500:TCP:FD
"36203:TCP"= 36203:TCP:FD
"60715:TCP"= 60715:TCP:FD
"50170:TCP"= 50170:TCP:FD
"53233:TCP"= 53233:TCP:FD
"30525:TCP"= 30525:TCP:FD
"19776:TCP"= 19776:TCP:FD
"53896:TCP"= 53896:TCP:FD
"9892:TCP"= 9892:TCP:FD
"54642:TCP"= 54642:TCP:FD
"44109:TCP"= 44109:TCP:FD
"18930:TCP"= 18930:TCP:FD
"6076:TCP"= 6076:TCP:FD
"47678:TCP"= 47678:TCP:FD
"31557:TCP"= 31557:TCP:FD
"2507:TCP"= 2507:TCP:FD
"55466:TCP"= 55466:TCP:FD
"54018:TCP"= 54018:TCP:FD
"26120:TCP"= 26120:TCP:FD
"29260:TCP"= 29260:TCP:FD
"3114:TCP"= 3114:TCP:FD
"37109:TCP"= 37109:TCP:FD
"19100:TCP"= 19100:TCP:FD
"37711:TCP"= 37711:TCP:FD
"52812:TCP"= 52812:TCP:FD
"51418:TCP"= 51418:TCP:FD
"20930:TCP"= 20930:TCP:FD
"15127:TCP"= 15127:TCP:FD
"19720:TCP"= 19720:TCP:FD
"20501:TCP"= 20501:TCP:FD
"25095:TCP"= 25095:TCP:FD

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);d:\windows\system32\drivers\RMSPPPOE.SYS [1/1/2002 12:09 AM 31424]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 10:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///d:\program files\Yahoo!\Common/ycsrch.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bd5c537a7d664a57afed0ed06658bb63
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bd5c537a7d664a57afed0ed06658bb63
IE: Yahoo! &Dictionary - file:///d:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///d:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///d:\program files\Yahoo!\Common/ycsms.htm
TCP: {B3EDBC60-91DF-486C-9929-938433EAA145} = 218.248.255.194 218.248.255.162
FF - ProfilePath - d:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7boyuqg7.default\
FF - plugin: d:\program files\BitTorrent_DNA\npbtdna.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 14:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\CTSvcCDA.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\MsPMSPSv.exe
d:\combofix\CF14133.exe
d:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 14:18 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-21 08:48
ComboFix2.txt  2009-10-15 04:59

Pre-Run: 10,667,196,416 bytes free
Post-Run: 10,837,688,320 bytes free

- - End Of File - - 151FC958EC28F9E22478209C88AC2D73
__________________________________________________

Updated MBAM and ran it.

MBAM Log:

Malwarebytes' Anti-Malware 1.41
Database version: 3004
Windows 5.1.2600 Service Pack 2

10/21/2009 2:29:32 PM
mbam-log-2009-10-21 (14-29-32).txt

Scan type: Quick Scan
Objects scanned: 101068
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
____________________________________

Thank you.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Browsing, Downloading Issues
« Reply #29 on: October 21, 2009, 11:04:58 PM »
Your still getting reinfected
I know our time zones are making our response times less frequent that we both would like
But let's do another step at this please

Delete CFScript.txt from desktop, we're going to redo it
But first do the following
Ensure to Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as reset.bat

Save this file on the desktop

 
Code: [Select]
NETSH FIREWALL RESET

Double click on reset.bat
A dos like window will open, then close in a few seconds
that is normal

Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]KillAll::

File::
d:\windows\system32\man8.exe
d:\windows\system32\rss.exe

Folder::
D:\FOUND.028

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..
Can I see that log again

In addition: We need to get some kind of AntiVirus software installed on this computer
If you haven't installed AVG yet
Can you please download and save to desktop
a beta version of Avast 5, from THIS LINK
Double click to install it
Once installed, open Avast from the icon on desktop
Click on "Maintenance"
UPDATE>>select to "Update Engine and AntiVirus Definitions"
After updating
Click on "SCAN COMPUTER>>BOOT TIME SCANNING
Under "Areas to Scan" Select "All hard Disks"
Then click on the button at the bottom>>SCHEDULE NOW
Then select to Restart Computer

A boot time scan should start before windows loads
Take note of the location of the log created after the scan is done
The default location should be :\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt

If anything is found during the scan, select to Move the virus to Chest
If that is not possible, Repair or Delete it
If an archive, such as .zip or .cab is not possible is found and cannot be moved, deleted or repaired
simply skip that file

If you can get Avast to install and run, please post it's log along with the new log from ComboFix
« Last Edit: October 22, 2009, 12:23:54 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #30 on: October 22, 2009, 02:44:17 AM »
Thank you for all your help until now.  I know the time zones are a problem, but I am ready to make myself available at a time convenient for you.  I am 9 hours ahead of New York time.

Following is the ComboFix Log:

ComboFix 09-10-20.03 - user 10/22/2009 12:53.5.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.223.89 [GMT 5.5:30]
Running from: d:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\user\Desktop\CFScript.txt

FILE ::
"d:\windows\system32\man8.exe"
"d:\windows\system32\rss.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\FOUND.028
d:\found.028\FILE0000.CHK
d:\found.028\FILE0001.CHK
d:\found.028\FILE0002.CHK
d:\found.028\FILE0003.CHK
d:\found.028\FILE0004.CHK
d:\found.028\FILE0005.CHK
d:\found.028\FILE0006.CHK
d:\found.028\FILE0007.CHK
d:\found.028\FILE0008.CHK
d:\found.028\FILE0009.CHK
d:\found.028\FILE0010.CHK
d:\found.028\FILE0011.CHK
d:\found.028\FILE0012.CHK
d:\found.028\FILE0013.CHK
d:\found.028\FILE0014.CHK
d:\found.028\FILE0015.CHK
d:\found.028\FILE0016.CHK
d:\found.028\FILE0017.CHK
d:\found.028\FILE0018.CHK
d:\found.028\FILE0019.CHK
d:\found.028\FILE0020.CHK
d:\found.028\FILE0021.CHK
d:\found.028\FILE0022.CHK
d:\found.028\FILE0023.CHK
d:\found.028\FILE0024.CHK
d:\found.028\FILE0025.CHK
d:\found.028\FILE0026.CHK
d:\found.028\FILE0027.CHK
d:\found.028\FILE0028.CHK
d:\found.028\FILE0029.CHK
d:\found.028\FILE0030.CHK
d:\found.028\FILE0031.CHK
d:\found.028\FILE0032.CHK
d:\found.028\FILE0033.CHK
d:\found.028\FILE0034.CHK
d:\found.028\FILE0035.CHK
d:\found.028\FILE0036.CHK
d:\found.028\FILE0037.CHK
d:\found.028\FILE0038.CHK
d:\found.028\FILE0039.CHK
d:\found.028\FILE0040.CHK
d:\found.028\FILE0041.CHK
d:\found.028\FILE0042.CHK
d:\found.028\FILE0043.CHK
d:\found.028\FILE0044.CHK
d:\found.028\FILE0045.CHK
d:\found.028\FILE0046.CHK
d:\found.028\FILE0047.CHK
d:\found.028\FILE0048.CHK
d:\found.028\FILE0049.CHK
d:\found.028\FILE0050.CHK
d:\found.028\FILE0051.CHK
d:\found.028\FILE0052.CHK
d:\found.028\FILE0053.CHK
d:\found.028\FILE0054.CHK
d:\found.028\FILE0055.CHK
d:\found.028\FILE0056.CHK
d:\found.028\FILE0057.CHK
d:\found.028\FILE0058.CHK
d:\found.028\FILE0059.CHK
d:\found.028\FILE0060.CHK
d:\found.028\FILE0061.CHK
d:\found.028\FILE0062.CHK
d:\found.028\FILE0063.CHK
d:\found.028\FILE0064.CHK
d:\found.028\FILE0065.CHK
d:\found.028\FILE0066.CHK
d:\found.028\FILE0067.CHK
d:\found.028\FILE0068.CHK
d:\found.028\FILE0069.CHK
d:\found.028\FILE0070.CHK
d:\found.028\FILE0071.CHK
d:\found.028\FILE0072.CHK
d:\found.028\FILE0073.CHK
d:\found.028\FILE0074.CHK
d:\found.028\FILE0075.CHK
d:\found.028\FILE0076.CHK
d:\found.028\FILE0077.CHK
d:\found.028\FILE0078.CHK
d:\found.028\FILE0079.CHK
d:\windows\system32\man8.exe

.
(((((((((((((((((((((((((   Files Created from 2009-09-22 to 2009-10-22  )))))))))))))))))))))))))))))))
.

2009-10-16 08:05 . 2009-10-16 08:05    --------    d-----w-    d:\documents and settings\user\DoctorWeb
2009-10-14 16:52 . 2009-10-14 16:52    --------    d-----w-    d:\documents and settings\user\Application Data\MozillaControl

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 07:30 . 2002-01-06 23:31    196    ----a-w-    d:\windows\system32\drivers\ALCICH.DAT
2009-09-10 09:24 . 2001-12-31 20:46    38224    ----a-w-    d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 09:23 . 2001-12-31 20:46    19160    ----a-w-    d:\windows\system32\drivers\mbam.sys
1998-12-08 13:23 . 1998-12-08 13:23    99840    ----a-w-    d:\program files\Common Files\IRAABOUT.DLL
1998-12-08 13:23 . 1998-12-08 13:23    70144    ----a-w-    d:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    48640    ----a-w-    d:\program files\Common Files\IRALPTTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    31744    ----a-w-    d:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    186368    ----a-w-    d:\program files\Common Files\IRAREG.DLL
1998-12-08 13:23 . 1998-12-08 13:23    17920    ----a-w-    d:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-14_14.38.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 15:24 . 2009-07-11 15:24    65536              d:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    49152              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    49152              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    57344              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    65536              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    45056              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    40960              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 19:37 . 2009-07-11 19:37    57856              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 19:49 . 2009-07-11 19:49    69632              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 14:11 . 2009-07-11 14:11    97280              d:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-10-22 07:31 . 2009-10-22 07:31    16384              d:\windows\temp\Perflib_Perfdata_61c.dat
+ 2009-07-11 19:42 . 2009-07-11 19:42    632656              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 19:39 . 2009-07-11 19:39    554832              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 19:38 . 2009-07-11 19:38    479232              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-10-19 14:07 . 2009-10-19 14:07    424448              d:\windows\Installer\163814.msi
+ 2009-07-11 15:16 . 2009-07-11 15:16    1093120              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 15:16 . 2009-07-11 15:16    1105920              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2002-01-01 149280]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=d:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=d:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);d:\windows\system32\drivers\RMSPPPOE.SYS [1/1/2002 12:09 AM 31424]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 10:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///d:\program files\Yahoo!\Common/ycsrch.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bd5c537a7d664a57afed0ed06658bb63
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bd5c537a7d664a57afed0ed06658bb63
IE: Yahoo! &Dictionary - file:///d:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///d:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///d:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - d:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7boyuqg7.default\
FF - plugin: d:\program files\BitTorrent_DNA\npbtdna.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 13:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\CTSvcCDA.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\MsPMSPSv.exe
d:\combofix\CF12168.exe
d:\windows\system32\wscntfy.exe
d:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 13:04 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-22 07:34
ComboFix2.txt  2009-10-21 08:48
ComboFix3.txt  2009-10-15 04:59

Pre-Run: 10,824,990,720 bytes free
Post-Run: 10,795,417,600 bytes free

- - End Of File - - 40438964F219F9D51AC7D68EE2AC5154
_______________________________________

Will reply again after the Avast download.  Thanks.
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #31 on: October 22, 2009, 04:07:42 AM »
Downloaded and ran Avast.  Had to Ignore one item as it could not be repaired, moved to chest or deleted.  The rest I was able to Move to Chest.

Avast Log:

10/22/2009 13:30
Scan of all local drives

File C:\WINDOWS\SYSTEM\RASPPPOE.EXE is infected by Win32:Trojan-gen, Moved to chest
File C:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP11\A0016403.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\WINDOWS\system32\RASPPPOE.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\Program Files\HP\Digital Imaging\bin\hpqirs08.exe is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP6\A0006147.msi|>Cabs.w1.cab|>csscan.exe is infected by Win32:Spyware-gen [Spy], Move to chest: Error 0xC0000002 {Not Implemented}, Delete: Error 42111 {The operation is not supported for this type of archive.}, Repair: Error 42060 {The file was not repaired.}
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP6\A0006211.rbf is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP11\A0016404.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP11\A0016405.EXE is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP11\A0016406.exe is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\Backup of old c\My Documents\cable4net\RASPPPOE.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\Backup of old c\data of c\My Documents\cable4net\RASPPPOE.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\Backup of old d\Documents and Settings\S K Jolly\Local Settings\Temporary Internet Files\Content.IE5\WXMB01QR\optimized_pics[1].zip|>optimized_pics\108_0899_r1.jpg Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 4955
Number of tested files: 211579
Number of infected files: 12
__________________________________________
Thanks.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Browsing, Downloading Issues
« Reply #32 on: October 22, 2009, 08:14:58 AM »
It looks as if a few legit files were infected and moved to chest
Can you try the following, I would like to know if this will work now
Go to the following link
http://service1.symantec.com/SUPPORT/tsgen...&view=docid
Scroll to the bottom to STEP 3
Download and save to desktop, the NORTON REMOVAL TOOL
Follow the instructions
    On the Windows desktop, double-click the Norton Removal Tool icon.
    Follow the on-screen instructions.
     Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

After that is done
Access your Add/Remove Programs and remove McAfee VirusScan Enterprise
Reboot after removal, then next do the following
regardless if McAfee was successfully removed or not
Download and run MCPR.exe

   1. Download the removal tool from: http://download.mcafee.com/products/licens...atches/MCPR.exe
   2. Click Save and save the file to your Desktop
   3. Navigate to the folder where the file was saved.
   4. Make sure all McAfee windows are closed.
   5. Double-click MCPR.exe to run the removal tool.
    6. Restart your computer after receiving the message CleanUp Successful.
     
In addition, can you run OTL.exe and post the new log that opens
Keep me informed how things are running please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #33 on: October 22, 2009, 09:03:51 AM »
To begin, the computer is running much better now.  The "Generic Host Process......." window has not popped up and the internet connection is fine.

I was able to run the Norton Removal tool.

I could not find McAfee VirusScan Enterprise in the Add/Remove Programs, but when I tried to run MCPR.exe, I got a message saying "McAfee Enterprise software detected. annot continue.  Please contact McAfee....."

Finally, I downloaded OTL.exe and clicked "Run Scan".  Following are the two Logs it created:

OTL Extras logfile created on: 10/22/2009 7:21:59 PM - Run 1
OTL by OldTimer - Version 3.0.21.0     Folder = D:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
223.48 Mb Total Physical Memory | 113.43 Mb Available Physical Memory | 50.76% Memory free
547.08 Mb Paging File | 435.42 Mb Available in Paging File | 79.59% Paging File free
Paging file location(s): D:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 18.62 Gb Total Space | 15.96 Gb Free Space | 85.71% Space Free | Partition Type: FAT32
Drive D: | 18.63 Gb Total Space | 9.83 Gb Free Space | 52.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AA-EC0D1346D3FA
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- D:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- D:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "D:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Documents and Settings\USER\Local Settings\TEMP\7zS2F.tmp\SymNRT.exe" = D:\Documents and Settings\USER\Local Settings\TEMP\7zS2F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar)
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1A2948E0-9445-42BE-9D01-472952F2657F}" = Autodesk Design Review
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(tm) 6 Update 16
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FDB226E3-D55D-4922-894F-20CE4646077D}" = Tabbed Browsing (Windows Live Toolbar)
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"avast5" = avast! Free Antivirus
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"F-22 Raptor Demo" = F-22 Raptor Demo
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"LimeWire" = LimeWire PRO 4.12.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSNINST" = MSN
"QuickTime" = QuickTime
"QuickTime32" = QuickTime for Windows (32-bit)
"Skype_is1" = Skype 2.5
"SysInfo" = Creative System Information
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinZip" = WinZip
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool
"YInstHelper" = Yahoo! Install Manager
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = BitTorrent DNA
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/21/2009 4:51:16 AM | Computer Name = AA-EC0D1346D3FA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module svchost.exe, version 5.1.2600.2180, fault address 0x00001361.
 
Error - 10/21/2009 5:29:34 AM | Computer Name = AA-EC0D1346D3FA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001f1cb0.
 
Error - 10/22/2009 3:12:26 AM | Computer Name = AA-EC0D1346D3FA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module netapi32.dll, version 5.1.2600.2976, fault address 0x00018809.
 
Error - 10/22/2009 9:31:31 AM | Computer Name = AA-EC0D1346D3FA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 10/22/2009 9:31:31 AM | Computer Name = AA-EC0D1346D3FA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
[ System Events ]
Error - 10/21/2009 4:24:32 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 10/21/2009 4:24:32 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
Error - 10/21/2009 4:24:33 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 10/21/2009 4:24:33 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
Error - 10/21/2009 4:24:33 AM | Computer Name = AA-EC0D1346D3FA | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error:   %%2
 
Error - 10/21/2009 4:24:33 AM | Computer Name = AA-EC0D1346D3FA | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
   %%126
 
Error - 10/21/2009 4:26:10 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 10/21/2009 4:26:10 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
 
< End of report >
___________________________________________________

OTL logfile created on: 10/22/2009 7:21:59 PM - Run 1
OTL by OldTimer - Version 3.0.21.0     Folder = D:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
223.48 Mb Total Physical Memory | 113.43 Mb Available Physical Memory | 50.76% Memory free
547.08 Mb Paging File | 435.42 Mb Available in Paging File | 79.59% Paging File free
Paging file location(s): D:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 18.62 Gb Total Space | 15.96 Gb Free Space | 85.71% Space Free | Partition Type: FAT32
Drive D: | 18.63 Gb Total Space | 9.83 Gb Free Space | 52.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AA-EC0D1346D3FA
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/10/22 19:20:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2009/10/15 03:41:36 | 02,555,120 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2004/10/11 11:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/08/03 19:26:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2002/01/01 11:08:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MsPMSPSv.exe
PRC - [1999/12/12 22:31:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\System32\CTSvcCDA.EXE
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus [Auto | Running])
SRV - [2004/10/11 11:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004/08/06 03:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- D:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/02/20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2002/01/01 11:08:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [1999/12/12 22:31:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\System32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/10/15 03:29:22 | 00,046,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/10/15 03:29:00 | 00,149,328 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/10/15 03:25:34 | 00,023,120 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/10/15 03:25:06 | 00,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/10/15 03:24:54 | 00,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/10/15 03:24:38 | 00,027,728 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2005/12/16 11:12:48 | 00,091,263 | R--- | M] (VM) -- D:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,051,120 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,021,744 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,016,496 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- D:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand | Stopped])
DRV - [2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3SavageNB [On_Demand | Stopped])
DRV - [2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Running])
DRV - [2004/07/17 06:06:38 | 00,027,440 | ---- | M] () -- D:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/10/23 01:23:00 | 00,016,848 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2002/10/03 00:09:08 | 00,031,424 | R--- | M] (Robert Schlabbach) -- D:\WINDOWS\System32\DRIVERS\RMSPPPOE.SYS -- (RMSPPPOE [On_Demand | Running])
DRV - [2001/11/21 09:23:22 | 00,242,412 | ---- | M] (Avance Logic, Inc.) -- D:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2001/08/23 06:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2001/08/17 12:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- D:\WINDOWS\System32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Running])
DRV - [2001/05/04 12:54:52 | 00,003,033 | ---- | M] (VIA Technologies. Inc.) -- D:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD [System | Running])
DRV - [2000/10/25 17:57:24 | 00,003,000 | R--- | M] () -- D:\WINDOWS\system32\SetupNT.sys -- (SetupNT [Auto | Running])
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
 
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2002/01/01 11:08:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2006/06/21 13:37:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2006/06/21 13:37:04 | 00,000,000 | ---D | M]
 
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Extensions
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\7boyuqg7.default\extensions
[2008/07/02 20:12:20 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2008/07/02 20:12:24 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2002/01/01 11:09:32 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/25 01:45:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/25 01:45:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/08/30 03:17:44 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- D:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/25 01:45:28 | 00,065,016 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll
[2002/01/01 11:08:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/25 00:15:46 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 00:15:46 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 00:15:46 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 00:15:46 | 00,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 00:15:46 | 00,002,371 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 00:15:46 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 00:15:46 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Open in new background tab - D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1202570621154 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1202570594275 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/24 00:50:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/10/22 13:23:14 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/10/14 22:22:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\MozillaControl
[2009/10/22 13:23:14 | 00,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2009/10/22 19:20:35 | 00,521,216 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 18:58:55 | 00,793,200 | ---- | C] (Symantec Corporation) -- D:\Documents and Settings\user\Desktop\Norton_Removal_Tool.exe
[2009/10/22 13:24:48 | 00,019,024 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/22 13:24:47 | 00,149,328 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/22 13:24:46 | 00,023,120 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/22 13:24:43 | 00,046,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/22 13:24:39 | 00,100,176 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/22 13:24:39 | 00,094,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/22 13:24:38 | 00,027,728 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/22 13:23:46 | 00,149,600 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/10/22 12:59:29 | 00,000,000 | ---D | C] -- D:\WINDOWS\temp
[2009/10/19 13:20:37 | 00,271,872 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\TFC.exe
[2009/10/18 14:09:36 | 00,000,000 | ---D | C] -- D:\Recycled
[2009/10/16 13:28:26 | 17,909,056 | ---- | C] (Doctor Web, Ltd.) -- D:\Documents and Settings\user\Desktop\drweb-cureit.exe
[2009/10/14 19:54:15 | 00,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2009/10/14 19:54:15 | 00,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2009/10/14 19:54:15 | 00,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2009/10/14 19:54:15 | 00,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2009/10/14 19:54:06 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2009/10/14 19:53:26 | 00,000,000 | ---D | C] -- D:\Qoobox
[1998/12/08 18:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 18:53:54 | 00,099,840 | ---- | C] (Symantec Corp.) -- D:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 18:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 18:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 18:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 18:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- D:\Program Files\Common Files\IRASRIAL.DLL
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/10/22 19:20:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 19:13:46 | 00,608,344 | ---- | M] () -- D:\Documents and Settings\user\Desktop\MCPR.exe
[2009/10/22 19:09:36 | 00,000,256 | ---- | M] () -- D:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/10/22 19:07:52 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/10/22 19:07:40 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/10/22 19:07:38 | 23,440,9984 | -HS- | M] () -- D:\hiberfil.sys
[2009/10/22 19:07:36 | 00,000,196 | ---- | M] () -- D:\WINDOWS\System32\drivers\ALCICH.DAT
[2009/10/22 18:59:08 | 00,793,200 | ---- | M] (Symantec Corporation) -- D:\Documents and Settings\user\Desktop\Norton_Removal_Tool.exe
[2009/10/22 18:27:54 | 00,001,161 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/10/22 18:27:54 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/10/22 15:06:54 | 04,668,928 | ---- | M] () -- D:\Documents and Settings\user\Desktop\911AerialPhotos.pps
[2009/10/22 13:24:52 | 00,001,607 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/10/22 13:24:42 | 00,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2009/10/22 13:07:14 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\user\Desktop\setup_av_free.exe
[2009/10/22 12:47:32 | 00,000,020 | ---- | M] () -- D:\Documents and Settings\user\Desktop\reset.bat
[2009/10/21 14:44:04 | 00,666,658 | ---- | M] () -- D:\Documents and Settings\user\Desktop\drbr.zip
[2009/10/21 13:59:18 | 03,351,153 | R--- | M] () -- D:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/21 13:06:22 | 00,047,104 | ---- | M] () -- D:\Documents and Settings\user\Desktop\Win32kDiag(2).exe
[2009/10/21 12:57:30 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/10/19 21:36:14 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_zdpwt
[2009/10/19 20:01:38 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_lboha
[2009/10/19 13:20:38 | 00,271,872 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\TFC.exe
[2009/10/19 12:59:46 | 00,000,138 | ---- | M] () -- D:\Documents and Settings\user\Desktop\fix.reg
[2009/10/19 12:58:24 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_chyud
[2009/10/18 13:55:52 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_ebsre
[2009/10/18 13:55:32 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_fbjgq
[2009/10/18 13:49:42 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_ymjfn
[2009/10/18 13:30:20 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_jqrko
[2009/10/17 00:25:00 | 00,047,104 | ---- | M] () -- D:\Documents and Settings\user\Desktop\Win32kDiag.exe
[2009/10/16 13:33:00 | 17,909,056 | ---- | M] (Doctor Web, Ltd.) -- D:\Documents and Settings\user\Desktop\drweb-cureit.exe
[2009/10/15 10:33:14 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_kirhx
[2009/10/15 03:41:22 | 00,149,600 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/10/15 03:29:22 | 00,046,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/15 03:29:00 | 00,149,328 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/15 03:25:34 | 00,023,120 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/15 03:25:06 | 00,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/15 03:25:02 | 00,094,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/15 03:24:54 | 00,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/15 03:24:38 | 00,027,728 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/14 22:21:44 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_ccsan
[2009/10/14 20:48:26 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_ebxke
[2009/10/14 20:44:20 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_bgann
[2009/10/11 08:10:10 | 00,236,544 | ---- | M] () -- D:\WINDOWS\PEV.exe
 
[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/22 19:13:39 | 00,608,344 | ---- | C] () -- D:\Documents and Settings\user\Desktop\MCPR.exe
[2009/10/22 15:05:31 | 04,668,928 | ---- | C] () -- D:\Documents and Settings\user\Desktop\911AerialPhotos.pps
[2009/10/22 13:24:50 | 00,001,607 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/10/22 13:07:13 | 00,000,000 | ---- | C] () -- D:\Documents and Settings\user\Desktop\setup_av_free.exe
[2009/10/22 12:47:30 | 00,000,020 | ---- | C] () -- D:\Documents and Settings\user\Desktop\reset.bat
[2009/10/21 14:43:52 | 00,666,658 | ---- | C] () -- D:\Documents and Settings\user\Desktop\drbr.zip
[2009/10/21 13:59:00 | 03,351,153 | R--- | C] () -- D:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/21 13:06:25 | 00,047,104 | ---- | C] () -- D:\Documents and Settings\user\Desktop\Win32kDiag(2).exe
[2009/10/19 21:36:13 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_zdpwt
[2009/10/19 20:01:37 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_lboha
[2009/10/19 12:59:44 | 00,000,138 | ---- | C] () -- D:\Documents and Settings\user\Desktop\fix.reg
[2009/10/19 12:58:23 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_chyud
[2009/10/18 13:55:51 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_ebsre
[2009/10/18 13:55:31 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_fbjgq
[2009/10/18 13:49:40 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_ymjfn
[2009/10/18 13:30:19 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_jqrko
[2009/10/17 00:25:03 | 00,047,104 | ---- | C] () -- D:\Documents and Settings\user\Desktop\Win32kDiag.exe
[2009/10/15 10:33:12 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_kirhx
[2009/10/14 22:21:43 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_ccsan
[2009/10/14 20:48:24 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_ebxke
[2009/10/14 20:44:18 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_bgann
[2009/10/14 19:54:15 | 00,236,544 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2009/10/14 19:54:15 | 00,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2009/10/14 19:54:15 | 00,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2009/10/14 19:54:15 | 00,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2007/08/09 14:42:45 | 00,000,261 | ---- | C] () -- D:\WINDOWS\WPE PRO.INI
[2006/08/25 20:37:29 | 00,024,576 | R--- | C] () -- D:\WINDOWS\System32\RunSetup.dll
[2006/08/10 16:51:07 | 00,005,222 | ---- | C] () -- D:\Documents and Settings\user\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/10 16:51:07 | 00,000,206 | ---- | C] () -- D:\WINDOWS\HPGdiPlus.ini
[2005/11/23 15:51:52 | 00,000,127 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2005/11/23 15:27:21 | 00,000,820 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/24 21:51:23 | 00,271,264 | ---- | C] () -- D:\WINDOWS\VBRUN100.DLL
[2005/10/24 21:46:59 | 00,134,464 | ---- | C] () -- D:\WINDOWS\GLCV20DR.DLL
[2005/10/24 21:46:54 | 00,011,616 | ---- | C] () -- D:\WINDOWS\GLFS20DR.DLL
[2005/10/24 21:43:55 | 00,000,235 | ---- | C] () -- D:\WINDOWS\QTW.INI
[2005/10/24 21:42:43 | 00,000,110 | ---- | C] () -- D:\WINDOWS\KPCMS.INI
[2005/10/24 21:41:58 | 00,000,036 | ---- | C] () -- D:\WINDOWS\progman.ini
[2005/10/24 21:41:54 | 00,000,715 | ---- | C] () -- D:\WINDOWS\CARDSHOP.INI
[2005/10/24 21:38:05 | 00,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/10/24 21:38:05 | 00,000,063 | ---- | C] () -- D:\WINDOWS\mdm.ini
[2005/10/24 20:10:17 | 00,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini
[2005/10/24 20:00:42 | 04,839,974 | -H-- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2005/10/24 20:00:15 | 00,003,000 | R--- | C] () -- D:\WINDOWS\System32\SetupNT.sys
[2005/10/24 19:59:18 | 00,036,648 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/10/24 19:57:11 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\user\Application Data\desktop.ini
[2005/10/24 19:24:09 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/03 19:26:44 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2004/07/17 06:06:38 | 00,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/27 16:22:53 | 00,017,408 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/18 19:20:56 | 00,000,000 | ---- | C] () -- D:\WINDOWS\NSREX.INI
[2002/01/06 03:19:03 | 00,043,520 | ---- | C] () -- D:\WINDOWS\System32\CmdLineExt03.dll
[2002/01/01 18:16:56 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\PdeSrvps.dll
[2002/01/01 09:24:02 | 00,000,008 | ---- | C] () -- D:\WINDOWS\System32\CtSACKey.sys
[2002/01/01 02:08:12 | 00,000,959 | ---- | C] () -- D:\WINDOWS\EntPack.ini
[2002/01/01 00:17:59 | 00,000,097 | ---- | C] () -- D:\WINDOWS\VPPLAYS.INI
[2001/08/23 06:30:00 | 00,001,161 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/23 06:30:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini
[1999/01/22 10:46:58 | 00,065,536 | ---- | C] () -- D:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >
__________________________________________________________-
Thank you.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Browsing, Downloading Issues
« Reply #34 on: October 22, 2009, 10:04:09 PM »
Quote
I am 9 hours ahead of New York time.
Makes you 12 hours ahead of my time  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Still some files remaining
We'll deal with them in a bit

Go to START>>RUN>>Copy/Paste the following in Red below then hit OK

[color=\"#FF0000\"]combofix /u[/color]

this will uninstall ComboFix and it's components
NEXT:
Access your Add and Remove Programs, close down all Browser windows
Uninstall the older version of Java
J2SE Runtime Environment 5.0 Update 3
also, uninstall your outdated copy of
Adobe Reader 8.1.2
We'll update it in a bit

Run OTL.exe
  • Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below
    Quote
    :OTL
    SRV - [2004/08/06 03:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- D:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Stopped])
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    [2009/10/19 13:20:37 | 00,271,872 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\TFC.exe
    [2009/10/16 13:28:26 | 17,909,056 | ---- | C] (Doctor Web, Ltd.) -- D:\Documents and Settings\user\Desktop\drweb-cureit.exe

    :Services

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "D:\Documents and Settings\USER\Local Settings\TEMP\7zS2F.tmp\SymNRT.exe" =-

    :Files
    D:\Documents and Settings\user\Desktop\MCPR.exe
    D:\Documents and Settings\user\Desktop\Norton_Removal_Tool.exe
    D:\Documents and Settings\user\Desktop\setup_av_free.exe
    D:\Documents and Settings\user\Desktop\reset.bat
    D:\Documents and Settings\user\Desktop\Win32kDiag(2).exe
    D:\WINDOWS\System32\asr_zdpwt
    D:\WINDOWS\System32\asr_lboha
    D:\Documents and Settings\user\Desktop\fix.reg
    D:\WINDOWS\System32\asr_chyud
    D:\WINDOWS\System32\asr_ebsre
    D:\WINDOWS\System32\asr_fbjgq
    D:\WINDOWS\System32\asr_ymjfn
    D:\WINDOWS\System32\asr_jqrko
    D:\Documents and Settings\user\Desktop\Win32kDiag.exe
    D:\WINDOWS\System32\asr_kirhx
    D:\WINDOWS\System32\asr_ccsan
    D:\WINDOWS\System32\asr_ebxke
    D:\WINDOWS\System32\asr_bgann

    :Commands
    [emptytemp]
    [Reboot]

  • Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, please post the log that OTL produces

Afterwards: Update Adobe Reader
Using Mozilla Firefox go to the following link
http://get.adobe.com/reader/

UNTICK "McAfee Security Scan" and/or "Google Toolbar" if they are selected
Then click Download
to download and install the latest version of Adobe Reader
Note: You may get a prompt to allow Adobe downloader to run from Firefox

When the above is done
Can you again run a Scan with OTL.exe and post it's new log
« Last Edit: October 22, 2009, 10:07:09 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #35 on: October 23, 2009, 12:27:47 AM »
Following is the OTL Log on start up.  I will post the fresh OTL log after installing Adobe.

All processes killed
========== OTL ==========
Service\Driver McAfeeFramework stopped successfully.
Service\Driver McAfeeFramework deleted successfully.
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
D:\Documents and Settings\user\Desktop\TFC.exe moved successfully.
D:\Documents and Settings\user\Desktop\drweb-cureit.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Documents and Settings\USER\Local Settings\TEMP\7zS2F.tmp\SymNRT.exe deleted successfully.
========== FILES ==========
D:\Documents and Settings\user\Desktop\MCPR.exe moved successfully.
D:\Documents and Settings\user\Desktop\Norton_Removal_Tool.exe moved successfully.
D:\Documents and Settings\user\Desktop\setup_av_free.exe moved successfully.
D:\Documents and Settings\user\Desktop\reset.bat moved successfully.
D:\Documents and Settings\user\Desktop\Win32kDiag(2).exe moved successfully.
D:\WINDOWS\System32\asr_zdpwt moved successfully.
D:\WINDOWS\System32\asr_lboha moved successfully.
D:\Documents and Settings\user\Desktop\fix.reg moved successfully.
D:\WINDOWS\System32\asr_chyud moved successfully.
D:\WINDOWS\System32\asr_ebsre moved successfully.
D:\WINDOWS\System32\asr_fbjgq moved successfully.
D:\WINDOWS\System32\asr_ymjfn moved successfully.
D:\WINDOWS\System32\asr_jqrko moved successfully.
D:\Documents and Settings\user\Desktop\Win32kDiag.exe moved successfully.
D:\WINDOWS\System32\asr_kirhx moved successfully.
D:\WINDOWS\System32\asr_ccsan moved successfully.
D:\WINDOWS\System32\asr_ebxke moved successfully.
D:\WINDOWS\System32\asr_bgann moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
 
User: user
->Temp folder emptied: 19871202 bytes
File delete failed. D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 830649 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89878793 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. D:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_6f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 49389395 bytes
 
Total Files Cleaned = 152.61 mb
 
 
OTL by OldTimer - Version 3.0.21.0 log created on 10232009_105020

Files\Folders moved on Reboot...
File\Folder D:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File\Folder D:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!

Registry entries deleted on Reboot...
___________________________________________

Thank you.
Logged

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #36 on: October 23, 2009, 01:00:00 AM »
Following is the OTL Log after the Adobe Reader installation:

OTL logfile created on: 10/23/2009 11:24:03 AM - Run 2
OTL by OldTimer - Version 3.0.21.0     Folder = D:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
223.48 Mb Total Physical Memory | 47.63 Mb Available Physical Memory | 21.31% Memory free
547.08 Mb Paging File | 356.26 Mb Available in Paging File | 65.12% Paging File free
Paging file location(s): D:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 18.62 Gb Total Space | 15.98 Gb Free Space | 85.82% Space Free | Partition Type: FAT32
Drive D: | 18.63 Gb Total Space | 10.44 Gb Free Space | 56.03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AA-EC0D1346D3FA
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/10/22 19:20:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2009/10/15 03:41:36 | 02,555,120 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/08/25 01:45:04 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/10/11 11:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/08/03 19:26:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2002/01/01 11:08:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/01/01 11:08:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MsPMSPSv.exe
PRC - [1999/12/12 22:31:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\System32\CTSvcCDA.EXE
PRC - [1998/09/03 23:09:08 | 00,119,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MDM.EXE
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/23 16:37:30 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- D:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Running])
SRV - [2004/10/11 11:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/02/20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2002/01/01 11:08:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [1999/12/12 22:31:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\System32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/10/15 03:29:22 | 00,046,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/10/15 03:29:00 | 00,149,328 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/10/15 03:25:34 | 00,023,120 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/10/15 03:25:06 | 00,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/10/15 03:24:54 | 00,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/10/15 03:24:38 | 00,027,728 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2005/12/16 11:12:48 | 00,091,263 | R--- | M] (VM) -- D:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,051,120 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,021,744 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,016,496 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- D:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand | Stopped])
DRV - [2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3SavageNB [On_Demand | Stopped])
DRV - [2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Running])
DRV - [2004/07/17 06:06:38 | 00,027,440 | ---- | M] () -- D:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/10/23 01:23:00 | 00,016,848 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2002/10/03 00:09:08 | 00,031,424 | R--- | M] (Robert Schlabbach) -- D:\WINDOWS\System32\DRIVERS\RMSPPPOE.SYS -- (RMSPPPOE [On_Demand | Running])
DRV - [2001/11/21 09:23:22 | 00,242,412 | ---- | M] (Avance Logic, Inc.) -- D:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2001/08/23 06:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2001/08/17 12:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- D:\WINDOWS\System32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Running])
DRV - [2001/05/04 12:54:52 | 00,003,033 | ---- | M] (VIA Technologies. Inc.) -- D:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD [System | Running])
DRV - [2000/10/25 17:57:24 | 00,003,000 | R--- | M] () -- D:\WINDOWS\system32\SetupNT.sys -- (SetupNT [Auto | Running])
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
 
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2002/01/01 11:08:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2006/06/21 13:37:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2006/06/21 13:37:04 | 00,000,000 | ---D | M]
 
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Extensions
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\7boyuqg7.default\extensions
[2009/10/23 10:59:56 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\7boyuqg7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/07/02 20:12:20 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2008/07/02 20:12:24 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2002/01/01 11:09:32 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/25 01:45:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/25 01:45:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/08/30 03:17:44 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- D:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/25 01:45:28 | 00,065,016 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll
[2002/01/01 11:08:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- D:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/25 00:15:46 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 00:15:46 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 00:15:46 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 00:15:46 | 00,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 00:15:46 | 00,002,371 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 00:15:46 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 00:15:46 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &Windows Live Search - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Open in new background tab - D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1202570621154 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1202570594275 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/24 00:50:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/10/22 13:23:14 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/10/23 11:00:07 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NOS
[2009/10/14 22:22:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\MozillaControl
[2009/10/23 11:10:52 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe AIR
[2009/10/22 13:23:14 | 00,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2009/10/23 11:00:06 | 00,000,000 | ---D | C] -- D:\Program Files\NOS
[2009/10/23 11:13:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/10/23 10:50:20 | 00,000,000 | ---D | C] -- D:\_OTL
[2009/10/23 09:58:59 | 00,000,000 | --SD | C] -- D:\ComboFix
[2009/10/22 19:20:35 | 00,521,216 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 13:24:48 | 00,019,024 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/22 13:24:47 | 00,149,328 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/22 13:24:46 | 00,023,120 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/22 13:24:43 | 00,046,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/22 13:24:39 | 00,100,176 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/22 13:24:39 | 00,094,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/22 13:24:38 | 00,027,728 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/22 13:23:46 | 00,149,600 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/10/22 12:59:29 | 00,000,000 | ---D | C] -- D:\WINDOWS\temp
[2009/10/18 14:09:36 | 00,000,000 | -HSD | C] -- D:\Recycled
[2009/10/14 19:54:06 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[1998/12/08 18:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 18:53:54 | 00,099,840 | ---- | C] (Symantec Corp.) -- D:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 18:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 18:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 18:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 18:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- D:\Program Files\Common Files\IRASRIAL.DLL
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/10/23 11:22:02 | 00,000,641 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/10/23 11:18:30 | 00,001,636 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/23 11:09:56 | 00,000,256 | ---- | M] () -- D:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/10/23 10:52:52 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/10/23 10:52:24 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/10/23 10:52:22 | 23,440,9984 | -HS- | M] () -- D:\hiberfil.sys
[2009/10/23 10:52:20 | 00,000,196 | ---- | M] () -- D:\WINDOWS\System32\drivers\ALCICH.DAT
[2009/10/22 19:20:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 18:27:54 | 00,001,161 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/10/22 18:27:54 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/10/22 15:06:54 | 04,668,928 | ---- | M] () -- D:\Documents and Settings\user\Desktop\911AerialPhotos.pps
[2009/10/22 13:24:52 | 00,001,607 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/10/22 13:24:42 | 00,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2009/10/21 14:44:04 | 00,666,658 | ---- | M] () -- D:\Documents and Settings\user\Desktop\drbr.zip
[2009/10/21 12:57:30 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/10/15 03:41:22 | 00,149,600 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/10/15 03:29:22 | 00,046,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/15 03:29:00 | 00,149,328 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/15 03:25:34 | 00,023,120 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/15 03:25:06 | 00,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/15 03:25:02 | 00,094,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/15 03:24:54 | 00,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/15 03:24:38 | 00,027,728 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
 
[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/23 11:22:01 | 00,000,641 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/10/23 11:18:28 | 00,001,636 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/22 15:05:31 | 04,668,928 | ---- | C] () -- D:\Documents and Settings\user\Desktop\911AerialPhotos.pps
[2009/10/22 13:24:50 | 00,001,607 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/10/21 14:43:52 | 00,666,658 | ---- | C] () -- D:\Documents and Settings\user\Desktop\drbr.zip
[2007/08/09 14:42:45 | 00,000,261 | ---- | C] () -- D:\WINDOWS\WPE PRO.INI
[2006/08/25 20:37:29 | 00,024,576 | R--- | C] () -- D:\WINDOWS\System32\RunSetup.dll
[2006/08/10 16:51:07 | 00,005,222 | ---- | C] () -- D:\Documents and Settings\user\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/10 16:51:07 | 00,000,206 | ---- | C] () -- D:\WINDOWS\HPGdiPlus.ini
[2005/11/23 15:51:52 | 00,000,127 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2005/11/23 15:27:21 | 00,000,820 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/24 21:51:23 | 00,271,264 | ---- | C] () -- D:\WINDOWS\VBRUN100.DLL
[2005/10/24 21:46:59 | 00,134,464 | ---- | C] () -- D:\WINDOWS\GLCV20DR.DLL
[2005/10/24 21:46:54 | 00,011,616 | ---- | C] () -- D:\WINDOWS\GLFS20DR.DLL
[2005/10/24 21:43:55 | 00,000,235 | ---- | C] () -- D:\WINDOWS\QTW.INI
[2005/10/24 21:42:43 | 00,000,110 | ---- | C] () -- D:\WINDOWS\KPCMS.INI
[2005/10/24 21:41:58 | 00,000,036 | ---- | C] () -- D:\WINDOWS\progman.ini
[2005/10/24 21:41:54 | 00,000,715 | ---- | C] () -- D:\WINDOWS\CARDSHOP.INI
[2005/10/24 21:38:05 | 00,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/10/24 21:38:05 | 00,000,063 | ---- | C] () -- D:\WINDOWS\mdm.ini
[2005/10/24 20:10:17 | 00,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini
[2005/10/24 20:00:42 | 04,839,974 | -H-- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2005/10/24 20:00:15 | 00,003,000 | R--- | C] () -- D:\WINDOWS\System32\SetupNT.sys
[2005/10/24 19:59:18 | 00,036,648 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/10/24 19:57:11 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\user\Application Data\desktop.ini
[2005/10/24 19:24:09 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/03 19:26:44 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2004/07/17 06:06:38 | 00,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/27 16:22:53 | 00,017,408 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/18 19:20:56 | 00,000,000 | ---- | C] () -- D:\WINDOWS\NSREX.INI
[2002/01/06 03:19:03 | 00,043,520 | ---- | C] () -- D:\WINDOWS\System32\CmdLineExt03.dll
[2002/01/01 18:16:56 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\PdeSrvps.dll
[2002/01/01 09:24:02 | 00,000,008 | ---- | C] () -- D:\WINDOWS\System32\CtSACKey.sys
[2002/01/01 02:08:12 | 00,000,959 | ---- | C] () -- D:\WINDOWS\EntPack.ini
[2002/01/01 00:17:59 | 00,000,097 | ---- | C] () -- D:\WINDOWS\VPPLAYS.INI
[2001/08/23 06:30:00 | 00,001,161 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/23 06:30:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini
[1999/01/22 10:46:58 | 00,065,536 | ---- | C] () -- D:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >
________________________________________________--

Thank you.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Browsing, Downloading Issues
« Reply #37 on: October 23, 2009, 07:37:32 AM »
Looking good
Avast 5 is still Beta, so for now, it may not be a good idea to use it as your regular everyday AntiVirus software
Leave it installed for now, and please do the following

Avast is at present, is identifying some legit files as trojan-gen, which may not be correct
Right click the Avast icon by the clock and select OPEN

Under MAINTENANCE open the Virus chest
Find each of the following in the chest, ONLY the ones below
==========================
C:\WINDOWS\SYSTEM\RASPPPOE.EXE
D:\WINDOWS\system32\RASPPPOE.EXE
D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqirs08.exe
==========================
Right click on each of the files and RESTORE them
Close Avast main menu
Can you scan each ones of those files seperately at Virustotal
Here's the link again, link to the results please
http://www.virustotal.com/flash/index_en.html
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kota123

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Browsing, Downloading Issues
« Reply #38 on: October 23, 2009, 08:45:15 AM »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Browsing, Downloading Issues
« Reply #39 on: October 24, 2009, 01:45:44 PM »
The version of Avast is beta, so let's exchange it for an AntiVirus that is low on system resources
As you don't have the much RAM installed on this computer
More RAM would sure help

Can you Go to the following link:
http://download.cnet.com/Avira-AntiVir-Per...cdlPid=11012914
Download and save the installer to desktop>>>Link is Download Now  (32.39mb)
Don't install it yet

Please do the following:
Please download [color=\"blue\"]OTC.exe[/color] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Back in Windows
Access your Add and Remove Programs and uninstall AVAST 5
When it's removed, reboot your computer again

Back in Windows, go ahead and run the installer for AVIRA AntiVirus that you downloaded earlier
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back in Windows
Can you post all the following back please

 Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"

In addition post a fresh Hijackthis log
« Last Edit: October 24, 2009, 01:46:22 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2] 3
« previous next »