AntiVirus Soft Infection - Can Not Run Programs!

View previous topic View next topic Go down

AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Tue Mar 09, 2010 5:53 am

Got AntiVirus Soft pop-ups today. I cannot go into safe mode. I can not change my LAN proxy settings on IE. It gives me system administrator restricted msg (I am on the admin acct of the computer.) I have MalWare Bytes already installed. I cannot open it. I am on Mozilla, there seems to be no restriction using this explorer w/ this virus.

Back to not being able to go into any type of safe mode:

"We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this."

^ This appears at the top of my black and white screen after selecting Safe Mode w/ Networking and hitting enter twice.

Your help is appreciated in advance, thank you.

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Tue Mar 09, 2010 3:18 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Tue Mar 09, 2010 6:12 pm

Can't run OTL.exe

"Application cannot be executed. The file otl.exe is infected. Do you want to activate your antivirus software now?"

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Tue Mar 09, 2010 7:32 pm

Hello.

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Tue Mar 09, 2010 7:59 pm

Download worked. Unable to open the Ice Sword folder or extract.

"Application cannot be executed. The file winrar.exe is infected. Do you want to activate your antivirus software now?"

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Wed Mar 10, 2010 12:26 am

Hello.

Please rename OTL.exe to explorer.exe and see if it will run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Wed Mar 10, 2010 1:27 am

No it still will not. The already saved OTL.exe on desktop I changed to explorer.exe and received:

"Application cannot be executed. The file explorer.exe is infected. Do you want to activate your antivirus software now?"


Also, tried to redownload it:
I right clicked saved file as... "explorer.exe" to desktop. Attempt to open it and:

"Application cannot be executed. The file explorer.exe is infected. Do you want to activate your antivirus software now?"



I have read through nearly everyone elses AntiVirus Soft issues and never seen anyone that has not been able to do all 3 of the above you have asked... hmmm

Hooray!
A generous donation will be given to whoever helps me fix this without having to reformat my computer. Hooray!

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Wed Mar 10, 2010 10:16 pm

Hmm, try running IceSword a few more times, see if it will open, this malware doesn't always see IceSword because of it's random renaming feature.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Thu Mar 11, 2010 9:28 am

Nope doesn't work.

"Application cannot be executed. The file winrar.exe is infected. Do you want to activate your antivirus software now?"

Please refer anyone else who may know over to this thread. I need to get this comp back asap for my online business.

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Thu Mar 11, 2010 9:07 pm

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Please try OTL in Safe Mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Fri Mar 12, 2010 11:00 pm

I cannot go into safe mode


"We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this."

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Fri Mar 12, 2010 11:04 pm

I will be reformatting tomorrow unless I can find the solution by then. $$$$ for whoever can help me solve this...

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Sat Mar 13, 2010 12:35 am

Your giving up too easily, unless you want to be defeated, stick with me on this.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Sat Mar 13, 2010 1:49 am

I am going to have to use a thumb drive to attempt this. And hopefully itll let my me open it from the thumb drive. Also, my start...run is about 50/50 on working in the past few days... I'll see how it goes. Hopefully i can get u that log.

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Sat Mar 13, 2010 1:13 pm

Okay, standing by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Sun Mar 14, 2010 4:01 am

Holy FFFFFF. I just booted up my comp today after failing w/ the commy.exe on a thumb drive to even open and it everything was as described above... and I come home and its like I never had the antivirus soft bullsh*t!! Ima give u those logs right now to make sure this shit doesn't come back on my next start up or some sh*t

... Maybe going on my other Windows acct and going to msconfig and changing this tjhjsftav.exe to off on the startup tab had something to do with it? ...But i did that severallll startups ago so idk if that's what finally made it go away or if this antivirus soft bullsh*t just has a limited number of cycles to go through or what.... ...?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Sun Mar 14, 2010 4:07 am

OTL.txt:

OTL logfile created on: 3/13/2010 8:02:37 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\K Dawg\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.38 Gb Free Space | 17.12% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 187.00 Gb Free Space | 80.32% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KYLE
Current User Name: K Dawg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/09 17:24:22 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K Dawg\Desktop\explorer.exe
PRC - [2009/10/28 20:21:22 | 010,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2008/01/09 05:44:20 | 006,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2007/06/13 03:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2004/12/30 14:19:26 | 000,030,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/12/10 18:02:34 | 000,243,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/10 18:02:28 | 000,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\NMSSvc.Exe


========== Modules (SafeList) ==========

MOD - [2010/03/09 17:24:22 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K Dawg\Desktop\explorer.exe
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (x10nets)
SRV - File not found [Disabled | Stopped] -- -- (PictureTaker)
SRV - File not found [Auto | Stopped] -- -- (MCVSRte)
SRV - File not found [On_Demand | Stopped] -- -- (mcupdmgr.exe)
SRV - File not found [Auto | Stopped] -- -- (McDetect.exe)
SRV - [2009/12/17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2005/08/02 14:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINNT\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/12/30 14:19:36 | 000,153,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/12/30 14:19:32 | 001,107,784 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/12/30 14:19:26 | 000,030,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/12/23 19:19:40 | 000,202,448 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/12/10 18:02:34 | 000,243,312 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/10 18:02:32 | 000,087,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/10 18:02:28 | 000,255,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2009/08/21 01:00:00 | 000,875,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090821.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/21 01:00:00 | 000,087,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090821.007\NAVENG.SYS -- (NAVENG)
DRV - [2007/12/14 18:04:24 | 000,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/11/28 21:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/08/02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINNT\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/12/23 19:19:18 | 000,264,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/12/23 19:19:16 | 000,016,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/10/10 02:53:16 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINNT\system32\SVKP.sys -- (SVKP)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:04:32 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/03 22:59:50 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 22:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2004/07/10 17:37:02 | 000,747,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/29 04:06:24 | 000,090,464 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/12/15 09:28:46 | 000,257,872 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003/11/14 11:50:28 | 000,031,924 | ---- | M] (Cirrus Logic Inc.) [Kernel | Auto | Stopped] -- C:\WINNT\system32\drivers\DVC150B.sys -- (DVC150)
DRV - [2002/05/03 12:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2002/01/03 15:00:22 | 001,141,888 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2001/08/18 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 12:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "2dopeboyz.okayplayer.com"
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {F6E9E7A3-9347-4EE0-8716-887C82F52602}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{F6E9E7A3-9347-4EE0-8716-887C82F52602}: C:\Documents and Settings\K Dawg\Local Settings\Application Data\{F6E9E7A3-9347-4EE0-8716-887C82F52602}\ [2009/08/28 18:50:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/14 07:53:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/08/06 15:59:22 | 000,000,000 | ---D | M]

[2008/09/21 00:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K Dawg\Application Data\Mozilla\Extensions
[2006/08/06 15:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K Dawg\Application Data\Mozilla\Firefox\Profiles\qr3zqwmx.default\extensions
[2008/04/18 13:50:10 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\K Dawg\Application Data\Mozilla\Firefox\Profiles\qr3zqwmx.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/12/14 08:25:40 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\K Dawg\Application Data\Mozilla\Firefox\Profiles\qr3zqwmx.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2006/09/30 02:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K Dawg\Application Data\Mozilla\Firefox\Profiles\qr3zqwmx.default\extensions\temp
[2008/12/12 11:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\K Dawg\Application Data\Mozilla\Firefox\Profiles\qr3zqwmx.default\searchplugins\MySpace.xml
[2006/09/30 00:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2009/04/23 01:54:56 | 000,305,728 | R--- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10527 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKCU..\Run: [qikwfuvy] C:\Documents and Settings\K Dawg\Local Settings\Application Data\yobefq\tjhjsftav.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (McAfee.com Operating System Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553646000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (OldTimer Tools)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\sharedbg: DllName - C:\Documents and Settings\K Dawg\Application Data\Sony\sharedbg.dll - C:\Documents and Settings\K Dawg\Application Data\Sony\sharedbg.dll File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\K Dawg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\K Dawg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - F:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/13 15:24:50 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/09 10:09:26 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K Dawg\Desktop\explorer.exe
[2010/03/08 18:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K Dawg\Local Settings\Application Data\yobefq
[2010/02/22 04:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K Dawg\Desktop\The Leftovers UnMixedTape
[2010/02/21 02:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K Dawg\Desktop\LeakersoftheFunk Mixtape by Cypress Hill
[2010/02/20 16:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K Dawg\Desktop\The Blueprint
[2010/02/19 06:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K Dawg\Desktop\Bikes
[2010/02/12 21:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K Dawg\Desktop\Freelapse
[2009/11/14 16:51:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\K Dawg\Application Data\pcouffin.sys
[2007/09/17 20:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/12/29 16:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/11/08 18:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2006/11/08 17:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2006/11/08 17:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2004/11/30 21:18:45 | 000,131,072 | R--- | C] ( ) -- C:\WINNT\System32\ATIDEMGR.dll
[2001/09/08 09:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2001/09/08 09:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2001/09/08 08:56:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2001/09/08 08:56:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/13 20:05:58 | 012,845,056 | ---- | M] () -- C:\Documents and Settings\K Dawg\ntuser.dat
[2010/03/13 19:56:30 | 000,002,133 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\iTunes.lnk
[2010/03/13 19:55:30 | 000,011,954 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/03/13 19:55:04 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/03/13 19:54:56 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/03/13 15:56:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\K Dawg\ntuser.ini
[2010/03/12 00:25:46 | 000,000,587 | ---- | M] () -- C:\WINNT\win.ini
[2010/03/12 00:25:46 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/03/12 00:25:46 | 000,000,207 | RHS- | M] () -- C:\boot.ini
[2010/03/11 08:03:24 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\AntiVirus Soft Infection - Can Not Run Programs!.URL
[2010/03/11 01:26:22 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\IceSwo122en.zip
[2010/03/09 17:24:22 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K Dawg\Desktop\explorer.exe
[2010/03/09 13:07:02 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/03/08 22:47:04 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\Wynn Jobs.URL
[2010/03/08 03:25:46 | 009,896,132 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\Balance-Bootleg_Liquor_(Feat_Fashawn_Mistah_FAB__Thurzday)-2dope.mp3
[2010/03/08 00:11:20 | 185,782,766 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\Kyle_Lucas-Its_Always_Sunny_in_Marietta-2010.zip
[2010/03/07 23:13:22 | 006,496,091 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\Kid_Cudi-I_Do_My_Thing_(Feat_Snoop_Dogg)_(Prod_Dr_Dre)-2dope.mp3
[2010/03/04 17:20:40 | 005,763,265 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\Over.mp3
[2010/03/03 22:08:28 | 006,883,532 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\Delilah _uStream Rip_.mp3
[2010/02/26 17:33:36 | 004,878,264 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\Folk_and_Stress-New_York_Ginseng_(Feat_GZA)-2dope.mp3
[2010/02/26 17:01:14 | 000,298,945 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\LoanDefermentOptions.pdf
[2010/02/22 17:47:16 | 003,444,433 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\cormega - tony_montana (feat ghostface).mp3
[2010/02/22 04:48:08 | 053,935,450 | ---- | M] () -- C:\Documents and Settings\K Dawg\Desktop\Chace_Infinite-I_Would_Have_Killed_This-2dope.zip
[2010/02/18 00:57:44 | 000,150,528 | ---- | M] () -- C:\Documents and Settings\K Dawg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/11 01:24:36 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\IceSwo122en.zip
[2010/03/08 22:47:57 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\AntiVirus Soft Infection - Can Not Run Programs!.URL
[2010/03/08 22:47:02 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\Wynn Jobs.URL
[2010/03/08 03:25:45 | 009,896,132 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\Balance-Bootleg_Liquor_(Feat_Fashawn_Mistah_FAB__Thurzday)-2dope.mp3
[2010/03/08 00:11:18 | 185,782,766 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\Kyle_Lucas-Its_Always_Sunny_in_Marietta-2010.zip
[2010/03/07 23:13:20 | 006,496,091 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\Kid_Cudi-I_Do_My_Thing_(Feat_Snoop_Dogg)_(Prod_Dr_Dre)-2dope.mp3
[2010/03/04 17:20:39 | 005,763,265 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\Over.mp3
[2010/03/03 22:08:27 | 006,883,532 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\Delilah _uStream Rip_.mp3
[2010/02/26 17:33:35 | 004,878,264 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\Folk_and_Stress-New_York_Ginseng_(Feat_GZA)-2dope.mp3
[2010/02/26 17:01:12 | 000,298,945 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\LoanDefermentOptions.pdf
[2010/02/22 17:47:16 | 003,444,433 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\cormega - tony_montana (feat ghostface).mp3
[2010/02/22 04:48:06 | 053,935,450 | ---- | C] () -- C:\Documents and Settings\K Dawg\Desktop\Chace_Infinite-I_Would_Have_Killed_This-2dope.zip
[2009/11/22 02:44:32 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\K Dawg\Local Settings\Application Data\housecall.guid.cache
[2009/11/14 16:54:10 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\K Dawg\Application Data\vso_ts_preview.xml
[2009/11/14 16:52:28 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\K Dawg\Application Data\pcouffin.log
[2009/11/14 16:51:33 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\K Dawg\Application Data\inst.exe
[2009/11/14 16:51:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\K Dawg\Application Data\pcouffin.cat
[2009/11/14 16:51:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\K Dawg\Application Data\pcouffin.inf
[2009/08/30 20:53:12 | 000,024,971 | ---- | C] () -- C:\WINNT\uqedidak.dll
[2009/08/30 18:51:12 | 000,024,923 | ---- | C] () -- C:\WINNT\okixabok.dll
[2009/08/30 16:49:12 | 000,024,923 | ---- | C] () -- C:\WINNT\ucapuzim.dll
[2009/08/30 14:49:31 | 000,024,891 | ---- | C] () -- C:\WINNT\opahigatagac.dll
[2009/08/30 11:29:11 | 000,025,019 | ---- | C] () -- C:\WINNT\uromepixohay.dll
[2009/08/30 09:30:25 | 000,024,923 | ---- | C] () -- C:\WINNT\epokudegemidar.dll
[2009/08/30 07:23:12 | 000,024,971 | ---- | C] () -- C:\WINNT\irenomohagiqin.dll
[2009/08/30 05:21:11 | 000,024,923 | ---- | C] () -- C:\WINNT\ubonizokizi.dll
[2009/08/30 03:19:11 | 000,027,836 | ---- | C] () -- C:\WINNT\ajihotuceja.dll
[2009/08/30 01:17:11 | 000,024,923 | ---- | C] () -- C:\WINNT\azunotij.dll
[2009/08/29 23:15:12 | 000,024,971 | ---- | C] () -- C:\WINNT\iqobiberer.dll
[2009/08/29 21:13:11 | 000,024,971 | ---- | C] () -- C:\WINNT\ubeyaxukowomaq.dll
[2009/08/29 19:11:11 | 000,024,971 | ---- | C] () -- C:\WINNT\ajamosar.dll
[2009/08/29 17:09:14 | 000,024,971 | ---- | C] () -- C:\WINNT\upolonor.dll
[2009/08/29 15:07:11 | 000,024,875 | ---- | C] () -- C:\WINNT\ayewujoxucemuco.dll
[2009/08/29 13:05:11 | 000,024,923 | ---- | C] () -- C:\WINNT\ikegojer.dll
[2009/08/29 11:03:11 | 000,024,875 | ---- | C] () -- C:\WINNT\ibucasatox.dll
[2009/08/29 09:01:11 | 000,024,971 | ---- | C] () -- C:\WINNT\ejudopumam.dll
[2009/08/29 06:59:11 | 000,025,019 | ---- | C] () -- C:\WINNT\ufoguyoyamu.dll
[2009/08/29 04:57:11 | 000,030,024 | ---- | C] () -- C:\WINNT\anogufut.dll
[2009/08/29 02:55:11 | 000,024,923 | ---- | C] () -- C:\WINNT\igolinin.dll
[2009/08/29 00:53:11 | 000,024,875 | ---- | C] () -- C:\WINNT\azawupuc.dll
[2009/08/28 22:51:13 | 000,027,784 | ---- | C] () -- C:\WINNT\exacogiceyiq.dll
[2009/08/28 20:49:13 | 000,031,966 | ---- | C] () -- C:\WINNT\aqukogike.dll
[2009/05/09 20:50:58 | 000,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI
[2007/09/13 00:19:57 | 000,094,208 | ---- | C] () -- C:\WINNT\System32\GTW32N50.dll
[2007/01/20 17:46:08 | 000,000,063 | ---- | C] () -- C:\WINNT\PixieTool.INI
[2006/07/09 23:17:05 | 000,019,789 | ---- | C] () -- C:\Documents and Settings\K Dawg\Application Data\perfc012.dat
[2006/07/09 20:06:14 | 001,139,786 | ---- | C] () -- C:\Documents and Settings\K Dawg\Application Data\FNTCACHE.BIN
[2006/07/09 00:44:49 | 000,002,204 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/10 02:47:53 | 000,000,072 | ---- | C] () -- C:\WINNT\WB.ini
[2006/05/17 21:23:41 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\wbload.dll
[2005/12/17 03:49:09 | 000,000,029 | ---- | C] () -- C:\WINNT\atid.ini
[2005/08/02 14:24:01 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll
[2004/12/26 17:09:12 | 000,000,000 | ---- | C] () -- C:\WINNT\ATIMMC.INI
[2004/12/25 15:47:22 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/11/30 19:06:55 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\ati2evxx.dll
[2004/07/11 15:47:02 | 000,001,125 | ---- | C] () -- C:\WINNT\winamp.ini
[2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINNT\System32\libmmd.dll
[2004/02/04 22:09:21 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\CNMVS53.DLL
[2004/02/04 21:09:49 | 000,150,528 | ---- | C] () -- C:\Documents and Settings\K Dawg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/29 22:12:42 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2004/01/28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINNT\System32\vctest.ini
[2003/10/08 21:30:33 | 000,000,020 | ---- | C] () -- C:\WINNT\InfModM.ini
[2003/09/16 19:04:19 | 000,000,499 | ---- | C] () -- C:\WINNT\wininit.ini
[2003/09/11 15:34:05 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/09/11 14:29:53 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise32.ini
[2003/09/11 14:29:53 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise.ini
[2003/09/11 14:29:52 | 000,377,600 | ---- | C] () -- C:\WINNT\System32\BOCOLE.DLL
[2003/09/11 14:29:52 | 000,167,456 | ---- | C] () -- C:\WINNT\System32\Bocof.dll
[2003/09/11 14:29:37 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/09/11 14:26:42 | 000,057,344 | ---- | C] () -- C:\WINNT\uninstBVRP.dll
[2003/09/11 14:26:42 | 000,000,015 | ---- | C] () -- C:\WINNT\wgedit.ini
[2003/09/11 14:26:16 | 000,000,562 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/03/26 09:36:48 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINNT\System32\KodakOneTouch.dll
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll
< End of report >

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Sun Mar 14, 2010 4:08 am

Extras.txt:

OTL Extras logfile created on: 3/13/2010 8:02:37 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\K Dawg\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.38 Gb Free Space | 17.12% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 187.00 Gb Free Space | 80.32% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KYLE
Current User Name: K Dawg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8602:TCP" = 8602:TCP:*:Enabled:XBC
"8602:UDP" = 8602:UDP:*:Enabled:XBCPORT2
"36063:TCP" = 36063:TCP:*:Enabled:null
"47108:TCP" = 47108:TCP:*:Enabled:null
"88:TCP" = 88:TCP:*:Enabled:XboxLive2
"3074:TCP" = 3074:TCP:*:Enabled:XboxLive
"3074:UDP" = 3074:UDP:*:Enabled:XboxLiveUDP
"88:UDP" = 88:UDP:*:Enabled:XboxLive2UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Steam\SteamApps\cncfan6969@hotmail.com\counter-strike\hl.exe" = C:\Program Files\Steam\SteamApps\cncfan6969@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Westwood\Reborn\Reborn\Game.exe" = C:\Westwood\Reborn\Reborn\Game.exe:*:Enabled:Reborn -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1134820310\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1134820310\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1134820310\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1134820310\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Common Files\AOL\1139736558\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1139736558\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1139736558\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1139736558\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Common Files\AOL\1145426670\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1145426670\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1145426670\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1145426670\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\WINNT\System32\ZoneLabs\vsmon.exe" = C:\WINNT\System32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found
"C:\Program Files\Cain\Cain.exe" = C:\Program Files\Cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATIRW2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{565286F6-CE28-45D5-A64B-DCDCD3130881}" = Sony Media Manager 2.2
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}" = Do More
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP53.DLL" = Canon i350
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GTW V.92 Modem" = GTW V.92 Modem
"hp deskjet 940c series_Driver" = hp deskjet 940c series
"ie8" = Windows Internet Explorer 8
"InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2.3
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center 9.01
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire PRO 4.12.6
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mIRC" = mIRC
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2010 11:58:17 PM | Computer Name = KYLE | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/19/2010 7:38:52 PM | Computer Name = KYLE | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The system cannot find the file specified.


Error - 1/24/2010 9:38:26 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x002d920c.

Error - 2/6/2010 5:02:55 AM | Computer Name = KYLE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 2/13/2010 8:29:58 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x002d920c.

Error - 2/16/2010 3:03:02 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application wusb600n.exe, version 1.1.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x000e50f8.

Error - 3/6/2010 3:31:02 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application wusb600n.exe, version 1.1.0.0, faulting module
mfc71u.dll, version 7.10.3077.0, fault address 0x0002c9a5.

Error - 3/6/2010 3:37:02 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application wusb600n.exe, version 1.1.0.0, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00010f1e.

Error - 3/8/2010 8:55:01 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/8/2010 10:05:14 PM | Computer Name = KYLE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

[ Application Events ]
Error - 1/15/2010 11:58:17 PM | Computer Name = KYLE | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/19/2010 7:38:52 PM | Computer Name = KYLE | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The system cannot find the file specified.


Error - 1/24/2010 9:38:26 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x002d920c.

Error - 2/6/2010 5:02:55 AM | Computer Name = KYLE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 2/13/2010 8:29:58 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x002d920c.

Error - 2/16/2010 3:03:02 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application wusb600n.exe, version 1.1.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x000e50f8.

Error - 3/6/2010 3:31:02 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application wusb600n.exe, version 1.1.0.0, faulting module
mfc71u.dll, version 7.10.3077.0, fault address 0x0002c9a5.

Error - 3/6/2010 3:37:02 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application wusb600n.exe, version 1.1.0.0, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00010f1e.

Error - 3/8/2010 8:55:01 AM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 3/8/2010 10:05:14 PM | Computer Name = KYLE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 3/13/2010 7:20:19 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The McAfee.com VirusScan Online Realtime Engine service failed to
start due to the following error: %%3

Error - 3/13/2010 7:23:41 PM | Computer Name = KYLE | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 3/13/2010 7:24:27 PM | Computer Name = KYLE | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 3/13/2010 7:25:02 PM | Computer Name = KYLE | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 3/13/2010 7:25:24 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 3/13/2010 11:55:22 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The DVC 150B service failed to start due to the following error: %%1058

Error - 3/13/2010 11:55:22 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The McAfee WSC Integration service failed to start due to the following
error: %%2

Error - 3/13/2010 11:55:22 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The McAfee.com VirusScan Online Realtime Engine service failed to
start due to the following error: %%3

Error - 3/13/2010 11:56:45 PM | Computer Name = KYLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 3/14/2010 12:00:22 AM | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Sun Mar 14, 2010 4:09 am

Im gonna run a Malware Bytes scan right now. Anything else you'd do immediately if you were me?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Sun Mar 14, 2010 7:54 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKCU..\Run: [qikwfuvy] C:\Documents and Settings\K Dawg\Local Settings\Application Data\yobefq\tjhjsftav.exe ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [2010/03/08 18:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K Dawg\Local Settings\Application Data\yobefq



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
    a
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Sun Mar 14, 2010 10:01 pm

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qikwfuvy not found.
File C:\Documents and Settings\K Dawg\Local Settings\Application Data\yobefq\tjhjsftav.exe not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Folder C:\Documents and Settings\K Dawg\Local Settings\Application Data\yobefq\ not found.

OTL by OldTimer - Version 3.1.37.1 log created on 03142010_145421



File C:\Documents and Settings\K Dawg\Local Settings\Application Data\yobefq\tjhjsftav.exe not found.
^ I removed manually myself when my system went back to normal.


Hmmm... you think I should be g2g from here on out. I'd HATE to turn my comp off one day turn it on the next and have this prob all over again... that's all...

Just a thought: I am currently using google chrome because a friend recommended it. I personally think its faster than IE either or Mozilla have ever been on my setup, anyways... he also said maybe uninstall and reinstall Mozilla and IE, (especially IE - it was the browser that seemed to be infected and was what I was on when I first got infected...) because it may have some dormant source of this problem on there...?

Also: Malware Bytes found like 3 infected things... I read the names of them... none of them seemed name-wise relevant to this Antivirus Soft problem.

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Sun Mar 14, 2010 11:58 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Mon Mar 15, 2010 2:31 am

ComboFix 10-03-14.04 - K Dawg 03/14/2010 19:14:15.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1150.636 [GMT -7:00]
Running from: c:\documents and settings\K Dawg\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\K Dawg\Application Data\inst.exe
c:\documents and settings\K Dawg\Local Settings\Application Data\{F6E9E7A3-9347-4EE0-8716-887C82F52602}
c:\documents and settings\K Dawg\Local Settings\Application Data\{F6E9E7A3-9347-4EE0-8716-887C82F52602}\chrome.manifest
c:\documents and settings\K Dawg\Local Settings\Application Data\{F6E9E7A3-9347-4EE0-8716-887C82F52602}\chrome\content\_cfg.js
c:\documents and settings\K Dawg\Local Settings\Application Data\{F6E9E7A3-9347-4EE0-8716-887C82F52602}\chrome\content\overlay.xul
c:\documents and settings\K Dawg\Local Settings\Application Data\{F6E9E7A3-9347-4EE0-8716-887C82F52602}\install.rdf
c:\program files\outlook
c:\winnt\system32\kungsfktadluma.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kungsfjnopyldp
-------\Service_kungsfjnopyldp


((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-15 02:05 . 2010-03-15 02:05 -------- d-----w- C:\Combo-Fix
2010-03-14 21:54 . 2010-03-14 21:54 -------- d-----w- C:\_OTL
2010-03-14 03:23 . 2010-03-14 03:23 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Temp
2010-03-14 03:23 . 2010-03-14 03:23 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Google
2010-03-14 03:22 . 2010-03-14 03:22 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 09:39 . 2009-11-22 10:03 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-19 22:46 . 2010-01-19 22:46 59056 ----a-w- c:\documents and settings\NEWACCT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-07 23:07 . 2009-08-16 06:14 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-08-16 06:14 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\K Dawg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-14 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\winnt\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
backup=c:\winnt\pss\Kodak EasyShare software.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk.disabled
backup=c:\winnt\pss\Kodak software updater.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^K Dawg^Start Menu^Programs^Startup^ChkDisk.dll]
path=c:\documents and settings\K Dawg\Start Menu\Programs\Startup\ChkDisk.dll
backup=c:\winnt\pss\ChkDisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^K Dawg^Start Menu^Programs^Startup^ChkDisk.lnk]
path=c:\documents and settings\K Dawg\Start Menu\Programs\Startup\ChkDisk.lnk
backup=c:\winnt\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-07-11 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2004-12-11 01:02 67184 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
2002-01-03 22:00 100913 ----a-w- c:\winnt\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi]
2002-01-03 22:00 40960 ----a-w- c:\winnt\GWMDMpi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-11-18 07:11 118784 ----a-w- c:\winnt\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-10-22 16:05 196608 ----a-w- c:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 03:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2006-07-07 23:14 576320 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-09-16 19:16 1833296 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-06-15 01:32 132760 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2004-12-30 21:19 120640 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 16:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB54GSCSVC"=2 (0x2)
"PictureTaker"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=
"Aim6"="c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US [You must be registered and logged in to see this link.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\mcupdate.exe
"MCAgentExe"=c:\progra~1\mcafee.com\agent\mcagent.exe
"IPHSend"=c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
"IgfxTray"=c:\winnt\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145426670\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145426670\\ee\\aim6.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8602:TCP"= 8602:TCP:XBC
"8602:UDP"= 8602:UDP:XBCPORT2
"36063:TCP"= 36063:TCP:null
"47108:TCP"= 47108:TCP:null
"88:TCP"= 88:TCP:XboxLive2
"3074:TCP"= 3074:TCP:XboxLive
"3074:UDP"= 3074:UDP:XboxLiveUDP
"88:UDP"= 88:UDP:XboxLive2UDP

R2 SVKP;SVKP;c:\winnt\system32\SVKP.sys [10/10/2004 2:53 AM 2368]
S1 d42cb0d9.sys;d42cb0d9.sys;\??\c:\winnt\System32\drivers\d42cb0d9.sys --> c:\winnt\System32\drivers\d42cb0d9.sys [?]
S1 hko2fc6;hko2fc6;\??\c:\winnt\System32\drivers\hko2fc6.sys --> c:\winnt\System32\drivers\hko2fc6.sys [?]
S2 DVC150;DVC 150B;c:\winnt\system32\drivers\DVC150B.sys [1/20/2007 6:14 PM 31924]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/30/2004 2:19 PM 153416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-03-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-2212413462-1417066420-3376078148-1005Core.job
- c:\documents and settings\K Dawg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 03:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\K Dawg\Application Data\Mozilla\Firefox\Profiles\qr3zqwmx.default\
FF - prefs.js: browser.startup.homepage - 2dopeboyz.okayplayer.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)
Notify-sclgntfy - (no file)
Notify-SensLogn - (no file)
Notify-sharedbg - c:\documents and settings\K Dawg\Application Data\Sony\sharedbg.dll
Notify-termsrv - (no file)
Notify-wlballoon - (no file)
MSConfigStartUp-3f60b4d9 - c:\winnt\system32\yonevufu.dll
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-autochk - c:\winnt\system32\autochk.dll
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-CPM3c538745 - c:\winnt\system32\nisawoyi.dll
MSConfigStartUp-IM - c:\progra~1\GATEWA~1.NET\aim.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-PinnacleDriverCheck - c:\winnt\system32\PSDrvCheck.exe
MSConfigStartUp-qikwfuvy - c:\documents and settings\K Dawg\Local Settings\Application Data\yobefq\tjhjsftav.exe
MSConfigStartUp-Steam - c:\program files\steam\steam.exe
MSConfigStartUp-winupdate - c:\winnt\system32\winupdate.exe
MSConfigStartUp-yodavivopo - c:\winnt\system32\degukime.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-14 19:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\c:\winnt\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2716)
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2010-03-14 19:29:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-15 02:29

Pre-Run: 6,128,402,432 bytes free
Post-Run: 7,398,457,344 bytes free

- - End Of File - - 8D59D8A837E9D030DE25394FAA4E1C70

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Mon Mar 15, 2010 11:01 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 8.1.7
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 2
    Java(TM) 6 Update 7
    Java(TM) 6 Update 16
    LimeWire PRO 4.12.6

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "36063:TCP"=-
    "47108:TCP"=-

    Driver::
    d42cb0d9.sys
    hko2fc6
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Tue Mar 16, 2010 3:19 am

How am I supposed to be able to open pdf files after deleting all my adobe stuff...?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Tue Mar 16, 2010 4:28 am

ComboFix 10-03-15.04 - K Dawg 03/15/2010 21:10:35.4.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1150.723 [GMT -7:00]
Running from: c:\documents and settings\K Dawg\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\K Dawg\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_d42cb0d9.sys
-------\Service_hko2fc6


((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 03:56 . 2010-03-16 03:56 -------- d-----w- C:\Combo-Fix1125C
2010-03-16 03:49 . 2010-03-16 03:49 -------- d-----w- C:\FOUND.011
2010-03-15 02:05 . 2010-03-15 02:05 -------- d-----w- C:\Combo-Fix
2010-03-14 21:54 . 2010-03-14 21:54 -------- d-----w- C:\_OTL
2010-03-14 03:23 . 2010-03-14 03:23 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Temp
2010-03-14 03:23 . 2010-03-14 03:23 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Google
2010-03-14 03:22 . 2010-03-14 03:22 -------- d-----w- c:\documents and settings\K Dawg\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 09:39 . 2009-11-22 10:03 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-19 22:46 . 2010-01-19 22:46 59056 ----a-w- c:\documents and settings\NEWACCT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-07 23:07 . 2009-08-16 06:14 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-08-16 06:14 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 1980-01-01 07:00 . 2010-03-15 02:06 65494 c:\winnt\system32\perfc009.dat
+ 1980-01-01 07:00 . 2010-03-16 03:54 65494 c:\winnt\system32\perfc009.dat
+ 1980-01-01 07:00 . 2010-03-16 03:54 409874 c:\winnt\system32\perfh009.dat
- 1980-01-01 07:00 . 2010-03-15 02:06 409874 c:\winnt\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\K Dawg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-14 135664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\winnt\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
backup=c:\winnt\pss\Kodak EasyShare software.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk.disabled
backup=c:\winnt\pss\Kodak software updater.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^K Dawg^Start Menu^Programs^Startup^ChkDisk.dll]
path=c:\documents and settings\K Dawg\Start Menu\Programs\Startup\ChkDisk.dll
backup=c:\winnt\pss\ChkDisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^K Dawg^Start Menu^Programs^Startup^ChkDisk.lnk]
path=c:\documents and settings\K Dawg\Start Menu\Programs\Startup\ChkDisk.lnk
backup=c:\winnt\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-07-11 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2004-12-11 01:02 67184 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
2002-01-03 22:00 100913 ----a-w- c:\winnt\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi]
2002-01-03 22:00 40960 ----a-w- c:\winnt\GWMDMpi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-11-18 07:11 118784 ----a-w- c:\winnt\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-10-22 16:05 196608 ----a-w- c:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 03:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2006-07-07 23:14 576320 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-09-16 19:16 1833296 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2004-12-30 21:19 120640 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 16:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB54GSCSVC"=2 (0x2)
"PictureTaker"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=
"Aim6"="c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US [You must be registered and logged in to see this link.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\mcupdate.exe
"MCAgentExe"=c:\progra~1\mcafee.com\agent\mcagent.exe
"IPHSend"=c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
"IgfxTray"=c:\winnt\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145426670\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145426670\\ee\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8602:TCP"= 8602:TCP:XBC
"8602:UDP"= 8602:UDP:XBCPORT2
"88:TCP"= 88:TCP:XboxLive2
"3074:TCP"= 3074:TCP:XboxLive
"3074:UDP"= 3074:UDP:XboxLiveUDP
"88:UDP"= 88:UDP:XboxLive2UDP

R2 SVKP;SVKP;c:\winnt\system32\SVKP.sys [10/10/2004 2:53 AM 2368]
S2 DVC150;DVC 150B;c:\winnt\system32\drivers\DVC150B.sys [1/20/2007 6:14 PM 31924]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/30/2004 2:19 PM 153416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-03-16 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-2212413462-1417066420-3376078148-1005Core.job
- c:\documents and settings\K Dawg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 03:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-15 21:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\c:\winnt\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1620)
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
.
**************************************************************************
.
Completion time: 2010-03-15 21:22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 04:22
ComboFix2.txt 2010-03-16 04:07
ComboFix3.txt 2010-03-15 02:29

Pre-Run: 7,565,508,608 bytes free
Post-Run: 7,509,016,576 bytes free

- - End Of File - - DFDE11A10792D6D9630102C28BCF6228

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Tue Mar 16, 2010 5:10 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Wed Mar 17, 2010 1:34 am

Wow... its taking foreverrrrr. Oh well i'll just leave it on not rly bothering anything else... It found 2 things and is only 10% on the C drive. Smile

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Wed Mar 17, 2010 2:17 am

WTF! Limewire won't run cuz that Java stuff I deleted. What would you recommend?

Says DL their software at java.com


... Can I ask why you had me delete that stuff before?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Wed Mar 17, 2010 3:38 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f2e038b43278f440bcc2f93910d514c3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-17 03:23:26
# local_time=2010-03-16 08:23:26 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=89848
# found=3
# cleaned=3
# scan_time=17042
C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K98DC123\crypt_install[1].exe a variant of Win32/Kryptik.ADP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\K Dawg\Desktop\iTunes APPROVED\Lil Wayne - The Carter 3 -09- Shoot Me Down.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
F:\iTunes APPROVED\Lil Wayne - The Carter 3 -09- Shoot Me Down.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C


Lil Wayne FTL. LMAO

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Thu Apr 01, 2010 4:13 am

Bump. Wondering why Limewire STILL won't work.?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Thu Apr 01, 2010 11:35 pm

Hello.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Please uninstall Limewire, it's un-safe. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Fri Apr 02, 2010 1:16 am

[You must be registered and logged in to see this link.] wrote:Hello.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Please uninstall Limewire, it's un-safe. Smile

That's true. Especially if you download .avi or .wav or .wma it can be some serious stuff and i've come across that stuff and found out firsthand what it can do... however I need a program w/ at least that good of a P2P network for finding individual, mostly rare, single songs... any suggestions?

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by Belahzur on Fri Apr 02, 2010 1:55 pm

Nope, no method of P2P is safe from risk.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus Soft Infection - Can Not Run Programs!

Post by KyleNeedsHelp! on Fri Apr 02, 2010 1:59 pm

[You must be registered and logged in to see this link.] wrote:Nope, no method of P2P is safe from risk.

My Limewire def didnt start working after the DL... hmmm... prolly just reinstall altogether. Thanks again man.

KyleNeedsHelp!
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-09
OS OS : Windows XP
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum