Antisoft Probs, OTL Logs included

View previous topic View next topic Go down

Antisoft Probs, OTL Logs included

Post by madmac283 on 5th May 2010, 4:40 pm

Just like Shangsta's post...I also read the removal guide, but get the same run time error when trying to run/open malwarebites. I downloaded OTL and ran it; here are the logs. Thanks in advance.

OTL logfile created on: 5/5/2010 9:29:23 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 87.60 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASON-DESKTOP
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 09:23:06 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
PRC - [2010/05/04 17:33:05 | 000,036,868 | -H-- | M] () -- C:\WINDOWS\Temp\svchost.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 09:23:06 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/04 17:31:12 | 000,056,766 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -- (AVP)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/05/04 17:33:40 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2010/05/04 17:31:43 | 000,081,408 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\zgjugyppha1.sys -- (zgjugyppha1)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/07/18 23:10:02 | 000,033,824 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2008/05/28 08:31:27 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/13 11:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/01/18 20:01:28 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/12/20 12:32:52 | 000,179,984 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007/07/03 17:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 17:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/08/02 15:07:51 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/06 18:43:59 | 000,168,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006/05/16 04:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/05/16 04:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/04/24 02:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/10/20 18:16:24 | 001,406,208 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/03/08 23:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/10 03:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 03:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/04/24 13:29:52 | 000,013,312 | ---- | M] (WayTech Development, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbfilter.sys -- (kbfilter)
DRV - [2003/03/13 08:46:10 | 000,007,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Moufiltr.sys -- (moufiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 50 70 B8 DC EB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/02 11:50:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/02 11:50:35 | 000,000,000 | ---D | M]

[2008/06/21 10:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions
[2009/04/16 04:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ladwlibm.default\extensions
[2009/04/16 04:01:34 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ladwlibm.default\searchplugins\live-search.xml
[2010/04/02 09:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/04 17:30:46 | 000,000,775 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 68.178.254.203 subtracts.userplane.com
O2 - BHO: (C:\WINDOWS\system32\o4cufwkfz.dll) - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\o4cufwkfz.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe ()
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe ()
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe ()
O4 - HKLM..\Run: [kxexvtap] C:\Documents and Settings\Jason\Local Settings\Application Data\buxsrwcfh\asyeqtetssd.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [rytwkmud] C:\Documents and Settings\Jason\Local Settings\Application Data\rhgsrdolo\aleblxmtssd.exe ()
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\updreg.exe ()
O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\Jason\Local Settings\Temp\win.exe ()
O4 - HKCU..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\Documents and Settings\Jason\Local Settings\Temp\ro91k.exe ()
O4 - HKCU..\Run: [kxexvtap] C:\Documents and Settings\Jason\Local Settings\Application Data\buxsrwcfh\asyeqtetssd.exe ()
O4 - HKCU..\Run: [mcexecwin] C:\Documents and Settings\Jason\Local Settings\Temp\lec6ylr3.dll ()
O4 - HKCU..\Run: [rytwkmud] C:\Documents and Settings\Jason\Local Settings\Application Data\rhgsrdolo\aleblxmtssd.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 50pfo = C:\DOCUME~1\Jason\LOCALS~1\Temp\uxq9by.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} [You must be registered and logged in to see this link.] (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} [You must be registered and logged in to see this link.] (MSN Games Buddy Invite)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} [You must be registered and logged in to see this link.] (ZonePAChat Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} [You must be registered and logged in to see this link.] (Closet Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} [You must be registered and logged in to see this link.] (CamImage Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} [You must be registered and logged in to see this link.] (MSN Games Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} [You must be registered and logged in to see this link.] (MSN Games Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} [You must be registered and logged in to see this link.] (ZPA_Backgammon Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O21 - SSODL: GootkitSSO - {817EB1EB-853E-4FB7-870D-C153CE4138C1} - C:\WINDOWS\system32\msxsltsso.dll ()
O22 - SharedTaskScheduler: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - kjsfi8sjefiuoshiefyhiusdhfdf - C:\WINDOWS\system32\o4cufwkfz.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/22 08:27:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e26c106d-919d-11db-a162-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e26c106d-919d-11db-a162-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26c106d-919d-11db-a162-806d6172696f}\Shell\AutoRun\command - "" = D:\INSTALL.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Jason\Local Settings\Application Data\Windows Server\rokqzu.dll) - C:\Documents and Settings\Jason\Local Settings\Application Data\Windows Server\rokqzu.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 09:23:05 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2010/05/05 09:12:08 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup.exe
[2010/05/05 09:11:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/05 09:11:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/05 09:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/05 09:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/05 08:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/05 07:44:55 | 000,490,392 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Jason\Desktop\SpyHunter-Installer.exe
[2010/05/05 07:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/05 07:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/04 17:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/04 17:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\buxsrwcfh
[2010/05/04 17:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Windows Server
[2010/05/04 17:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\rhgsrdolo
[2010/05/04 17:31:17 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/05/02 11:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 11:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 11:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 11:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 11:48:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/05/02 11:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/15 16:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/15 15:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/04/08 13:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2006/12/22 08:48:04 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 09:31:06 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgrqjy.sys
[2010/05/05 09:23:06 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2010/05/05 09:12:15 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup.exe
[2010/05/05 09:11:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 08:56:30 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Jason\NTUSER.DAT
[2010/05/05 07:26:03 | 000,490,392 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Jason\Desktop\SpyHunter-Installer.exe
[2010/05/05 07:09:44 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\online_{c0644480-7e75-4055-af58-4ca427c32032}
[2010/05/05 07:09:43 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\{c0644480-7e75-4055-af58-4ca427c32032}
[2010/05/05 07:08:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 07:08:44 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010/05/05 07:08:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 07:06:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 17:56:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jason\ntuser.ini
[2010/05/04 17:56:29 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\IconCache.db
[2010/05/04 17:40:49 | 096,355,872 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/04 17:36:34 | 001,603,104 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/04 17:36:34 | 001,291,484 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/04 17:36:34 | 000,151,316 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/05/04 17:33:40 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2010/05/04 17:33:40 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/05/04 17:31:43 | 000,081,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgjugyppha1.sys
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/04 17:31:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\hgtd.ruy
[2010/05/04 17:31:19 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\h7t.wt
[2010/05/04 17:31:16 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/05/04 17:31:16 | 000,135,168 | ---- | M] () -- C:\WINDOWS\System32\nmklo.dll
[2010/05/04 17:31:10 | 000,056,766 | ---- | M] () -- C:\WINDOWS\updreg.exe
[2010/05/04 17:31:06 | 000,056,766 | ---- | M] () -- C:\Documents and Settings\Jason\reader_s.exe
[2010/05/04 17:30:59 | 000,187,392 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/05/04 17:30:37 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\reader_s .exe
[2010/05/04 17:30:37 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Jason\reader_s .exe
[2010/05/04 17:30:30 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\o4cufwkfz.dll
[2010/05/02 11:53:07 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 11:50:25 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/29 20:01:35 | 000,091,034 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\morgan.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/21 06:55:53 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/20 21:20:44 | 000,013,688 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/15 16:35:41 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\inst.exe
[2010/04/15 16:35:41 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Jason\Application Data\pcouffin.sys
[2010/04/15 16:35:41 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\pcouffin.cat
[2010/04/15 16:35:41 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\pcouffin.inf
[2010/04/15 16:28:02 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 15:42:04 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\DVDFab 7.lnk
[2010/04/14 03:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/08 13:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 09:11:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 07:09:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\online_{c0644480-7e75-4055-af58-4ca427c32032}
[2010/05/04 17:53:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\{c0644480-7e75-4055-af58-4ca427c32032}
[2010/05/04 17:34:11 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010/05/04 17:33:40 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/04 17:31:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hgtd.ruy
[2010/05/04 17:31:19 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\h7t.wt
[2010/05/04 17:31:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\nmklo.dll
[2010/05/04 17:31:14 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/05/04 17:31:07 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgrqjy.sys
[2010/05/04 17:30:37 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgjugyppha1.sys
[2010/05/04 17:30:37 | 000,056,766 | ---- | C] () -- C:\Documents and Settings\Jason\reader_s.exe
[2010/05/04 17:30:37 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\reader_s .exe
[2010/05/04 17:30:37 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Jason\reader_s .exe
[2010/05/04 17:30:30 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\o4cufwkfz.dll
[2010/05/02 11:53:07 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 11:50:25 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/30 10:16:44 | 000,091,034 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\morgan.jpg
[2010/04/15 15:42:04 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\DVDFab 7.lnk
[2008/08/20 13:47:44 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/07/18 23:10:02 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2006/12/22 08:59:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/12/22 08:48:04 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2006/12/22 08:48:04 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2006/12/22 08:47:56 | 000,005,525 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/12/22 08:47:56 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/03/31 05:00:00 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:359B3BDA
< End of report >
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O21 - SSODL: GootkitSSO - {817EB1EB-853E-4FB7-870D-C153CE4138C1} - C:\WINDOWS\system32\msxsltsso.dll ()
O22 - SharedTaskScheduler: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - kjsfi8sjefiuoshiefyhiusdhfdf - C:\WINDOWS\system32\o4cufwkfz.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/22 08:27:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e26c106d-919d-11db-a162-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e26c106d-919d-11db-a162-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26c106d-919d-11db-a162-806d6172696f}\Shell\AutoRun\command - "" = D:\INSTALL.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Jason\Local Settings\Application Data\Windows Server\rokqzu.dll) - C:\Documents and Settings\Jason\Local Settings\Application Data\Windows Server\rokqzu.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 09:23:05 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2010/05/05 09:12:08 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup.exe
[2010/05/05 09:11:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/05 09:11:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/05 09:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/05 09:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/05 08:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/05 07:44:55 | 000,490,392 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Jason\Desktop\SpyHunter-Installer.exe
[2010/05/05 07:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/05 07:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/04 17:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/04 17:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\buxsrwcfh
[2010/05/04 17:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Windows Server
[2010/05/04 17:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\rhgsrdolo
[2010/05/04 17:31:17 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/05/02 11:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 11:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/02 11:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 11:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 11:48:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/05/02 11:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/15 16:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/15 15:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/04/08 13:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2006/12/22 08:48:04 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 09:31:26 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgrqjy.sys
[2010/05/05 09:23:06 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2010/05/05 09:12:15 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup.exe
[2010/05/05 09:11:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 08:56:30 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Jason\NTUSER.DAT
[2010/05/05 07:26:03 | 000,490,392 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Jason\Desktop\SpyHunter-Installer.exe
[2010/05/05 07:09:44 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\online_{c0644480-7e75-4055-af58-4ca427c32032}
[2010/05/05 07:09:43 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\{c0644480-7e75-4055-af58-4ca427c32032}
[2010/05/05 07:08:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 07:08:44 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010/05/05 07:08:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 07:06:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 17:56:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jason\ntuser.ini
[2010/05/04 17:56:29 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\IconCache.db
[2010/05/04 17:40:49 | 096,355,872 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/04 17:36:34 | 001,603,104 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/04 17:36:34 | 001,291,484 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/04 17:36:34 | 000,151,316 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/05/04 17:33:40 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2010/05/04 17:33:40 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/05/04 17:31:43 | 000,081,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgjugyppha1.sys
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/04 17:31:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\hgtd.ruy
[2010/05/04 17:31:19 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\h7t.wt
[2010/05/04 17:31:16 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/05/04 17:31:16 | 000,135,168 | ---- | M] () -- C:\WINDOWS\System32\nmklo.dll
[2010/05/04 17:31:10 | 000,056,766 | ---- | M] () -- C:\WINDOWS\updreg.exe
[2010/05/04 17:31:06 | 000,056,766 | ---- | M] () -- C:\Documents and Settings\Jason\reader_s.exe
[2010/05/04 17:30:59 | 000,187,392 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/05/04 17:30:37 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\reader_s .exe
[2010/05/04 17:30:37 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Jason\reader_s .exe
[2010/05/04 17:30:30 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\o4cufwkfz.dll
[2010/05/02 11:53:07 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 11:50:25 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/29 20:01:35 | 000,091,034 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\morgan.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/21 06:55:53 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/20 21:20:44 | 000,013,688 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/15 16:35:41 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\inst.exe
[2010/04/15 16:35:41 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Jason\Application Data\pcouffin.sys
[2010/04/15 16:35:41 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\pcouffin.cat
[2010/04/15 16:35:41 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Jason\Application Data\pcouffin.inf
[2010/04/15 16:28:02 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 15:42:04 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\DVDFab 7.lnk
[2010/04/14 03:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/08 13:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 09:11:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 07:09:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\online_{c0644480-7e75-4055-af58-4ca427c32032}
[2010/05/04 17:53:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\{c0644480-7e75-4055-af58-4ca427c32032}
[2010/05/04 17:34:11 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010/05/04 17:33:40 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 17:31:22 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/05/04 17:31:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/04 17:31:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hgtd.ruy
[2010/05/04 17:31:19 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\h7t.wt
[2010/05/04 17:31:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\nmklo.dll
[2010/05/04 17:31:14 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/05/04 17:31:07 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgrqjy.sys
[2010/05/04 17:30:37 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgjugyppha1.sys
[2010/05/04 17:30:37 | 000,056,766 | ---- | C] () -- C:\Documents and Settings\Jason\reader_s.exe
[2010/05/04 17:30:37 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\reader_s .exe
[2010/05/04 17:30:37 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Jason\reader_s .exe
[2010/05/04 17:30:30 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\o4cufwkfz.dll
[2010/05/02 11:53:07 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/02 11:50:25 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/30 10:16:44 | 000,091,034 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\morgan.jpg
[2010/04/15 15:42:04 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\DVDFab 7.lnk
[2008/08/20 13:47:44 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/07/18 23:10:02 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2006/12/22 08:59:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/12/22 08:48:04 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2006/12/22 08:48:04 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2006/12/22 08:47:56 | 000,005,525 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/12/22 08:47:56 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/03/31 05:00:00 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:359B3BDA

< End of report >

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 5th May 2010, 4:41 pm

OTL Extras logfile created on: 5/5/2010 9:29:23 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 87.60 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASON-DESKTOP
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1F5C9A13-6966-45F7-B39E-B9C3462535A7}" = ATI Catalyst Control Center
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{75193929-9A52-4CA4-98DE-8C7296940920}" = Kaspersky Anti-Virus 6.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Azureus" = Azureus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDFab 7_is1" = DVDFab 7.0.4.0 (15/04/2010)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InstallWIX_{75193929-9A52-4CA4-98DE-8C7296940920}" = Kaspersky Anti-Virus 6.0
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
"zMUD" = zMUD 7.21.0.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2010 8:39:53 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application pdvdserv.exe, version 0.0.0.0, faulting module
pdvdserv.exe, version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:39:56 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application everioservice.exe, version 0.0.0.0, faulting
module everioservice.exe, version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:39:59 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application win.exe, version 0.0.0.0, faulting module win.exe,
version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:39:59 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application ro91k.exe, version 0.0.0.0, faulting module ro91k.exe,
version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:40:00 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 0.0.0.0, faulting module
qttask.exe, version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:54:36 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 0.0.0.0, faulting module avp.exe,
version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 9:01:01 PM | Computer Name = JASON-DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\kav\kav6.0\english\kav6.en.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 5/5/2010 11:08:57 AM | Computer Name = JASON-DESKTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/5/2010 12:16:24 PM | Computer Name = JASON-DESKTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/5/2010 12:17:24 PM | Computer Name = JASON-DESKTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 5/5/2010 10:06:40 AM | Computer Name = JASON-DESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/5/2010 10:08:29 AM | Computer Name = JASON-DESKTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/5/2010 10:08:29 AM | Computer Name = JASON-DESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/5/2010 10:08:45 AM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 10:09:58 AM | Computer Name = JASON-DESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Fips kl1 klif oreans32

Error - 5/5/2010 11:08:57 AM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 12:16:24 PM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 12:16:59 PM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 5/5/2010 12:17:24 PM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 12:17:59 PM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1F5C9A13-6966-45F7-B39E-B9C3462535A7}" = ATI Catalyst Control Center
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{75193929-9A52-4CA4-98DE-8C7296940920}" = Kaspersky Anti-Virus 6.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Azureus" = Azureus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDFab 7_is1" = DVDFab 7.0.4.0 (15/04/2010)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InstallWIX_{75193929-9A52-4CA4-98DE-8C7296940920}" = Kaspersky Anti-Virus 6.0
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
"zMUD" = zMUD 7.21.0.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2010 8:39:53 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application pdvdserv.exe, version 0.0.0.0, faulting module
pdvdserv.exe, version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:39:56 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application everioservice.exe, version 0.0.0.0, faulting
module everioservice.exe, version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:39:59 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application win.exe, version 0.0.0.0, faulting module win.exe,
version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:39:59 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application ro91k.exe, version 0.0.0.0, faulting module ro91k.exe,
version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:40:00 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 0.0.0.0, faulting module
qttask.exe, version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 8:54:36 PM | Computer Name = JASON-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 0.0.0.0, faulting module avp.exe,
version 0.0.0.0, fault address 0x000018a0.

Error - 5/4/2010 9:01:01 PM | Computer Name = JASON-DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\kav\kav6.0\english\kav6.en.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 5/5/2010 11:08:57 AM | Computer Name = JASON-DESKTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/5/2010 12:16:24 PM | Computer Name = JASON-DESKTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/5/2010 12:17:24 PM | Computer Name = JASON-DESKTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 5/5/2010 10:06:40 AM | Computer Name = JASON-DESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/5/2010 10:08:29 AM | Computer Name = JASON-DESKTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/5/2010 10:08:29 AM | Computer Name = JASON-DESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/5/2010 10:08:45 AM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 10:09:58 AM | Computer Name = JASON-DESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Fips kl1 klif oreans32

Error - 5/5/2010 11:08:57 AM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 12:16:24 PM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 12:16:59 PM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 5/5/2010 12:17:24 PM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 12:17:59 PM | Computer Name = JASON-DESKTOP | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.


< End of report >

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 5th May 2010, 7:53 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 5th May 2010, 11:55 pm

Ran Combofix as instructed and it got to the point where it was creating a log and froze there (for over an hour). I rebooted and tried to run it again, but computer is running very slow (seems something is constantly accessing the hard drive). I even tried in safe mode w/networking...Combofix came up about 5 mins after double clicking the icon. I think it is slowly trying to work again now.

Not sure if I should just let it try to run in safe mode again or what.

Thank you.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 6th May 2010, 12:40 am

Ran Combofix again and got the log this time:

ComboFix 10-05-05.04 - Jason 05/05/2010 17:17:19.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1670 [GMT -7:00]
Running from: c:\documents and settings\Jason\Desktop\Combo-Fix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jason\Local Settings\Application Data\Windows Server
.
---- Previous Run -------
.
c:\docume~1\Jason\LOCALS~1\Temp\csrss.exe
c:\documents and settings\Jason\Application Data\inst.exe
c:\documents and settings\Jason\Local Settings\Application Data\Windows Server\rokqzu.dll
c:\documents and settings\Jason\Local Settings\Application Data\Windows Server\rokqzu.dll.vir
c:\windows\system32\8cb6910.log
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\zgrqjy.sys
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\msxsltsso.dll
c:\windows\system32\nmklo.dll
c:\windows\updreg .exe

Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_zgrqjy
-------\Service_zgrqjy


((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-05 23:15 . 2010-05-05 23:15 -------- d-----w- c:\documents and settings\HelpAssistant
2010-05-05 18:16 . 2010-05-05 18:16 -------- d-----w- c:\program files\ESET
2010-05-05 16:11 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 16:11 . 2010-05-05 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 16:11 . 2010-05-05 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-05 16:11 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 15:09 . 2010-05-05 15:09 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-05-05 00:54 . 2010-05-05 00:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-05 00:53 . 2010-05-05 00:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-05 00:32 . 2010-05-05 00:32 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-05-05 00:32 . 2010-05-05 00:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-05 00:31 . 2010-05-05 18:28 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\buxsrwcfh
2010-05-05 00:31 . 2010-05-05 18:29 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\rhgsrdolo
2010-05-05 00:31 . 2010-05-05 23:06 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-05-02 18:52 . 2010-05-02 18:52 -------- d-----w- c:\program files\iPod
2010-05-02 18:52 . 2010-05-05 19:06 -------- d-----w- c:\program files\iTunes
2010-05-02 18:52 . 2010-05-02 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-02 18:50 . 2010-05-05 19:15 -------- d-----w- c:\program files\QuickTime
2010-05-02 18:48 . 2010-05-02 18:48 -------- d-----w- c:\program files\Bonjour
2010-05-02 18:47 . 2010-05-02 18:47 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-21 23:17 . 2010-04-21 23:18 143976 ----a-w- c:\documents and settings\Jason\Application Data\Move Networks\uninstall.exe
2010-04-15 22:42 . 2010-04-15 22:42 -------- d-----w- c:\program files\DVDFab 7
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 23:48 . 2007-02-24 21:46 96927712 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-05 23:48 . 2007-02-24 21:46 1650720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-05 23:48 . 2007-02-24 21:46 154028 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-05 23:48 . 2007-02-24 21:46 1297364 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-05 23:06 . 2003-03-31 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-05-05 00:38 . 2009-11-07 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-02 18:52 . 2009-08-15 18:09 -------- d-----w- c:\program files\Common Files\Apple
2010-04-26 03:15 . 2007-04-02 00:04 -------- d--h--w- c:\documents and settings\Jason\Application Data\Move Networks
2010-04-21 23:18 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Jason\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-04-21 13:56 . 2007-02-24 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-21 04:20 . 2006-12-22 16:02 13688 ----a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 23:44 . 2007-04-22 13:07 -------- d-----w- c:\program files\Gspot
2010-04-15 23:40 . 2009-01-10 02:29 -------- d-----w- c:\program files\DVDlabPro2
2010-04-15 23:39 . 2008-06-23 21:59 -------- d-----w- c:\program files\Gravity
2010-04-15 23:39 . 2006-12-22 15:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 23:38 . 2006-12-23 07:36 -------- d-----w- c:\program files\World of Warcraft
2010-04-15 23:37 . 2009-01-09 21:00 -------- d-----w- c:\program files\DIKO
2010-04-15 23:36 . 2008-08-14 20:48 -------- d-----w- c:\program files\WinXMedia
2010-04-15 23:36 . 2008-07-26 16:34 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-15 23:35 . 2009-01-11 09:40 -------- d-----w- c:\program files\DVDFab 5
2010-04-15 23:35 . 2009-01-11 09:40 -------- d-----w- c:\documents and settings\Jason\Application Data\Vso
2010-04-15 23:35 . 2009-01-11 09:40 47360 ----a-w- c:\documents and settings\Jason\Application Data\pcouffin.sys
2010-04-15 23:35 . 2009-01-11 09:40 47360 ----a-w- c:\documents and settings\Jason\Application Data\pcouffin.sys
2010-04-15 23:35 . 2007-01-10 23:38 -------- d-----w- c:\documents and settings\Jason\Application Data\Azureus
2010-04-15 21:58 . 2007-01-10 23:29 -------- d-----w- c:\program files\Azureus
2010-04-14 21:38 . 2007-02-10 14:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 16:22 . 2007-01-10 23:30 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 16:22 . 2010-04-02 16:22 503808 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\msvcp71.dll
2010-04-02 16:22 . 2010-04-02 16:22 499712 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\jmc.dll
2010-04-02 16:22 . 2010-04-02 16:22 348160 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\msvcr71.dll
2010-04-02 16:22 . 2010-04-02 16:22 61440 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2e85a3bd-n\decora-sse.dll
2010-04-02 16:22 . 2010-04-02 16:22 12800 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2e85a3bd-n\decora-d3d.dll
2010-04-02 16:22 . 2007-01-10 23:31 -------- d-----w- c:\program files\Java
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-03-10 06:15 . 2003-03-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:28 . 2008-12-15 12:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 17:43 . 2009-12-23 03:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-07 17:43 . 2009-12-23 03:11 -------- d-----w- c:\program files\zMUD
2010-02-25 06:24 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2003-03-31 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2006-08-16 12:14 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
Code:
<pre>
c:\program files\ATI Technologies\ATI.ACE\clistart .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Creative\SBAudigy\Surround Mixer\ctsysvol .exe
c:\program files\CyberLink\PCM4Everio\everioservice .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\CyberLink\PowerDVD\Language\language .exe
c:\program files\CyberLink\PowerProducer\MUITransfer\muistartmenu .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Windows Media Player\wmpnscfg .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-10-21 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"8154:TCP"= 8154:TCP:Services
"8155:TCP"= 8155:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [3/17/2007 5:07 AM 13312]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/18/2008 11:10 PM 33824]
S1 zgjugyppha1;zgjugyppha1.sys;c:\windows\system32\drivers\zgjugyppha1.sys --> c:\windows\system32\drivers\zgjugyppha1.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [2/14/2010 4:21 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ladwlibm.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SSODL-GootkitSSO-{1472A023-E23E-4B38-B832-AD392B3311FE} - c:\windows\System32\msxsltsso.dll
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-05 17:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88B82EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba737852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,d2,db,ba,ef,1c,95,4b,81,73,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,d2,db,ba,ef,1c,95,4b,81,73,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-05 17:37:24
ComboFix-quarantined-files.txt 2010-05-06 00:37

Pre-Run: 93,970,698,240 bytes free
Post-Run: 93,954,957,312 bytes free

- - End Of File - - E9932909C30B2B2C6EFA469ACC61D109

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 6th May 2010, 1:54 am

Couple of other things I am noticing now that this computer will actually do something...

-When i go to a file that contains video, I get the error "xvidcore.dll" not found

-When on the internet (with IE), random adds will pop up and sometimes when I click a link it will take me somewhere else (not where the link was supposed to go).

I also installed the latest version of Java and used JavaRa to remove old versions.

Thanks again in advance for all the help.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 6th May 2010, 2:10 pm

Just got another error. It was one of the windows that says such and such has an error and needs to close. Then asks you to send a report to microsoft. The "technical error info" is below:

C:\DOCUME~1\Jason\LOCALS~1\Temp\WERd450.dir00\svchost.exe.mdmp
C:\DOCUME~1\Jason\LOCALS~1\Temp\WERd450.dir00\appcompat.txt

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 6th May 2010, 9:12 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 6th May 2010, 11:06 pm

File was too big to paste, so I have just attached it. Sorry it took so long, scan took forever.

Thanks again.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 7th May 2010, 5:18 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    TDL::
    C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

    RenV::
    c:\program files\ATI Technologies\ATI.ACE\clistart .exe
    c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
    c:\program files\Creative\SBAudigy\Surround Mixer\ctsysvol .exe
    c:\program files\CyberLink\PCM4Everio\everioservice .exe
    c:\program files\CyberLink\PowerDVD\pdvdserv .exe
    c:\program files\CyberLink\PowerDVD\Language\language .exe
    c:\program files\CyberLink\PowerProducer\MUITransfer\muistartmenu .exe
    c:\program files\iTunes\ituneshelper .exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp .exe
    c:\program files\QuickTime\qttask .exe
    c:\program files\Windows Media Player\wmpnscfg .exe

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 7th May 2010, 6:08 pm

ComboFix 10-05-05.04 - Jason 05/07/2010 10:42:35.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1683 [GMT -7:00]
Running from: c:\documents and settings\Jason\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\System32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty ate it :p
Infected copy of c:\windows\system32\drivers\RDPCDD.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\System32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty ate it :p
Infected copy of c:\windows\system32\drivers\RDPCDD.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\System32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - Kitty ate it :p
Infected copy of c:\windows\system32\drivers\RDPCDD.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-06 20:33 . 2010-05-06 20:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2010-05-06 04:20 . 2010-05-06 04:20 -------- d-----w- c:\documents and settings\Jason\Application Data\DivX
2010-05-06 04:19 . 2010-05-06 04:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-06 04:18 . 2010-05-06 04:19 -------- d-----w- c:\program files\DivX
2010-05-06 04:18 . 2010-05-06 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-06 04:15 . 2010-05-06 04:16 -------- d-----w- c:\documents and settings\Jason\Application Data\Media Player Classic
2010-05-06 01:31 . 2010-05-06 01:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 01:22 . 2010-05-06 01:27 -------- d-----w- c:\documents and settings\Jason\.SunDownloadManager
2010-05-05 23:15 . 2010-05-05 23:15 -------- d-----w- c:\documents and settings\HelpAssistant
2010-05-05 18:16 . 2010-05-05 18:16 -------- d-----w- c:\program files\ESET
2010-05-05 16:11 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 16:11 . 2010-05-06 04:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 16:11 . 2010-05-05 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-05 16:11 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 15:09 . 2010-05-05 15:09 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-05-05 00:54 . 2010-05-05 00:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-05 00:53 . 2010-05-05 00:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-05 00:32 . 2010-05-05 00:32 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-05-05 00:32 . 2010-05-05 00:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-05 00:31 . 2010-05-05 18:28 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\buxsrwcfh
2010-05-05 00:31 . 2010-05-05 18:29 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\rhgsrdolo
2010-05-05 00:31 . 2010-05-05 23:06 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-05-02 18:52 . 2010-05-02 18:52 -------- d-----w- c:\program files\iPod
2010-05-02 18:52 . 2010-05-07 17:42 -------- d-----w- c:\program files\iTunes
2010-05-02 18:52 . 2010-05-02 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-02 18:50 . 2010-05-07 17:42 -------- d-----w- c:\program files\QuickTime
2010-05-02 18:48 . 2010-05-02 18:48 -------- d-----w- c:\program files\Bonjour
2010-04-15 22:42 . 2010-04-15 22:42 -------- d-----w- c:\program files\DVDFab 7
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 17:54 . 2007-02-24 21:46 97784096 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-07 17:53 . 2007-02-24 21:46 1654560 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-07 17:52 . 2007-02-24 21:46 156116 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-07 17:52 . 2007-02-24 21:46 1310588 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-07 17:41 . 2007-02-24 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-06 01:33 . 2007-01-10 23:31 -------- d-----w- c:\program files\Java
2010-05-05 23:06 . 2003-03-31 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-05-05 00:38 . 2009-11-07 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-02 18:52 . 2009-08-15 18:09 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 18:47 . 2010-05-02 18:47 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-26 03:15 . 2007-04-02 00:04 -------- d--h--w- c:\documents and settings\Jason\Application Data\Move Networks
2010-04-21 23:18 . 2010-04-21 23:17 143976 ----a-w- c:\documents and settings\Jason\Application Data\Move Networks\uninstall.exe
2010-04-21 23:18 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Jason\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-04-21 04:20 . 2006-12-22 16:02 13688 ----a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 23:44 . 2007-04-22 13:07 -------- d-----w- c:\program files\Gspot
2010-04-15 23:40 . 2009-01-10 02:29 -------- d-----w- c:\program files\DVDlabPro2
2010-04-15 23:39 . 2008-06-23 21:59 -------- d-----w- c:\program files\Gravity
2010-04-15 23:39 . 2006-12-22 15:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 23:38 . 2006-12-23 07:36 -------- d-----w- c:\program files\World of Warcraft
2010-04-15 23:37 . 2009-01-09 21:00 -------- d-----w- c:\program files\DIKO
2010-04-15 23:36 . 2008-08-14 20:48 -------- d-----w- c:\program files\WinXMedia
2010-04-15 23:36 . 2008-07-26 16:34 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-15 23:35 . 2009-01-11 09:40 -------- d-----w- c:\program files\DVDFab 5
2010-04-15 23:35 . 2009-01-11 09:40 -------- d-----w- c:\documents and settings\Jason\Application Data\Vso
2010-04-15 23:35 . 2009-01-11 09:40 47360 ----a-w- c:\documents and settings\Jason\Application Data\pcouffin.sys
2010-04-15 23:35 . 2009-01-11 09:40 47360 ----a-w- c:\documents and settings\Jason\Application Data\pcouffin.sys
2010-04-15 23:35 . 2007-01-10 23:38 -------- d-----w- c:\documents and settings\Jason\Application Data\Azureus
2010-04-15 21:58 . 2007-01-10 23:29 -------- d-----w- c:\program files\Azureus
2010-04-14 21:38 . 2007-02-10 14:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 16:22 . 2007-01-10 23:30 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 16:22 . 2010-04-02 16:22 503808 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\msvcp71.dll
2010-04-02 16:22 . 2010-04-02 16:22 499712 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\jmc.dll
2010-04-02 16:22 . 2010-04-02 16:22 348160 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\msvcr71.dll
2010-04-02 16:22 . 2010-04-02 16:22 61440 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2e85a3bd-n\decora-sse.dll
2010-04-02 16:22 . 2010-04-02 16:22 12800 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2e85a3bd-n\decora-d3d.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-03-10 06:15 . 2003-03-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 06:24 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2003-03-31 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2006-08-16 12:14 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-10-21 64512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"8154:TCP"= 8154:TCP:Services
"8155:TCP"= 8155:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [3/17/2007 5:07 AM 13312]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/18/2008 11:10 PM 33824]
S1 zgjugyppha1;zgjugyppha1.sys;c:\windows\system32\drivers\zgjugyppha1.sys --> c:\windows\system32\drivers\zgjugyppha1.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [2/14/2010 4:21 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ladwlibm.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-07 10:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,d2,db,ba,ef,1c,95,4b,81,73,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,d2,db,ba,ef,1c,95,4b,81,73,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WININET.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-07 11:04:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 18:04
ComboFix2.txt 2010-05-06 00:37

Pre-Run: 88,068,067,328 bytes free
Post-Run: 88,124,473,344 bytes free

- - End Of File - - 078207E25AD431B74B15D3270BDEF811

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 7th May 2010, 10:26 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "8154:TCP"=-
    "8155:TCP"=-
    "3389:TCP"=-

    Driver::
    zgjugyppha1
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 8th May 2010, 1:55 am

Hello.

Just tried to run ComboFix as you instructed, but it seems to be just freezing up. The first time I let it run for 2 hours and it initially said that it found root activity and needed to reboot, the computer rebooted and it started again, but froze at the screen that says "Scanning for infected files". I left it there for 2 hours with no change, so I hard rebooted because the computer would not respond to soft reboot.

When it finished rebooting, I started ComboFix again and it seems to be stuck on that same screen again. I am letting it stay. There doesn't seem to be very much hard drive activity, but the computer is super, super slow.
I will reply again if it actually finished or in the morning, which ever comes first LOL.

Thanks again.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 8th May 2010, 3:41 am

Hello,

It still isn't working. Just freezes or the computer gets so slow that it doesn't actually accomplish anything...

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 8th May 2010, 5:02 am

Ok, so after a few reboots and such, it finally ran all the way through Smile

ComboFix 10-05-07.05 - Jason 05/07/2010 21:05:50.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1617 [GMT -7:00]
Running from: c:\documents and settings\Jason\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZGJUGYPPHA1
-------\Service_zgjugyppha1


((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-06 20:33 . 2010-05-06 20:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2010-05-06 04:20 . 2010-05-06 04:20 -------- d-----w- c:\documents and settings\Jason\Application Data\DivX
2010-05-06 04:19 . 2010-05-06 04:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-06 04:18 . 2010-05-06 04:19 -------- d-----w- c:\program files\DivX
2010-05-06 04:18 . 2010-05-06 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-06 04:15 . 2010-05-06 04:16 -------- d-----w- c:\documents and settings\Jason\Application Data\Media Player Classic
2010-05-06 01:31 . 2010-05-06 01:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 01:22 . 2010-05-06 01:27 -------- d-----w- c:\documents and settings\Jason\.SunDownloadManager
2010-05-05 23:24 . 2010-05-06 00:08 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-05-05 23:24 . 2010-05-05 23:24 -------- d-----w- c:\documents and settings\HelpAssistant\ZipForm
2010-05-05 23:24 . 2010-05-05 23:24 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-05-05 23:24 . 2010-05-05 23:24 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-05-05 23:24 . 2010-05-05 23:24 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-05-05 23:24 . 2010-05-05 23:24 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-05-05 23:24 . 2010-05-05 23:24 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2010-05-05 18:16 . 2010-05-05 18:16 -------- d-----w- c:\program files\ESET
2010-05-05 16:11 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 16:11 . 2010-05-06 04:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 16:11 . 2010-05-05 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-05 16:11 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 15:09 . 2010-05-05 15:09 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-05-05 00:54 . 2010-05-05 00:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-05 00:53 . 2010-05-05 00:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-05 00:32 . 2010-05-05 00:32 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-05-05 00:32 . 2010-05-05 00:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-05 00:31 . 2010-05-05 18:28 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\buxsrwcfh
2010-05-05 00:31 . 2010-05-05 18:29 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\rhgsrdolo
2010-05-05 00:31 . 2010-05-05 23:06 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-05-02 18:52 . 2010-05-02 18:52 -------- d-----w- c:\program files\iPod
2010-05-02 18:52 . 2010-05-07 17:42 -------- d-----w- c:\program files\iTunes
2010-05-02 18:52 . 2010-05-02 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-02 18:50 . 2010-05-07 17:42 -------- d-----w- c:\program files\QuickTime
2010-05-02 18:48 . 2010-05-02 18:48 -------- d-----w- c:\program files\Bonjour
2010-04-15 22:42 . 2010-04-15 22:42 -------- d-----w- c:\program files\DVDFab 7
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 04:15 . 2007-02-24 21:46 97940000 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-08 04:14 . 2007-02-24 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-08 04:13 . 2007-02-24 21:46 1659936 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-08 04:13 . 2007-02-24 21:46 156428 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-08 04:13 . 2007-02-24 21:46 1312676 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-06 01:33 . 2007-01-10 23:31 -------- d-----w- c:\program files\Java
2010-05-05 23:06 . 2003-03-31 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-05-05 00:38 . 2009-11-07 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-02 18:52 . 2009-08-15 18:09 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 18:47 . 2010-05-02 18:47 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-26 03:15 . 2007-04-02 00:04 -------- d--h--w- c:\documents and settings\Jason\Application Data\Move Networks
2010-04-21 23:18 . 2010-04-21 23:17 143976 ----a-w- c:\documents and settings\Jason\Application Data\Move Networks\uninstall.exe
2010-04-21 23:18 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Jason\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-04-21 04:20 . 2006-12-22 16:02 13688 ----a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 23:44 . 2007-04-22 13:07 -------- d-----w- c:\program files\Gspot
2010-04-15 23:40 . 2009-01-10 02:29 -------- d-----w- c:\program files\DVDlabPro2
2010-04-15 23:39 . 2008-06-23 21:59 -------- d-----w- c:\program files\Gravity
2010-04-15 23:39 . 2006-12-22 15:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 23:38 . 2006-12-23 07:36 -------- d-----w- c:\program files\World of Warcraft
2010-04-15 23:37 . 2009-01-09 21:00 -------- d-----w- c:\program files\DIKO
2010-04-15 23:36 . 2008-08-14 20:48 -------- d-----w- c:\program files\WinXMedia
2010-04-15 23:36 . 2008-07-26 16:34 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-15 23:35 . 2009-01-11 09:40 -------- d-----w- c:\program files\DVDFab 5
2010-04-15 23:35 . 2009-01-11 09:40 -------- d-----w- c:\documents and settings\Jason\Application Data\Vso
2010-04-15 23:35 . 2009-01-11 09:40 47360 ----a-w- c:\documents and settings\Jason\Application Data\pcouffin.sys
2010-04-15 23:35 . 2009-01-11 09:40 47360 ----a-w- c:\documents and settings\Jason\Application Data\pcouffin.sys
2010-04-15 23:35 . 2007-01-10 23:38 -------- d-----w- c:\documents and settings\Jason\Application Data\Azureus
2010-04-15 21:58 . 2007-01-10 23:29 -------- d-----w- c:\program files\Azureus
2010-04-14 21:38 . 2007-02-10 14:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 16:22 . 2007-01-10 23:30 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 16:22 . 2010-04-02 16:22 503808 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\msvcp71.dll
2010-04-02 16:22 . 2010-04-02 16:22 499712 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\jmc.dll
2010-04-02 16:22 . 2010-04-02 16:22 348160 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-165a9888-n\msvcr71.dll
2010-04-02 16:22 . 2010-04-02 16:22 61440 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2e85a3bd-n\decora-sse.dll
2010-04-02 16:22 . 2010-04-02 16:22 12800 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2e85a3bd-n\decora-d3d.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-03-10 06:15 . 2003-03-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 06:24 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2003-03-31 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2006-08-16 12:14 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-10-21 64512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [3/17/2007 5:07 AM 13312]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/18/2008 11:10 PM 33824]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [2/14/2010 4:21 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ladwlibm.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-07 21:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,d2,db,ba,ef,1c,95,4b,81,73,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,d2,db,ba,ef,1c,95,4b,81,73,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(1524)
c:\windows\system32\WININET.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\Rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-07 21:30:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-08 04:25
ComboFix2.txt 2010-05-07 18:04
ComboFix3.txt 2010-05-06 00:37

Pre-Run: 88,103,223,296 bytes free
Post-Run: 88,062,271,488 bytes free

- - End Of File - - 6271A1C83E6A8CAD9423547C6248D2DC

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 8th May 2010, 11:13 pm

Hello.

I see that you are running Azureus.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Azureus
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) 6 Update 19

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 8th May 2010, 11:44 pm

Seems to be running ok.

Having a problem uninstalling Java(TM) 6 Update 7.

Keep getting error "Internal Error 2753. RegUtils" followed by another box that pops up saying "fatal error during installation".

Also Kapersky is saying it is finding stuff still, but I didn't "neutralize" anything because we have been troubleshooting the last few days and didn't want to mess it up. Should I let it do its thing now?

Thanks again for all of your help.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 9th May 2010, 12:05 am

After reading some of the other forums here, I decided to unintall Kapersky (it was out of date and didn't want to pay for it again). I went to install Avira and got an installation error and am unable to install it.

I don't know if there is some Malware or something still on my computer preventing it. Or if it is in some way tied to not being able to unintall the Java(TM) 6 Update 7.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 9th May 2010, 4:21 pm

Hello,

Since I couldn't get Avira to install I gave AVG a shot and it seems to be working. I installed it and ran a full scan and it came up clean.

I'm still curious why the Java(TM) 6 Update 7 will not uninstall and why Avira wouldn't install. Makes me wonder if there isn't something else going on that AVG isn't picking up.

Thanks again.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 9th May 2010, 11:35 pm

Hello.
Don't worry, I've seen this before.

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.

    Java(TM) 6 Update 7

  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.

Has Java 6 update 7 been removed now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 10th May 2010, 3:00 am

Hmm...downloaded that program but Java 6 update 7 does not show up, only Java 6 update 20.

I went back to control panel/add remove programs and java 6 update 7 is still showing there...

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 10th May 2010, 9:55 pm

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 10th May 2010, 11:31 pm

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon May 10 16:30:19 2010

------------------------------------

Finished reporting.

I know...Wierd right? I check the Control Panel/add remove programs and it is STILL there LOL... Tried unintalling again from there and got the same error.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 11th May 2010, 7:35 pm

Nevermind, you are lucky to still have this machine working, you had a very nasty infection.

How's the machine behaving?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by madmac283 on 12th May 2010, 5:25 pm

Seems to be working just fine. Can you point me to a thread on how to get started with preventing something like this from happening again?

Once again, thank you for all of your help. It is very generous of you to donate your time and knowledge to helping people out.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 25015
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antisoft Probs, OTL Logs included

Post by Belahzur on 12th May 2010, 10:18 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum