Essential Cleaner fake antivirus removal help

View previous topic View next topic Go down

Essential Cleaner fake antivirus removal help

Post by AluminumTurd on Sat 07 May 2011, 5:23 am

I checked online and could find nothing under this name, though I have seen it before (a friends computer and my fathers have both been infected previously, both used system restore). The toolbar icon is a padlock and it pops up with a window showing a list of the 30 something malicious programs I am supposedly infected with.

Currently operating in safemode with networking pending advice.

Would a scan in this mode with MalwareBytes remove this infection?
I also have Spybot S&D and Avast Antivirus if necessary.

Please provide information on the right steps to take in full removal of this threat, and steps to take to prevent further infection (as it seems to have happened out of nowhere, I was on Facebook when the icon first appeared and the false alert window opened).

AluminumTurd

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-04-19
Operating System : Windows XP Home Edition

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by Belahzur on Sat 07 May 2011, 6:45 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by AluminumTurd on Sat 07 May 2011, 7:12 am

OTL.TXT LOG
OTL logfile created on: 5/6/2011 4:07:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dylan Roach\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.88 Gb Total Space | 19.98 Gb Free Space | 48.88% Space Free | Partition Type: NTFS

Computer Name: DYLAN-291CE3802 | User Name: Dylan Roach | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 16:06:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dylan Roach\My Documents\Downloads\OTL.exe
PRC - [2011/04/30 16:25:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 16:06:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dylan Roach\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/01/14 13:55:15 | 000,071,168 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 21:00:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFEAA9F8-DDCB-4497-B63F-76DA06C9E06D}\MpKsla2669d1e.sys -- (MpKsla2669d1e)
DRV - [2011/01/14 13:55:15 | 000,069,824 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2011/01/13 04:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 04:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 04:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 04:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 04:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 04:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/02 05:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/20 23:07:04 | 000,011,392 | ---- | M] (TOSHIBA ) [Kernel | System | Stopped] -- C:\batt_en3.tos\TPwSav_SMB.sys -- (TPwSav_SMB)
DRV - [2006/07/13 17:41:14 | 000,002,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\batt_en3.tos\tosinvpc.sys -- (TOSINVPC)
DRV - [2006/05/05 11:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 16:26:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/21 16:55:58 | 000,000,000 | ---D | M]

[2011/01/06 23:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dylan Roach\Application Data\Mozilla\Extensions
[2011/04/21 22:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dylan Roach\Application Data\Mozilla\Firefox\Profiles\vvl2gegg.default\extensions
[2011/01/23 09:59:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dylan Roach\Application Data\Mozilla\Firefox\Profiles\vvl2gegg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/21 19:59:53 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Dylan Roach\Application Data\Mozilla\Firefox\Profiles\vvl2gegg.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/04/21 16:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DYLAN ROACH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VVL2GEGG.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011/01/06 21:57:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/30 16:25:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/19 16:24:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [lC31000BgDmF31000] C:\Documents and Settings\All Users\Application Data\lC31000BgDmF31000\lC31000BgDmF31000.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\Dylan Roach\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlnfw32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dylan Roach\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dylan Roach\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/30 02:46:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 13:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\lC31000BgDmF31000
[2011/05/03 16:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III
[2011/05/02 08:02:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/27 14:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dylan Roach\Local Settings\Application Data\LogMeIn Hamachi
[2011/04/27 14:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2011/04/27 14:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2011/04/27 14:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/04/26 21:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comical
[2011/04/26 21:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2011/04/25 21:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dylan Roach\My Documents\PFtek
[2011/04/22 12:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dylan Roach\My Documents\Warcraft III
[2011/04/21 17:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/04/20 21:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/19 16:28:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/12 00:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dylan Roach\Application Data\PBlackout
[2011/04/11 23:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dylan Roach\Local Settings\Application Data\PMB Files
[2011/04/11 23:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/04/11 23:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/04/06 22:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/06 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2011/04/06 22:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2011/04/06 22:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Scan
[2011/04/06 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0300000.067
[2011/04/06 22:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/04/06 22:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/06 22:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 15:55:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 14:17:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/06 14:11:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/06 14:11:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 19:49:53 | 001,112,830 | ---- | M] () -- C:\Documents and Settings\Dylan Roach\My Documents\Munkey.ai
[2011/05/05 19:26:40 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Dylan Roach.job
[2011/05/02 08:49:59 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Dylan Roach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 10:32:54 | 000,002,027 | ---- | M] () -- C:\Documents and Settings\Dylan Roach\My Documents\Civil rights legislation.rtf
[2011/04/26 18:59:39 | 000,000,346 | ---- | M] () -- C:\Documents and Settings\Dylan Roach\My Documents\ali class.rtf
[2011/04/26 10:19:05 | 000,004,111 | ---- | M] () -- C:\Documents and Settings\Dylan Roach\My Documents\Nam and Civil Rights.rtf
[2011/04/21 17:39:28 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/04/21 16:58:39 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Dylan Roach\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/21 16:58:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/21 15:32:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/20 20:25:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dylan Roach\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/19 16:24:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/16 12:26:41 | 003,461,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 11:38:00 | 000,578,872 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 11:38:00 | 000,102,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/06 22:28:42 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/02 09:44:00 | 001,112,830 | ---- | C] () -- C:\Documents and Settings\Dylan Roach\My Documents\Munkey.ai
[2011/04/28 10:32:52 | 000,002,027 | ---- | C] () -- C:\Documents and Settings\Dylan Roach\My Documents\Civil rights legislation.rtf
[2011/04/26 18:59:38 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\Dylan Roach\My Documents\ali class.rtf
[2011/04/26 10:04:25 | 000,004,111 | ---- | C] () -- C:\Documents and Settings\Dylan Roach\My Documents\Nam and Civil Rights.rtf
[2011/04/21 17:39:28 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/04/21 16:58:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Dylan Roach\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/21 16:58:29 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/20 20:21:29 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dylan Roach\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/20 20:21:29 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dylan Roach\Start Menu\Programs\Internet Explorer.lnk
[2011/04/06 22:29:13 | 000,000,456 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Dylan Roach.job
[2011/04/06 22:28:41 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2011/04/06 22:27:32 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0300000.067\isolate.ini
[2011/03/31 19:17:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/31 19:17:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/31 19:17:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/31 19:17:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/31 19:17:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/16 16:27:04 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/02/12 00:24:44 | 000,027,880 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/14 13:55:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2011/01/14 13:55:17 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31c.exe
[2011/01/14 13:55:16 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2011/01/14 13:55:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2011/01/14 13:55:15 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31s.exe
[2011/01/14 13:55:15 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2011/01/09 03:14:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/12/19 07:41:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/12/18 15:31:29 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Dylan Roach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 12:27:28 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2010/12/18 12:19:33 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/18 11:19:31 | 000,000,502 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/12/17 22:54:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/10 01:41:56 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/12/08 22:33:25 | 000,196,222 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2010/12/08 22:33:25 | 000,001,678 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2010/12/01 19:03:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/30 03:10:43 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2010/11/30 03:10:43 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2010/11/30 03:10:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/11/30 02:49:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 02:43:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/29 18:36:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/29 18:34:56 | 003,461,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/27 01:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 01:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,578,872 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,102,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 14:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 14:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 14:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

< End of report >


Last edited by AluminumTurd on Sat 07 May 2011, 7:14 am; edited 1 time in total

AluminumTurd

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-04-19
Operating System : Windows XP Home Edition

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by AluminumTurd on Sat 07 May 2011, 7:13 am

EXTRAS.TXT LOG
OTL Extras logfile created on: 5/6/2011 4:07:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dylan Roach\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.88 Gb Total Space | 19.98 Gb Free Space | 48.88% Space Free | Partition Type: NTFS

Computer Name: DYLAN-291CE3802 | User Name: Dylan Roach | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56978:TCP" = 56978:TCP:*:Enabled:Pando Media Booster
"56978:UDP" = 56978:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"56978:TCP" = 56978:TCP:*:Enabled:Pando Media Booster
"56978:UDP" = 56978:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\ComicRack\ComicRack.exe" = C:\Program Files\ComicRack\ComicRack.exe:*:Enabled:ComicRack
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\SG Interactive\Project Blackout\PBlackout.exe" = C:\SG Interactive\Project Blackout\PBlackout.exe:*:Enabled:PBlackout
"C:\Documents and Settings\Dylan Roach\My Documents\Downloads\Age of Empires II Gold Edition\Age of Empires II The Conquerors.exe" = C:\Documents and Settings\Dylan Roach\My Documents\Downloads\Age of Empires II Gold Edition\Age of Empires II The Conquerors.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Documents and Settings\Dylan Roach\My Documents\Warcraft III\Warcraft III.exe" = C:\Documents and Settings\Dylan Roach\My Documents\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"C:\Documents and Settings\Dylan Roach\My Documents\Downloads\Lancraft\lancraft.exe" = C:\Documents and Settings\Dylan Roach\My Documents\Downloads\Lancraft\lancraft.exe:*:Enabled:lancraft
"C:\Documents and Settings\Dylan Roach\My Documents\Warcraft III\Lancraft\lancraft.exe" = C:\Documents and Settings\Dylan Roach\My Documents\Warcraft III\Lancraft\lancraft.exe:*:Enabled:lancraft
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Lancraft\lancraft.exe" = C:\Program Files\Warcraft III\Lancraft\lancraft.exe:*:Enabled:lancraft -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8418AE50-F7EB-C26A-3C1F-A2C7FEC8FEF2}" = pixelMate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"avast5" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comical_is1" = Comical 0.8
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"JDSecure" = JD Secure 3.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"uk.co.atleastimtrying.pixelmate.1DBC40A0804903013DA8A14CE255FFC8EB8F0890.1" = pixelMate
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2011 8:01:29 AM | Computer Name = DYLAN-291CE3802 | Source = Application Error | ID = 1000
Description = Faulting application Illustrator.exe, version 13.0.128.0, faulting
module unknown, version 0.0.0.0, fault address 0x01d6550b.

Error - 5/2/2011 8:02:12 AM | Computer Name = DYLAN-291CE3802 | Source = Application Error | ID = 1000
Description = Faulting application Illustrator.exe, version 13.0.128.0, faulting
module unknown, version 0.0.0.0, fault address 0x01d6550b.

Error - 5/2/2011 9:35:27 PM | Computer Name = DYLAN-291CE3802 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8107.0, P3 timeout, P4 1.1.6802.0, P5 fixed, P6 1 _ 512, P7 10 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 5/3/2011 3:43:37 PM | Computer Name = DYLAN-291CE3802 | Source = Application Error | ID = 1000
Description = Faulting application lancraft.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 5/3/2011 3:43:57 PM | Computer Name = DYLAN-291CE3802 | Source = Application Error | ID = 1000
Description = Faulting application lancraft.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 5/4/2011 7:35:24 PM | Computer Name = DYLAN-291CE3802 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8107.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 5/5/2011 4:04:35 PM | Computer Name = DYLAN-291CE3802 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/5/2011 4:09:25 PM | Computer Name = DYLAN-291CE3802 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/5/2011 6:02:46 PM | Computer Name = DYLAN-291CE3802 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/5/2011 7:06:18 PM | Computer Name = DYLAN-291CE3802 | Source = Application Hang | ID = 1002
Description = Hanging application hamachi-2-ui.exe, version 2.0.3.111, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:05 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/2/2011 8:18:06 AM | Computer Name = DYLAN-291CE3802 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

AluminumTurd

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-04-19
Operating System : Windows XP Home Edition

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by Belahzur on Sat 07 May 2011, 7:17 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKCU..\RunOnce: [lC31000BgDmF31000] C:\Documents and Settings\All Users\Application Data\lC31000BgDmF31000\lC31000BgDmF31000.exe ()
    O20 - Winlogon\Notify\itlnfw32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
    [2011/05/06 13:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\lC31000BgDmF31000



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by AluminumTurd on Sat 07 May 2011, 7:43 am

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lC31000BgDmF31000 deleted successfully.
C:\Documents and Settings\All Users\Application Data\lC31000BgDmF31000\lC31000BgDmF31000.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlntfy\ deleted successfully.
Folder C:\Documents and Settings\All Users\Application Data\lC31000BgDmF31000\ not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05062011_164259

AluminumTurd

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-04-19
Operating System : Windows XP Home Edition

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by Belahzur on Sat 07 May 2011, 7:46 am

Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by AluminumTurd on Sat 07 May 2011, 7:53 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6521

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/6/2011 4:53:19 PM
mbam-log-2011-05-06 (16-53-19).txt

Scan type: Quick scan
Objects scanned: 158205
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\dylan roach\local settings\temp\0.5442165258715345.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\dylan roach\local settings\temp\jar_cache2155072809399020152.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\dylan roach\local settings\temp\0.2530685345459003.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

AluminumTurd

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-04-19
Operating System : Windows XP Home Edition

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by Belahzur on Sat 07 May 2011, 8:06 am

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by AluminumTurd on Sat 07 May 2011, 8:33 am

ComboFix 11-05-06.02 - Dylan Roach 05/06/2011 17:23:46.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.323 [GMT -4:00]
Running from: c:\documents and settings\Dylan Roach\My Documents\Combo-Fix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 20:42 . 2011-05-06 20:42 -------- d-----w- C:\_OTL
2011-05-06 17:49 . 2011-05-06 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\lC31000BgDmF31000
2011-05-06 01:00 . 2011-05-06 01:00 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFEAA9F8-DDCB-4497-B63F-76DA06C9E06D}\MpKsla2669d1e.sys
2011-05-06 00:55 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFEAA9F8-DDCB-4497-B63F-76DA06C9E06D}\mpengine.dll
2011-05-03 20:46 . 2011-05-04 16:51 -------- d-----w- c:\program files\Warcraft III
2011-04-27 18:37 . 2011-05-06 21:29 -------- d-----w- c:\documents and settings\Dylan Roach\Local Settings\Application Data\LogMeIn Hamachi
2011-04-27 18:29 . 2011-05-06 21:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2011-04-27 18:27 . 2011-04-27 18:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-04-27 01:14 . 2011-04-27 01:14 -------- d-----w- c:\program files\Comical
2011-04-21 01:01 . 2011-04-21 01:01 -------- d-----w- c:\program files\ESET
2011-04-19 01:43 . 2011-04-19 01:45 -------- d-----w- c:\documents and settings\Administrator.DYLAN-291CE3802
2011-04-12 04:57 . 2011-04-12 04:57 -------- d-----w- c:\documents and settings\Dylan Roach\Application Data\PBlackout
2011-04-12 03:40 . 2011-04-12 17:26 -------- d-----w- c:\documents and settings\Dylan Roach\Local Settings\Application Data\PMB Files
2011-04-12 03:40 . 2011-04-12 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-04-12 03:40 . 2011-04-12 03:40 -------- d-----w- c:\program files\Pando Networks
2011-04-07 02:29 . 2011-05-04 20:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-07 02:27 . 2011-04-07 02:27 -------- d-----w- c:\windows\system32\drivers\NSS
2011-04-07 02:27 . 2011-04-07 02:27 -------- d-----w- c:\program files\Norton Security Scan
2011-04-07 02:27 . 2011-04-07 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-04-07 02:20 . 2011-04-07 02:20 -------- d-----w- c:\program files\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2010-11-30 19:55 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-15 04:05 . 2011-04-05 01:36 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-03-07 05:33 . 2010-11-30 06:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\SET28.tmp
2011-02-16 20:44 . 2010-11-30 07:09 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-02-15 12:56 . 2008-04-14 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-30 20:25 . 2011-04-21 20:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Dylan Roach\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2010-12-18 156784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Dylan Roach\\My Documents\\Downloads\\Age of Empires II Gold Edition\\Age of Empires II The Conquerors.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Lancraft\\lancraft.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"56978:TCP"= 56978:TCP:Pando Media Booster
"56978:UDP"= 56978:UDP:Pando Media Booster
.
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/28/2011 3:41 PM 1242504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/7/2011 8:28 PM 294608]
S1 MpKsl01639a08;MpKsl01639a08;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C1A2328-90E7-4B20-8203-93690DBD4261}\MpKsl01639a08.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C1A2328-90E7-4B20-8203-93690DBD4261}\MpKsl01639a08.sys [?]
S1 MpKsl03f865e5;MpKsl03f865e5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DEDCE930-CC8A-4811-A1F9-CF0C20A33960}\MpKsl03f865e5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DEDCE930-CC8A-4811-A1F9-CF0C20A33960}\MpKsl03f865e5.sys [?]
S1 MpKsl1cd58706;MpKsl1cd58706;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9156E489-BAF3-48FB-BF39-2AAA7EF3DD26}\MpKsl1cd58706.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9156E489-BAF3-48FB-BF39-2AAA7EF3DD26}\MpKsl1cd58706.sys [?]
S1 MpKsl24c8212f;MpKsl24c8212f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C9F19E2-DD5B-40D0-8F73-2CB68AF49E1C}\MpKsl24c8212f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C9F19E2-DD5B-40D0-8F73-2CB68AF49E1C}\MpKsl24c8212f.sys [?]
S1 MpKsl24c849ba;MpKsl24c849ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A8E9269-2D53-4039-997F-2B221D5AD5EC}\MpKsl24c849ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A8E9269-2D53-4039-997F-2B221D5AD5EC}\MpKsl24c849ba.sys [?]
S1 MpKsl2f23e072;MpKsl2f23e072;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BA6D9E2-1BC5-4DE5-9B51-E76169594745}\MpKsl2f23e072.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BA6D9E2-1BC5-4DE5-9B51-E76169594745}\MpKsl2f23e072.sys [?]
S1 MpKsl32b81474;MpKsl32b81474;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C250DC3F-2566-4138-9D6B-5251D6BD259B}\MpKsl32b81474.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C250DC3F-2566-4138-9D6B-5251D6BD259B}\MpKsl32b81474.sys [?]
S1 MpKsl32d70618;MpKsl32d70618;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05DC13B3-8EE5-417B-A5CE-383882BBFFA1}\MpKsl32d70618.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05DC13B3-8EE5-417B-A5CE-383882BBFFA1}\MpKsl32d70618.sys [?]
S1 MpKsl39074cb4;MpKsl39074cb4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DE0B810-CBA0-426D-80BD-F2211F631467}\MpKsl39074cb4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DE0B810-CBA0-426D-80BD-F2211F631467}\MpKsl39074cb4.sys [?]
S1 MpKsl4652cc11;MpKsl4652cc11;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C1A2328-90E7-4B20-8203-93690DBD4261}\MpKsl4652cc11.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C1A2328-90E7-4B20-8203-93690DBD4261}\MpKsl4652cc11.sys [?]
S1 MpKsl46dd71b6;MpKsl46dd71b6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A9DE761-06B7-4DE7-8078-610CAF6C81AB}\MpKsl46dd71b6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A9DE761-06B7-4DE7-8078-610CAF6C81AB}\MpKsl46dd71b6.sys [?]
S1 MpKsl48c0bbb1;MpKsl48c0bbb1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7782B69C-7B4B-4337-AFBF-6B7F5CB4EC61}\MpKsl48c0bbb1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7782B69C-7B4B-4337-AFBF-6B7F5CB4EC61}\MpKsl48c0bbb1.sys [?]
S1 MpKsl4d72603e;MpKsl4d72603e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{590F9F27-095D-413E-95D7-CA30F5B037E1}\MpKsl4d72603e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{590F9F27-095D-413E-95D7-CA30F5B037E1}\MpKsl4d72603e.sys [?]
S1 MpKsl4e219cc2;MpKsl4e219cc2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A9DE761-06B7-4DE7-8078-610CAF6C81AB}\MpKsl4e219cc2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A9DE761-06B7-4DE7-8078-610CAF6C81AB}\MpKsl4e219cc2.sys [?]
S1 MpKsl55bcad38;MpKsl55bcad38;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60FAF7E6-AEA2-4E86-9EF0-5B5CA8BA0C96}\MpKsl55bcad38.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60FAF7E6-AEA2-4E86-9EF0-5B5CA8BA0C96}\MpKsl55bcad38.sys [?]
S1 MpKsl576bd075;MpKsl576bd075;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACF135E4-BBE0-419C-A5B5-C3997BF6BFDF}\MpKsl576bd075.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACF135E4-BBE0-419C-A5B5-C3997BF6BFDF}\MpKsl576bd075.sys [?]
S1 MpKsl5b4ea568;MpKsl5b4ea568;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7782B69C-7B4B-4337-AFBF-6B7F5CB4EC61}\MpKsl5b4ea568.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7782B69C-7B4B-4337-AFBF-6B7F5CB4EC61}\MpKsl5b4ea568.sys [?]
S1 MpKsl5b9aac15;MpKsl5b9aac15;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCF9599A-F804-4113-818F-095FE5A662F7}\MpKsl5b9aac15.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCF9599A-F804-4113-818F-095FE5A662F7}\MpKsl5b9aac15.sys [?]
S1 MpKsl649c829c;MpKsl649c829c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C1A2328-90E7-4B20-8203-93690DBD4261}\MpKsl649c829c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C1A2328-90E7-4B20-8203-93690DBD4261}\MpKsl649c829c.sys [?]
S1 MpKsl64bc8011;MpKsl64bc8011;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{590F9F27-095D-413E-95D7-CA30F5B037E1}\MpKsl64bc8011.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{590F9F27-095D-413E-95D7-CA30F5B037E1}\MpKsl64bc8011.sys [?]
S1 MpKsl66c86d5f;MpKsl66c86d5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC110E93-6645-4B51-B0C0-0B9BCB759D7C}\MpKsl66c86d5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC110E93-6645-4B51-B0C0-0B9BCB759D7C}\MpKsl66c86d5f.sys [?]
S1 MpKsl6cef9b56;MpKsl6cef9b56;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DE0B810-CBA0-426D-80BD-F2211F631467}\MpKsl6cef9b56.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DE0B810-CBA0-426D-80BD-F2211F631467}\MpKsl6cef9b56.sys [?]
S1 MpKsl7205145a;MpKsl7205145a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BA6D9E2-1BC5-4DE5-9B51-E76169594745}\MpKsl7205145a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BA6D9E2-1BC5-4DE5-9B51-E76169594745}\MpKsl7205145a.sys [?]
S1 MpKsl72ba7c89;MpKsl72ba7c89;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB00B538-00A7-4534-8D99-6892B1D53AFA}\MpKsl72ba7c89.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB00B538-00A7-4534-8D99-6892B1D53AFA}\MpKsl72ba7c89.sys [?]
S1 MpKsl78e48aba;MpKsl78e48aba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFD0707-8A8D-431B-8482-3D31EBC9D30A}\MpKsl78e48aba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFD0707-8A8D-431B-8482-3D31EBC9D30A}\MpKsl78e48aba.sys [?]
S1 MpKsl82c4a94c;MpKsl82c4a94c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05DC13B3-8EE5-417B-A5CE-383882BBFFA1}\MpKsl82c4a94c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05DC13B3-8EE5-417B-A5CE-383882BBFFA1}\MpKsl82c4a94c.sys [?]
S1 MpKsl8662d381;MpKsl8662d381;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{995673F7-E623-4B99-ACAF-11FF059ABD75}\MpKsl8662d381.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{995673F7-E623-4B99-ACAF-11FF059ABD75}\MpKsl8662d381.sys [?]
S1 MpKsl892b1037;MpKsl892b1037;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC110E93-6645-4B51-B0C0-0B9BCB759D7C}\MpKsl892b1037.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC110E93-6645-4B51-B0C0-0B9BCB759D7C}\MpKsl892b1037.sys [?]
S1 MpKsl8a761944;MpKsl8a761944;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E96AFA9D-AC70-484C-B035-8D80BE20ACC5}\MpKsl8a761944.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E96AFA9D-AC70-484C-B035-8D80BE20ACC5}\MpKsl8a761944.sys [?]
S1 MpKsl90d88deb;MpKsl90d88deb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BA6D9E2-1BC5-4DE5-9B51-E76169594745}\MpKsl90d88deb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BA6D9E2-1BC5-4DE5-9B51-E76169594745}\MpKsl90d88deb.sys [?]
S1 MpKsl944e3a26;MpKsl944e3a26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A8E9269-2D53-4039-997F-2B221D5AD5EC}\MpKsl944e3a26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A8E9269-2D53-4039-997F-2B221D5AD5EC}\MpKsl944e3a26.sys [?]
S1 MpKsla2669d1e;MpKsla2669d1e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFEAA9F8-DDCB-4497-B63F-76DA06C9E06D}\MpKsla2669d1e.sys [5/5/2011 9:00 PM 28752]
S1 MpKsla342e70b;MpKsla342e70b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC110E93-6645-4B51-B0C0-0B9BCB759D7C}\MpKsla342e70b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC110E93-6645-4B51-B0C0-0B9BCB759D7C}\MpKsla342e70b.sys [?]
S1 MpKsla4e2818d;MpKsla4e2818d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70399FCF-0CAF-4089-AB53-A6A38F68919E}\MpKsla4e2818d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70399FCF-0CAF-4089-AB53-A6A38F68919E}\MpKsla4e2818d.sys [?]
S1 MpKslb000767c;MpKslb000767c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{442A31FD-BD4A-49F4-9108-72C4386D223F}\MpKslb000767c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{442A31FD-BD4A-49F4-9108-72C4386D223F}\MpKslb000767c.sys [?]
S1 MpKslb43e8994;MpKslb43e8994;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A9DE761-06B7-4DE7-8078-610CAF6C81AB}\MpKslb43e8994.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A9DE761-06B7-4DE7-8078-610CAF6C81AB}\MpKslb43e8994.sys [?]
S1 MpKslb9dd7f1c;MpKslb9dd7f1c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFD0707-8A8D-431B-8482-3D31EBC9D30A}\MpKslb9dd7f1c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFD0707-8A8D-431B-8482-3D31EBC9D30A}\MpKslb9dd7f1c.sys [?]
S1 MpKslc4d3a1ca;MpKslc4d3a1ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{590F9F27-095D-413E-95D7-CA30F5B037E1}\MpKslc4d3a1ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{590F9F27-095D-413E-95D7-CA30F5B037E1}\MpKslc4d3a1ca.sys [?]
S1 MpKslcc09bfa7;MpKslcc09bfa7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA45908B-F95F-4F12-B89B-0277BDC025F1}\MpKslcc09bfa7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA45908B-F95F-4F12-B89B-0277BDC025F1}\MpKslcc09bfa7.sys [?]
S1 MpKsld2e6d245;MpKsld2e6d245;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A8E9269-2D53-4039-997F-2B221D5AD5EC}\MpKsld2e6d245.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A8E9269-2D53-4039-997F-2B221D5AD5EC}\MpKsld2e6d245.sys [?]
S1 MpKsld4279aa1;MpKsld4279aa1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CB13EFE-A42F-45C4-9B25-CA7FFF177A1E}\MpKsld4279aa1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CB13EFE-A42F-45C4-9B25-CA7FFF177A1E}\MpKsld4279aa1.sys [?]
S1 MpKsld65b2856;MpKsld65b2856;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05DC13B3-8EE5-417B-A5CE-383882BBFFA1}\MpKsld65b2856.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05DC13B3-8EE5-417B-A5CE-383882BBFFA1}\MpKsld65b2856.sys [?]
S1 MpKsld830776f;MpKsld830776f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{590F9F27-095D-413E-95D7-CA30F5B037E1}\MpKsld830776f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{590F9F27-095D-413E-95D7-CA30F5B037E1}\MpKsld830776f.sys [?]
S1 MpKsldcecbfbf;MpKsldcecbfbf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBC99E60-D6A3-4379-B278-AA86B36953CE}\MpKsldcecbfbf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBC99E60-D6A3-4379-B278-AA86B36953CE}\MpKsldcecbfbf.sys [?]
S1 MpKsle3523482;MpKsle3523482;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9156E489-BAF3-48FB-BF39-2AAA7EF3DD26}\MpKsle3523482.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9156E489-BAF3-48FB-BF39-2AAA7EF3DD26}\MpKsle3523482.sys [?]
S1 MpKslf5c2e819;MpKslf5c2e819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFD0707-8A8D-431B-8482-3D31EBC9D30A}\MpKslf5c2e819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDFD0707-8A8D-431B-8482-3D31EBC9D30A}\MpKslf5c2e819.sys [?]
S1 MpKslfb063839;MpKslfb063839;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC110E93-6645-4B51-B0C0-0B9BCB759D7C}\MpKslfb063839.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC110E93-6645-4B51-B0C0-0B9BCB759D7C}\MpKslfb063839.sys [?]
S1 MpKslfc2c8c20;MpKslfc2c8c20;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0EA10E8D-78B6-484B-9662-ED932BCFCE2E}\MpKslfc2c8c20.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0EA10E8D-78B6-484B-9662-ED932BCFCE2E}\MpKslfc2c8c20.sys [?]
S1 TPwSav_SMB;TPwSav_SMB;c:\batt_en3.tos\TPwSav_SMB.sys [7/20/2006 11:07 PM 11392]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/7/2011 8:28 PM 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\DYLANR~1\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\DYLANR~1\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
S3 TOSINVPC;TOSINVPC;c:\batt_en3.tos\tosinvpc.sys [7/13/2006 5:41 PM 2688]
S3 WinPhlash;WinPhlash;\??\c:\docume~1\DYLANR~1\LOCALS~1\Temp\RarSFX0\S10VWF\PHLASHNT.SYS --> c:\docume~1\DYLANR~1\LOCALS~1\Temp\RarSFX0\S10VWF\PHLASHNT.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-05-05 c:\windows\Tasks\Norton Security Scan for Dylan Roach.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-04-07 01:15]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Dylan Roach\Application Data\Mozilla\Firefox\Profiles\vvl2gegg.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-06 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-05-06 17:31:26
ComboFix-quarantined-files.txt 2011-05-06 21:31
ComboFix2.txt 2011-04-19 20:28
.
Pre-Run: 21,390,655,488 bytes free
Post-Run: 21,694,464,000 bytes free
.
- - End Of File - - 00BC5CF87C99AF287C40056DCD7B8BBA

AluminumTurd

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-04-19
Operating System : Windows XP Home Edition

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by Belahzur on Sun 08 May 2011, 1:04 am

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Essential Cleaner fake antivirus removal help

Post by Sponsored content Today at 4:40 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum