WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

win32:sirefef-sm[trj] & win32:rootkit-gen[rtk] [Closed]

Started by portboy123 , May 08 2012 09:16 AM

This topic is locked

134 replies to this topic

#16 portboy123

Authentic Member

Authentic Member
124 posts

Posted 08 May 2012 - 08:27 PM

i did it anyway and still no connection

Advertisements

Register to Remove

#17 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 08 May 2012 - 08:31 PM

Hi,

Let's continue...until we can get your internet worked out just transfer the files to the infected system.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

#18 portboy123

Authentic Member

Authentic Member
124 posts

Posted 08 May 2012 - 09:52 PM

i ran combo fix and it didnt leave any results but it said i have rookkit.zero access. all imicrosoft recovery console note; this rquires a internet connec get when i run it is tion so i clicked no and it went to a auto scan with no results to give you . can we pick this up on wednesday ? thanks

Edited by portboy123, 08 May 2012 - 10:04 PM.

#19 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 09 May 2012 - 05:30 AM

Hi,

Of course we can pick it up later.

If you need extra time just let me know and I will be happy to leave the topic open.

Check in your C:\ folder to see if there was a log created. It would be named ComboFix.txt.

Just for your information... **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

----------

#20 portboy123

Authentic Member

Authentic Member
124 posts

Posted 09 May 2012 - 06:57 AM

hi jeff i didnt find the combofix.txt but if we continue does it mean i can screw up this computer also?

#21 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 09 May 2012 - 07:11 AM

if we continue does it mean i can screw up this computer also?

If you mean can we infect the computer that you are using now? If that is what you mean, than the likely-hood is very unlikely as this infection I have not seen jump computers.

Try to run ComboFix in Safe Mode. It may run through there. If so please post the log created to your next reply.

#22 portboy123

Authentic Member

Authentic Member
124 posts

Posted 09 May 2012 - 07:42 AM

i tryed in safemode it ran but no results yes i was worried about this computer

Edited by portboy123, 09 May 2012 - 07:56 AM.

#23 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 09 May 2012 - 09:32 AM

Hi,

Is ComboFix running through?

Go to C:\Qoobox\ComboFix-quarantined-files.txt and see if the ComboFix.txt is there.
----------

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
In Custom Scans/Fixes put the following:
netsvcs
/md5start
consrv.dll
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

#24 portboy123

Authentic Member

Authentic Member
124 posts

Posted 09 May 2012 - 10:09 AM

hi jeff cant find combo fix txt. maby i didnt install it right . i am running the otl scan now and will put up results when it is finished.

#25 portboy123

Authentic Member

Authentic Member
124 posts

Posted 09 May 2012 - 10:19 AM

hi jeff here is the extras OTL Extras logfile created on: 5/9/2012 11:58:42 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 238.93 Mb Available Physical Memory | 46.71% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.82% Paging File free
Paging file location(s): c:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.67 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 1.87 Gb Free Space | 99.97% Space Free | Partition Type: FAT

Computer Name: FRANK-SONY | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX6000 Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{964032DD-EC00-4442-98A0-57665B746068}" = Creative Zen Micro (PlaysForSure)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Art of Wine Professional_is1" = Art of Wine Professional 3.0.0
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative Jukebox Driver" = Creative Jukebox Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Glary Utilities_is1" = Glary Utilities Pro 2.44.0.1450
"gonefishing_3043512" = gonefishing_3043512 Screen Saver
"ie8" = Windows Internet Explorer 8
"iISystem Wiper_is1" = iISystem Wiper 2.4.1
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nature_3120380" = nature_3120380 Screen Saver
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Picasa 3" = Picasa 3
"Privacy Guardian_is1" = PC Tools Privacy Guardian 5.0
"Silent Package Run-Time Sample" = EPSON CX6000 Series User's Guide
"SpywareBlaster_is1" = SpywareBlaster 4.3
"tropicalreef_3116236" = tropicalreef_3116236 Screen Saver
"Unlocker" = Unlocker 1.9.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Zen Micro Media Explorer" = Zen Micro Media Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2012 10:57:44 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)

Error - 5/8/2012 10:58:05 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 5/8/2012 10:58:05 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 5/8/2012 10:58:05 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 9000
Description = The Windows Search Service cannot open the Jet property store. Details:
0x%08x
(0x8004117f - The content index server cannot update or access information because
of a database error. Stop and restart the search service. If the problem persists,
reset and recrawl the content index. In some cases it may be necessary to delete
and recreate the content index. )

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 9002
Description = The Windows Search Service cannot load the property store information.

Context:
Windows Application, SystemIndex Catalog Details: 0x%08x (0x8004117f - The content
index server cannot update or access information because of a database error.
Stop and restart the search service. If the problem persists, reset and recrawl
the content index. In some cases it may be necessary to delete and recreate the
content index. )

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index metadata cannot
be read. (0xc0041801)

Error - 5/9/2012 9:55:57 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (0x80070490)

Error - 5/9/2012 9:55:57 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index metadata cannot be read. (0xc0041801)

Error - 5/9/2012 9:55:57 AM | Computer Name = FRANK-SONY | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index metadata cannot be read. (0xc0041801)

[ System Events ]
Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7023
Description = The Yukonwlh service terminated with the following error: %%126

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7023
Description = The Vsdatant service terminated with the following error: %%126

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7023
Description = The Intcazaudaddservice service terminated with the following error:
%%126

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7023
Description = The Ql2100 service terminated with the following error: %%126

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7023
Description = The Symantecantibotshim service terminated with the following error:
%%126

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7023
Description = The AcronisOSSReinstallSvc service terminated with the following error:
%%126

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7023
Description = The Se44obex service terminated with the following error: %%126

Error - 5/9/2012 9:55:54 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7023
Description = The Hwpsgt service terminated with the following error: %%126

Error - 5/9/2012 9:56:00 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NetBT

Error - 5/9/2012 9:56:00 AM | Computer Name = FRANK-SONY | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

< End of report >

Advertisements

Register to Remove

#26 portboy123

Authentic Member

Authentic Member
124 posts

Posted 09 May 2012 - 10:21 AM

and here is the otl results OTL logfile created on: 5/9/2012 11:58:42 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 238.93 Mb Available Physical Memory | 46.71% Memory free
1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.82% Paging File free
Paging file location(s): c:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.67 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 1.87 Gb Free Space | 99.97% Space Free | Partition Type: FAT

Computer Name: FRANK-SONY | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\12050700\algo.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (WmHidLo) -- %systemroot%\system32\d-link_st3402.dll File not found
SRV - (qserver) -- %systemroot%\system32\ARPolicy.dll File not found
SRV - (pctavsvc) -- %systemroot%\system32\samss.dll File not found
SRV - (k750mdfl) -- %systemroot%\system32\oracleorahome811cmadmin.dll File not found
SRV - (int15.sys) -- %systemroot%\system32\ZDCNDIS5.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (db2) -- %systemroot%\system32\EMATCORE.dll File not found
SRV - (ctsfm2k) -- %systemroot%\system32\nmraapache.dll File not found
SRV - (bjmcmng) -- %systemroot%\system32\_iomega_active_disk_service_.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (WDC_SAM) -- system32\DRIVERS\wdcsam.sys File not found
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- system32\DRIVERS\RTL8139.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys File not found
DRV - (PCIDump) -- File not found
DRV - (NetBT) -- system32\DRIVERS\netbt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (ivusb) -- system32\DRIVERS\ivusb.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Frank\LOCALS~1\Temp\catchme.sys File not found
DRV - (CA500AV) -- system32\DRIVERS\CA500AV.SYS File not found
DRV - (CA500AI) -- System32\Drivers\BULKUSB.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IPN2120) -- C:\WINDOWS\system32\drivers\LSIPNDS.sys (The Linksys Group, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.my.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.my.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {889CB885-E6C0-470E-88CD-594D14DCCFF3}
IE - HKCU\..\SearchScopes\{889CB885-E6C0-470E-88CD-594D14DCCFF3}: "URL" = http://search.yahoo....e...-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{C5D07EE2-8911-480D-9EEE-8E17C0767F73}: "URL" = http://search.yahoo....amp;fr=veri-ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2009/09/04 08:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
[2009/09/04 08:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2012/02/27 14:55:33 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.20 www.google.com
O1 - Hosts: 94.63.147.21 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\Frank\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.suppor...veX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1319572156188 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194880429139 (MUWebControl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizo...l/VCAVMUtil.CAB (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O16 - DPF: PackageCab http://ak.imgag.com/...tall/AxCtp2.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/14 17:38:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (cleanMFT32 -c "C:\Program Files\Privacy Guardian\ref\English.ini" C)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: int15.sys - %systemroot%\system32\ZDCNDIS5.dll File not found
NetSvcs: wwsecsvc - File not found
NetSvcs: qserver - %systemroot%\system32\ARPolicy.dll File not found
NetSvcs: lpds - File not found
NetSvcs: unrealircd - File not found
NetSvcs: stac97 - File not found
NetSvcs: PGPdisk - File not found
NetSvcs: point32 - File not found
NetSvcs: epson_pm_rpcv2_02 - File not found
NetSvcs: jconfigd - File not found
NetSvcs: {95808DC4-FA4A-4c74-92FE-5B863F82066B} - File not found
NetSvcs: retinaengine - File not found
NetSvcs: Appn - File not found
NetSvcs: stllssvr - File not found
NetSvcs: PhilCam8116_XP - File not found
NetSvcs: k750mdfl - %systemroot%\system32\oracleorahome811cmadmin.dll File not found
NetSvcs: EagleNT - File not found
NetSvcs: elosystemservice - File not found
NetSvcs: license - File not found
NetSvcs: db2 - %systemroot%\system32\EMATCORE.dll File not found
NetSvcs: pctavsvc - %systemroot%\system32\samss.dll File not found
NetSvcs: CXAVXBAR - File not found
NetSvcs: carboncopyscheduler - File not found
NetSvcs: mrvw245 - File not found
NetSvcs: oracleorahomeclientcache - File not found
NetSvcs: clr_optimization_v2.0.50215_32 - File not found
NetSvcs: ami0nt - File not found
NetSvcs: lkclassads - File not found
NetSvcs: Pctspk - File not found
NetSvcs: SWNC8U51 - File not found
NetSvcs: Angel2 - File not found
NetSvcs: sqlagent$pinnaclesys - File not found
NetSvcs: aslm75 - File not found
NetSvcs: pelmouse - File not found
NetSvcs: trackcam4 - File not found
NetSvcs: ssrtln - File not found
NetSvcs: ctsfm2k - %systemroot%\system32\nmraapache.dll File not found
NetSvcs: WmHidLo - %systemroot%\system32\d-link_st3402.dll File not found
NetSvcs: idrivert - File not found
NetSvcs: bjmcmng - %systemroot%\system32\_iomega_active_disk_service_.dll File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 08:32:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Frank\Recent
[2012/05/09 08:23:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/08 22:40:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/08 22:40:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/08 22:40:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/08 22:40:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/08 22:40:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/08 20:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/05/08 20:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/08 10:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\SpeedMaxPc
[2012/05/08 10:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/05/07 22:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\DriverCure
[2012/05/07 00:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/09 11:55:55 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to OTL.exe.lnk
[2012/05/09 09:55:56 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/09 09:54:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/09 09:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/09 09:54:43 | 536,379,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/09 09:54:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/05/08 20:48:06 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to regfix.reg.lnk
[2012/05/08 20:42:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Frank\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/08 20:42:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\ERUNT.lnk
[2012/05/08 19:26:44 | 000,000,185 | ---- | M] () -- C:\RegExp.bat
[2012/05/08 12:27:38 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to aswMBR.exe.lnk
[2012/05/08 12:27:15 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to dds.com.pif
[2012/05/08 12:26:56 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to FSS.exe.lnk
[2012/05/08 11:06:39 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to HiJackThis.exe.lnk
[2012/05/08 10:01:52 | 000,717,448 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/08 10:01:52 | 000,159,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/07 12:55:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/07 12:42:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/06 23:19:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 08:52:05 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/09 11:55:55 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to OTL.exe.lnk
[2012/05/09 09:54:43 | 536,379,392 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/08 22:40:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/08 22:40:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/08 22:40:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/08 22:40:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/08 22:40:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/08 20:48:06 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to regfix.reg.lnk
[2012/05/08 20:42:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Frank\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/08 20:42:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\ERUNT.lnk
[2012/05/08 19:24:53 | 000,000,185 | ---- | C] () -- C:\RegExp.bat
[2012/05/08 12:27:38 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to aswMBR.exe.lnk
[2012/05/08 12:27:15 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to dds.com.pif
[2012/05/08 12:26:56 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to FSS.exe.lnk
[2012/05/08 11:06:38 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to HiJackThis.exe.lnk
[2012/02/15 23:29:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/11 21:02:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/10/22 15:08:59 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/10/14 17:47:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/09/09 15:56:01 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/05 16:27:24 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/09/05 14:36:10 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/05 14:36:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/13 04:19:16 | 000,307,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/10 13:33:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2011/01/08 13:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/12 08:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/09 00:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dGbFjJl15406
[2010/02/24 23:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/10/19 15:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2012/03/13 11:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCenter
[2010/08/27 10:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/01 10:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/02/06 13:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/03/13 10:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/02/23 08:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kJfHdLj06511
[2010/10/12 08:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/14 22:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nKi06511jOnOj06511
[2010/05/05 22:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/04/18 08:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/09/03 19:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pI15401DiFhP15401
[2011/02/01 09:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pNpAoGa06511
[2011/03/16 15:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pOdIkEo06511
[2007/09/22 10:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2012/05/08 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2010/08/23 13:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/05/09 09:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/09 20:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/11/23 22:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/27 19:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/12/07 20:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\.oit
[2011/11/17 21:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Catalina Marketing Corp
[2008/09/08 08:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/14 14:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2011/12/07 14:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\deskUNPDF
[2012/05/07 22:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\DriverCure
[2012/03/30 10:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\ElevatedDiagnostics
[2008/03/09 20:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\EPSON
[2008/08/01 09:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\GlarySoft
[2011/01/31 19:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\IObit
[2011/12/11 21:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\iolo
[2007/08/31 10:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Leadertech
[2010/09/25 11:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\LimeWire
[2010/05/05 08:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\OfficeUpdate12
[2010/10/19 15:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Opera
[2011/10/26 15:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Orbit
[2010/12/20 15:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Panda Security
[2011/12/05 13:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Privacy Guardian
[2011/12/05 13:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Product_FR
[2011/10/26 14:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\ProgSense
[2012/05/08 10:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\SpeedMaxPc
[2010/04/19 21:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\TweakNow RegCleaner
[2010/09/09 20:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Western Digital
[2010/09/09 15:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Western DigitalTemp
[2009/04/15 10:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Windows Desktop Search
[2009/04/15 10:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Windows Search
[2011/01/31 19:29:15 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2011/01/31 19:29:07 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2012/05/09 09:55:56 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/05/09 07:39:12 | 000,032,466 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42D9E231
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

#27 portboy123

Authentic Member

Authentic Member
124 posts

Posted 09 May 2012 - 10:42 AM

hi jeff i have to go to work for a few hours now ill be back around 7 pm tonight thanks

#28 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 09 May 2012 - 10:54 AM

Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:OTL
SRV - (bjmcmng) -- %systemroot%\system32\_iomega_active_disk_service_.dll File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={sea...ferrer:source?}
O1 - Hosts: 94.63.147.20		www.google.com
O1 - Hosts: 94.63.147.21		www.bing.com
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O33 - MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
NetSvcs: bjmcmng - %systemroot%\system32\_iomega_active_disk_service_.dll File not found
[2012/05/07 12:55:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/12 08:52:05 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/02/06 13:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/31 19:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\IObit

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" =-
"445:TCP" =-
"137:UDP" =-
"138:UDP" =-
"1723:TCP" =-
"1701:UDP" =-
"500:UDP" =-
"5985:TCP" =-
"80:TCP" =-
"1900:UDP" =-
"2869:TCP" =-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Download Combofix from any of the links below but rename it to vageta.com before saving it to your desktop.

Link 1
Link 2

==================================

Double click on the renamed ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

----------

In your next reply please post the logs made by OTL and ComboFix (if it is made).

#29 portboy123

Authentic Member

Authentic Member
124 posts

Posted 10 May 2012 - 12:14 PM

Hi jeff sorry it took so long had to work late last night and going back at 300 today. so here is the log with the RUN FIX i didnt check any boxes. i hope to be back home around 700 tonight. All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Service bjmcmng stopped successfully! Service bjmcmng deleted successfully! File %systemroot%\system32\_iomega_active_disk_service_.dll File not found not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 94.63.147.20 www.google.com removed from HOSTS file successfully 94.63.147.21 www.bing.com removed from HOSTS file successfully Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83cea563-bc3f-11df-ab9f-00e0181e0c9a}\ not found. File "G:\WD SmartWare.exe" autoplay=true not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963ac561-bb8d-11df-ab9e-00e0181e0c9a}\ not found. File "G:\WD SmartWare.exe" autoplay=true not found. bjmcmng removed from NetSvcs value successfully! C:\WINDOWS\system32\dds_trash_log.cmd moved successfully. C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. C:\WINDOWS\isRS-000.tmp deleted successfully. C:\Documents and Settings\All Users\Application Data\IObit\IObit Security 360 folder moved successfully. C:\Documents and Settings\All Users\Application Data\IObit\Advanced SystemCare folder moved successfully. C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully. C:\Documents and Settings\Frank\Application Data\IObit\SmartRAM folder moved successfully. C:\Documents and Settings\Frank\Application Data\IObit\InternetBooster folder moved successfully. C:\Documents and Settings\Frank\Application Data\IObit\Advanced Uninsataller folder moved successfully. C:\Documents and Settings\Frank\Application Data\IObit\Advanced SystemCare\Backup\Registry folder moved successfully. C:\Documents and Settings\Frank\Application Data\IObit\Advanced SystemCare\Backup folder moved successfully. C:\Documents and Settings\Frank\Application Data\IObit\Advanced SystemCare folder moved successfully. C:\Documents and Settings\Frank\Application Data\IObit folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1723:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1701:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\500:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5985:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\80:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Frank ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 130045 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 489 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 605908507 bytes ->Java cache emptied: 9126 bytes ->Flash cache emptied: 11880 bytes User: sony-frank ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 109080 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 166876565 bytes Total Files Cleaned = 737.00 mb OTL by OldTimer - Version 3.2.42.3 log created on 05102012_135600 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...

#30 portboy123

Authentic Member

Authentic Member
124 posts

Posted 10 May 2012 - 12:42 PM

jeff here is the log after reboot : OTL logfile created on: 5/10/2012 2:16:00 PM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 199.04 Mb Available Physical Memory | 38.91% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): c:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 15.22 Gb Free Space | 20.42% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.81% Space Free | Partition Type: FAT

Computer Name: FRANK-SONY | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\12050700\algo.dll ()

========== Win32 Services (SafeList) ==========

SRV - (WmHidLo) -- %systemroot%\system32\d-link_st3402.dll File not found
SRV - (qserver) -- %systemroot%\system32\ARPolicy.dll File not found
SRV - (pctavsvc) -- %systemroot%\system32\samss.dll File not found
SRV - (k750mdfl) -- %systemroot%\system32\oracleorahome811cmadmin.dll File not found
SRV - (int15.sys) -- %systemroot%\system32\ZDCNDIS5.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (db2) -- %systemroot%\system32\EMATCORE.dll File not found
SRV - (ctsfm2k) -- %systemroot%\system32\nmraapache.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (WDC_SAM) -- system32\DRIVERS\wdcsam.sys File not found
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- system32\DRIVERS\RTL8139.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys File not found
DRV - (PCIDump) -- File not found
DRV - (NetBT) -- system32\DRIVERS\netbt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (ivusb) -- system32\DRIVERS\ivusb.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Frank\LOCALS~1\Temp\catchme.sys File not found
DRV - (CA500AV) -- system32\DRIVERS\CA500AV.SYS File not found
DRV - (CA500AI) -- System32\Drivers\BULKUSB.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IPN2120) -- C:\WINDOWS\system32\drivers\LSIPNDS.sys (The Linksys Group, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.my.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.my.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {889CB885-E6C0-470E-88CD-594D14DCCFF3}
IE - HKCU\..\SearchScopes\{889CB885-E6C0-470E-88CD-594D14DCCFF3}: "URL" = http://search.yahoo....e...-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{C5D07EE2-8911-480D-9EEE-8E17C0767F73}: "URL" = http://search.yahoo....amp;fr=veri-ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2009/09/04 08:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
[2009/09/04 08:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2012/05/10 13:56:08 | 000,001,626 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\Frank\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.suppor...veX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1319572156188 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194880429139 (MUWebControl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizo...l/VCAVMUtil.CAB (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O16 - DPF: PackageCab http://ak.imgag.com/...tall/AxCtp2.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/14 17:38:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (cleanMFT32 -c "C:\Program Files\Privacy Guardian\ref\English.ini" C)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 08:32:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Frank\Recent
[2012/05/09 08:23:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/08 22:40:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/08 22:40:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/08 22:40:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/08 22:40:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/08 22:40:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/08 20:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/05/08 20:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/08 10:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\SpeedMaxPc
[2012/05/08 10:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/05/07 22:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\DriverCure
[2012/05/07 00:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

========== Files - Modified Within 30 Days ==========

[2012/05/10 14:06:30 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/10 14:05:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 14:05:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/10 14:05:39 | 536,379,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 14:05:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/05/09 11:55:55 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to OTL.exe.lnk
[2012/05/08 20:48:06 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to regfix.reg.lnk
[2012/05/08 20:42:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Frank\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/08 20:42:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\ERUNT.lnk
[2012/05/08 19:26:44 | 000,000,185 | ---- | M] () -- C:\RegExp.bat
[2012/05/08 12:27:38 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to aswMBR.exe.lnk
[2012/05/08 12:27:15 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to dds.com.pif
[2012/05/08 12:26:56 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to FSS.exe.lnk
[2012/05/08 11:06:39 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to HiJackThis.exe.lnk
[2012/05/08 10:01:52 | 000,717,448 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/08 10:01:52 | 000,159,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/07 12:42:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/06 23:19:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/05/09 11:55:55 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to OTL.exe.lnk
[2012/05/09 09:54:43 | 536,379,392 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/08 22:40:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/08 22:40:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/08 22:40:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/08 22:40:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/08 22:40:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/08 20:48:06 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to regfix.reg.lnk
[2012/05/08 20:42:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Frank\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/08 20:42:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\ERUNT.lnk
[2012/05/08 19:24:53 | 000,000,185 | ---- | C] () -- C:\RegExp.bat
[2012/05/08 12:27:38 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to aswMBR.exe.lnk
[2012/05/08 12:27:15 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to dds.com.pif
[2012/05/08 12:26:56 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to FSS.exe.lnk
[2012/05/08 11:06:38 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to HiJackThis.exe.lnk
[2012/02/15 23:29:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/11 21:02:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/10/22 15:08:59 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/10/14 17:47:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/09/09 15:56:01 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/05 16:27:24 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/09/05 14:36:10 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/05 14:36:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/13 04:19:16 | 000,307,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/10 13:33:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42D9E231
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Body Background

skin color theme