Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91813 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] on/off then serious error!


  • This topic is locked This topic is locked
59 replies to this topic

#31 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 04 December 2009 - 03:06 PM

OK, Thank-you for the update. I doubt then that you will be able to complete the online scan requested. If we could get an updated OTL log to check for any remaining malware after the OTL fix is run, then we can go from there, but this is sounding more like a hardware issue rather than malware.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#32 andrew2009

andrew2009

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 05 December 2009 - 07:46 PM

maybe a hardware issue but i dont think so because it started happening after i installed a winrar that i downloaded (which can be found earlier in the thread), prior to that the computer ran fine.

i still cant run in regualr mode it keeps rebooting. i'm enclosing 2 logs the 1st one is entitles "after running fix" and the 2nd is the scan, btw there was only 1 log this time after the scan unlike last time.

All processes killed
Error: Unable to interpret <PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IStray.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe File not found> in the current context!
Error: Unable to interpret <[2009/07/23 21:10:10 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\mom\Application Data\inst.exe> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: angelo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mom
->Temp folder emptied: 662464 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mom_2

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 528867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 31863382 bytes

Total Files Cleaned = 31.62 mb


OTL by OldTimer - Version 3.1.8.0 log created on 12052009_194528

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


here's the other

OTL logfile created on: 12/5/2009 8:04:16 PM - Run 3
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\mom\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 86.43% Memory free
3.81 Gb Paging File | 3.74 Gb Available in Paging File | 98.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 137.03 Gb Total Space | 4.75 Gb Free Space | 3.47% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.20 Gb Free Space | 10.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 15.05 Gb Total Space | 6.97 Gb Free Space | 46.31% Space Free | Partition Type: FAT32

Computer Name: ROXSCOMPUTER
Current User Name: mom
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\mom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (0308901243908944mcinstcleanup) McAfee Application Installer Cleanup (0308901243908944) -- File not found
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (PCA) -- C:\WINDOWS\SMINST\PCAngel.exe (SoftThinks)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (wwSecSvc) -- C:\WINDOWS\system32\wwSecure.exe (Webroot Software, Inc.)


========== Driver Services (SafeList) ==========

DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (FSLX) -- C:\WINDOWS\system32\drivers\fslx.sys (Altiris, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (scrcap) -- C:\WINDOWS\system32\drivers\scrcap.sys (ZD Soft)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...all&pf=cmdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...all&pf=cmdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/06/13 13:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mom\Application Data\Mozilla\Firefox\extensions
[2009/06/13 13:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mom\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comodo VerificationEngine) - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\COMODO\VEngine\VEngineIE32.dll (Comodo CA Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HTV Agent] C:\Documents and Settings\mom\My Documents\HTV\HTV.exe File not found
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IStray.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NNTray] C:\Program Files\Net Nanny\NNStart.exe (Net Nanny Software International, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [VEngine] C:\Program Files\COMODO\VEngine\VEngine.exe (Comodo CA Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe File not found
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe ()
O4 - Startup: C:\Documents and Settings\mom\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1247615996718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/05 19:45:28 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/27 21:57:51 | 00,098,304 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\pwd.dll
[2009/11/27 19:53:10 | 00,118,784 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2009/11/24 22:13:05 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mom\Desktop\OTL.exe
[2009/11/20 18:44:47 | 00,000,000 | ---D | C] -- C:\9a716b050791dca3856780
[2009/11/20 18:44:41 | 00,000,000 | ---D | C] -- C:\c7732dfd45af8acb77a203b99d5adf3f
[2009/11/16 21:54:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/16 21:54:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/16 21:44:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/16 21:28:20 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/11/16 21:28:20 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/11/16 21:28:12 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2009/11/16 21:28:09 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/11/16 21:28:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/11/16 21:28:03 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/16 21:27:59 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/11/16 21:27:56 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/11/16 21:27:55 | 04,960,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2009/11/16 21:27:55 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2009/11/16 21:27:52 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/11/16 21:27:50 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/11/16 21:27:49 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/11/16 21:27:43 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/11/16 21:27:40 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/11/16 21:27:37 | 00,517,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsnap.dll
[2009/11/16 21:27:37 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqutil.dll
[2009/11/16 21:27:37 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqtrig.dll
[2009/11/16 21:27:37 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmqocm.dll
[2009/11/16 21:27:37 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqtgsvc.exe
[2009/11/16 21:27:37 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqupgrd.dll
[2009/11/16 21:27:37 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsvc.exe
[2009/11/16 21:27:36 | 00,661,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqqm.dll
[2009/11/16 21:27:36 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqoa.dll
[2009/11/16 21:27:36 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqrt.dll
[2009/11/16 21:27:36 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqad.dll
[2009/11/16 21:27:36 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqrtdep.dll
[2009/11/16 21:27:36 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsec.dll
[2009/11/16 21:27:36 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqac.sys
[2009/11/16 21:27:36 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqdscli.dll
[2009/11/16 21:27:36 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqbkup.exe
[2009/11/16 21:27:36 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqise.dll
[2009/11/16 21:27:18 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netlogon.dll
[2009/11/16 21:27:18 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/11/16 21:27:18 | 00,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2009/11/16 21:27:18 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2009/11/16 21:27:17 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2009/11/16 20:50:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/11/16 15:01:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/16 14:49:47 | 00,000,000 | ---D | C] -- C:\939f6a48f9d1aedd86f7fef5
[2009/07/23 21:10:10 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\mom\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2009/12/05 19:49:00 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/05 19:48:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/05 19:48:02 | 00,118,784 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2009/12/05 19:47:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/05 19:45:34 | 01,572,864 | ---- | M] () -- C:\Documents and Settings\mom\ntuser.dat
[2009/12/05 19:45:34 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\mom\ntuser.ini
[2009/12/05 19:42:11 | 00,098,304 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\pwd.dll
[2009/12/05 19:41:21 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\mom\Local Settings\Application Data\IconCache.db
[2009/11/27 19:40:20 | 01,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/11/24 22:12:58 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mom\Desktop\OTL.exe
[2009/11/20 18:47:53 | 00,517,178 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/20 18:47:53 | 00,483,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/20 18:47:53 | 00,087,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/20 18:47:00 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\mom\Desktop\dds.scr
[2009/11/20 18:25:36 | 00,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/16 22:56:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/16 22:54:11 | 00,000,422 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/11/16 21:55:00 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 21:44:16 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\mom\Desktop\HijackThis.lnk

========== Files Created - No Company Name ==========

[2009/11/20 18:46:59 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\mom\Desktop\dds.scr
[2009/11/16 21:55:00 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 21:44:16 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\mom\Desktop\HijackThis.lnk
[2009/07/23 22:28:42 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/23 21:10:39 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\mom\Application Data\vso_ts_preview.xml
[2009/07/23 21:10:20 | 00,000,074 | ---- | C] () -- C:\Documents and Settings\mom\Application Data\pcouffin.log
[2009/07/23 21:10:10 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\mom\Application Data\inst.exe
[2009/07/23 21:10:10 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\mom\Application Data\pcouffin.cat
[2009/07/23 21:10:10 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\mom\Application Data\pcouffin.inf
[2009/07/14 18:12:26 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\srecorder.dll
[2009/06/13 14:06:51 | 00,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2009/06/01 22:15:02 | 01,930,896 | -H-- | C] () -- C:\Documents and Settings\mom\Local Settings\Application Data\IconCache.db
[2009/06/01 22:15:02 | 00,068,456 | ---- | C] () -- C:\Documents and Settings\mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/01 22:15:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\mom\Application Data\desktop.ini
[2009/06/01 22:15:02 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\mom\Local Settings\Application Data\setup.txt
[2009/05/28 11:41:40 | 04,472,538 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/05/25 11:38:22 | 00,830,004 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/05/17 18:37:12 | 00,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/04/22 00:52:43 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/22 00:39:06 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/04/22 00:39:06 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/04/22 00:39:06 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/04/22 00:39:06 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/04/22 00:39:06 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/04/22 00:39:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/22 00:24:18 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2009/04/21 11:38:32 | 00,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/04/21 11:08:22 | 00,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/04/21 10:54:54 | 00,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/04/21 10:52:08 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/02 09:23:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/04/02 09:21:50 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/02 11:19:36 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/03/02 11:19:30 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/03/02 11:19:14 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/03/02 11:18:46 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/03/02 11:18:32 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/03/02 11:18:28 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/03/02 11:18:18 | 00,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/01/10 17:17:32 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 17:16:56 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 17:16:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 17:16:14 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 17:15:54 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 17:15:44 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 17:15:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 17:15:28 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 17:15:12 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 17:14:08 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 17:14:06 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 17:11:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 11:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/13 04:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/10 12:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/07/03 00:37:12 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/07/03 00:37:10 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/25 12:43:54 | 00,517,178 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2006/04/25 12:32:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2006/04/25 12:32:30 | 00,000,552 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/04/25 12:31:56 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 12:26:56 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2006/04/25 12:26:56 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2006/04/25 05:19:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/04/25 05:19:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/19 22:21:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/19 22:21:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/27 21:00:00 | 01,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2006/02/27 21:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006/02/27 21:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006/02/27 21:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2006/02/27 21:00:00 | 00,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2006/02/27 21:00:00 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2006/02/27 21:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2006/02/27 21:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006/02/27 21:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2006/02/27 21:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006/02/27 21:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2006/02/27 21:00:00 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006/02/27 21:00:00 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2006/02/27 21:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006/02/27 21:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006/02/27 21:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2006/02/27 21:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006/02/27 21:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006/02/27 21:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006/02/27 21:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006/02/27 21:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006/02/27 21:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2006/02/27 21:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006/02/27 21:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006/02/27 21:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006/02/27 21:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006/02/27 21:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006/02/27 21:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006/02/27 21:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006/02/27 21:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006/02/27 21:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006/02/27 21:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006/02/27 21:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006/02/27 21:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006/02/27 21:00:00 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2006/02/27 21:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006/02/27 21:00:00 | 00,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/27 21:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2006/02/27 21:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2006/02/27 21:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006/02/27 21:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006/02/27 21:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006/02/27 21:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2006/02/27 21:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006/02/27 21:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006/02/27 21:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006/02/27 21:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2006/02/27 21:00:00 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2006/02/27 21:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006/02/27 21:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006/02/27 21:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2002/05/08 05:12:22 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

#33 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 05 December 2009 - 08:18 PM

Hi,

Lets dig a little deeper then.

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#34 andrew2009

andrew2009

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 05 December 2009 - 09:03 PM

ok..but will it be ok for me to do it in safe mode? i would have to download it to my USB drive from good computer and then copy it to the desk top of the infected computer and then run it. the only problem that i can see occurring is it wont be able to downoad the recovery console if it is needed.

#35 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 05 December 2009 - 09:44 PM

Boot into safe mode with networking. ComboFix will run in safemode.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#36 andrew2009

andrew2009

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 December 2009 - 06:52 PM

ok..heres the log

ComboFix 09-12-05.03 - mom 12/06/2009 19:45.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2013.1751 [GMT -5:00]
Running from: c:\documents and settings\mom\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\documents\setup.exe
c:\documents and settings\mom\Application Data\inst.exe
c:\recycler\S-1-5-21-3456202733-2600830389-2135398070-500
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000110_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-06 01:10 . 2009-12-06 01:11 -------- d-----w- c:\windows\LastGood
2009-12-06 00:45 . 2009-12-06 00:45 -------- d-----w- C:\_OTL
2009-11-28 02:57 . 2009-12-06 00:42 98304 ----a-w- c:\windows\system32\pwd.dll
2009-11-28 00:53 . 2009-12-06 01:07 118784 ----a-w- c:\windows\system32\chg.exe
2009-11-20 23:44 . 2009-11-20 23:44 -------- d-----w- C:\9a716b050791dca3856780
2009-11-20 23:44 . 2009-11-20 23:44 -------- d-----w- C:\c7732dfd45af8acb77a203b99d5adf3f
2009-11-17 02:54 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-17 02:54 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 02:44 . 2009-11-17 02:44 -------- d-----w- c:\program files\Trend Micro
2009-11-17 02:28 . 2009-06-12 11:50 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-11-17 02:28 . 2009-06-12 11:50 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-11-17 02:28 . 2009-04-03 17:15 485376 ------w- c:\windows\system32\dllcache\wmspdmod.dll
2009-11-17 02:28 . 2009-07-17 16:27 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-11-17 02:28 . 2009-06-10 06:32 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-11-17 02:28 . 2009-06-10 14:21 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-17 02:19 . 2009-11-17 02:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-17 01:50 . 2009-11-17 01:50 -------- d-----w- c:\windows\ServicePackFiles
2009-11-16 20:01 . 2009-11-17 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 19:49 . 2009-11-17 02:19 -------- d-----w- C:\939f6a48f9d1aedd86f7fef5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 02:54 . 2009-06-13 18:39 -------- d-----r- c:\program files\Net Nanny
2009-11-28 00:40 . 2009-06-13 18:41 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-11-20 23:47 . 2009-04-22 05:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-20 23:44 . 2009-04-22 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-17 02:19 . 2009-06-02 03:28 -------- d-----w- c:\documents and settings\mom\Application Data\uTorrent
2009-09-25 05:56 . 2006-02-28 02:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2006-02-28 02:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:03 . 2006-02-28 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-07-24 03:28 . 2009-07-24 03:28 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 19:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2005-04-20 894464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"NNTray"="c:\program files\Net Nanny\nnstart.exe" [2002-09-24 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"VEngine"="c:\program files\Comodo\VEngine\VEngine.exe" [2009-07-24 823040]

c:\documents and settings\mom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/22/2009 12:24 AM 243856]
S1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [7/11/2008 4:44 PM 191872]
S2 0308901243908944mcinstcleanup;McAfee Application Installer Cleanup (0308901243908944);c:\docume~1\ADMINI~1\LOCALS~1\Temp\030890~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\030890~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/22/2009 12:44 AM 576024]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [12/27/2006 9:47 AM 9006]
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmdt
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {42B8A901-FBE4-4815-8F82-DE5BB66DA2BB} = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
HKLM-Run-IObit Security 360 - c:\program files\IObit\IObit Security 360\IStray.exe
HKLM-Run-HTV Agent - c:\documents and settings\mom\My Documents\HTV\HTV.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\documents and settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-WinRAR archiver - c:\documents and settings\All Users\Documents\uninstall.exe
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 19:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NNTray = c:\program files\Net Nanny\nnstart.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2009-12-06 19:48
ComboFix-quarantined-files.txt 2009-12-07 00:48

Pre-Run: 5,034,786,816 bytes free
Post-Run: 4,999,438,336 bytes free

- - End Of File - - 05D73E3A2A967C7DA15852AC99B76388

#37 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 December 2009 - 07:04 PM

How is the computer running now? What outstanding issues are there?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#38 andrew2009

andrew2009

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 December 2009 - 07:48 PM

hia catbyte..it booted to the user log on (as it has been).........and............rebooted :wacko:

#39 andrew2009

andrew2009

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 December 2009 - 07:56 PM

i forgot to mention sometimes (perhaps always and i just miss it) there is VERY quick appearance of a blue screen with writing (sort of looks like a very simple bios or ms dos font..i think) but it appears and disappears so quickly i cant even read the 1st word, and there is actually a small paragraph that appears in the upper left hand corner..dont know if that info is of any use

#40 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 December 2009 - 07:57 PM

Are there any error messages before it logs of and then reboots.

Are there any problems accessing safe mode?

Can you log onto safe mode with networking and access the internet now?

In safe mode please do the following:

Press Start->Run, copy/paste the following command (it's one long command) into the run box and press OK:

reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon" "%userprofile%\desktop\menu.txt"


A new file called menu.txt should appear on your Desktop, please post the contents with your next response.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#41 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 December 2009 - 08:00 PM

sorry missed your last post before I posted.

Please do this so you will be able to read the error message:

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#42 andrew2009

andrew2009

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 08 December 2009 - 12:46 PM

hi catbyte.. yes i can access safe mode.dont know about the internet because i didnt allow it to goto safe mode so that i could get the info you requested above. also i dont know if you wanted me to run the copy/paste instructions or if you wanted the "blue screen" message first so i didnt do it. here is the message: STOP: c000021a {Fatal System Error} The Windows SubSystem System process terminated unexpectedly with a status of 0xc0000005 (0x7c910c900x0052dc1c) This system has been shut down

#43 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 08 December 2009 - 08:58 PM

Hi,

Please uninstall the Winrar program that you downloaded and see if you are then able to boot into normal mode.

There were numerous MS updates made back in July, everytime MS updates, a new restore point is created.

If uninstalling Winrar doesn't help, go into system restore, use the arrow on the calender to go back to July and choose the earliest restore point available in July, see how that goes.

Go to start > run > copy/paste this command into the run box

c:\windows\system32\restore\rstrui.exe

to open up system restore.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#44 andrew2009

andrew2009

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 08 December 2009 - 09:13 PM

that program is already removed..should i first follow the directions above in post #40 before doing the restore or should i not do that at all?

#45 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 08 December 2009 - 09:20 PM

Try the system restore first

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users