please help! pc acting weird

Started by madeinjapan, Sep 15 2009 04:24 AM

This topic is locked
Go to first unread post

4 replies to this topic

#1 OFFLINE madeinjapan

Member

Members
34 posts

Posted 15 September 2009 - 04:24 AM

MBAM detected and removed 7 items, but still acting weird please help me with my pc. Thanks!

Malwarebytes' Anti-Malware 1.41
Database version: 2794
Windows 5.0.2195 Service Pack 4

9/14/2009 10:56:43 AM
mbam-log-2009-09-14 (10-56-43).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 188960
Time elapsed: 12 hour(s), 58 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b71be26f-1d76-44f2-868c-f4f8525b2e90} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b71be26f-1d76-44f2-868c-f4f8525b2e90} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
F:\WINNT\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
F:\DOCUME~1\User\LOCALS~1\Temp\awtut.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\mIRC\mirc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\WINNT\system32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINNT\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 2000 . (5.0.2195) Service Pack 4
[32_bits] - x86 Family 6 Model 8 Stepping 6, GenuineIntel
.
Error OpenService (wscsvc) : 1060
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2800.1106
.
A:\ [Removable]
C:\ [Fixed-FAT32] .. ( Total:18 Go - Free:6 Go )
D:\ [Removable]
E:\ [CD_Rom]
F:\ [Fixed-NTFS] .. ( Total:76 Go - Free:55 Go )
.
Scan : 11:11.48
Path : F:\Documents and Settings\Administrator\Desktop\Rooter.exe
User : Administrator ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (8)
______ \SystemRoot\System32\smss.exe (148)
______ \??\F:\WINNT\system32\csrss.exe (176)
______ \??\F:\WINNT\system32\winlogon.exe (172)
______ F:\WINNT\system32\services.exe (224)
______ F:\WINNT\system32\lsass.exe (236)
______ F:\WINNT\system32\svchost.exe (416)
______ F:\WINNT\system32\spoolsv.exe (464)
______ F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (492)
______ F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (516)
______ F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (536)
______ F:\WINNT\System32\svchost.exe (612)
______ F:\WINNT\system32\hidserv.exe (632)
______ F:\Program Files\LogMeIn\x86\RaMaint.exe (644)
______ F:\Program Files\LogMeIn\x86\LogMeIn.exe (740)
______ F:\Program Files\LogMeIn\x86\LMIGuardian.exe (756)
______ f:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (780)
______ F:\WINNT\system32\regsvc.exe (832)
______ F:\Program Files\Symantec AntiVirus\SavRoam.exe (852)
______ F:\WINNT\system32\MSTask.exe (860)
______ F:\WINNT\System32\WBEM\WinMgmt.exe (808)
______ F:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe (956)
______ F:\WINNT\system32\svchost.exe (972)
______ F:\WINNT\System32\svchost.exe (984)
______ F:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe (1016)
______ F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (1032)
______ F:\WINNT\Explorer.EXE (1408)
______ F:\Program Files\LogMeIn\x86\LogMeInSystray.exe (1540)
______ F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (1532)
______ F:\Program Files\Logitech\QuickCam10\QuickCam10.exe (1560)
______ F:\Program Files\LogMeIn\x86\LMIGuardian.exe (1592)
______ F:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (1620)
______ F:\WINNT\system32\wuauclt.exe (1600)
______ F:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (1728)
______ F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe (1908)
______ F:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (1328)
______ F:\Program Files\Internet Explorer\IEXPLORE.EXE (1644)
______ F:\WINNT\system32\msiexec.exe (1872)
______ F:\Documents and Settings\Administrator\Desktop\Rooter.exe (1964)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
----------------------\\ Scheduled Tasks
.
F:\WINNT\Tasks\desktop.ini
F:\WINNT\Tasks\RegCure Program Check.job
F:\WINNT\Tasks\RegCure Startup.job
F:\WINNT\Tasks\RegCure.job
F:\WINNT\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:12.04
.
F:\Rooter$\Rooter_1.txt - (14/09/2009 | 11:12.04)

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/14 11:13
Program Version: Version 1.3.5.0
Windows Version: Windows 2000 SP4
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: F:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xBF879000 Size: 90112 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: F:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xF2637000 Size: 4096 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: F:\WINNT\system32\drivers\rootrepeal.sys
Address: 0xBE170000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
ServiceTable Hooked [0x80480a20]!

#: 027 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x81b44b08

==EOF==

OTL logfile created on: 9/14/2009 9:16:11 PM - Run 2
OTL by OldTimer - Version 3.0.11.0 Folder = F:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.55 Mb Total Physical Memory | 225.17 Mb Available Physical Memory | 44.02% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINNT | %ProgramFiles% = F:\Program Files
Drive C: | 18.64 Gb Total Space | 6.94 Gb Free Space | 37.23% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 76.32 Gb Total Space | 55.00 Gb Free Space | 72.06% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/03/07 13:03:02 | 00,169,632 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2003/06/19 13:05:04 | 00,019,728 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\hidserv.exe
PRC - [2009/09/07 17:43:22 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/09/07 17:43:01 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2007/02/06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- f:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
PRC - [2003/06/19 12:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\regsvc.exe
PRC - [2006/03/17 06:34:24 | 00,115,952 | ---- | M] (symantec) -- F:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2004/09/07 08:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\MSTask.exe
PRC - [2003/06/19 12:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\WBEM\WinMgmt.exe
PRC - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\mspmspsv.exe
PRC - [2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- F:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
PRC - [2006/03/07 13:02:34 | 00,192,160 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/26 00:36:02 | 04,775,424 | ---- | M] (Cisco Linksys Corporation) -- F:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
PRC - [2003/06/19 12:05:04 | 00,243,472 | ---- | M] (Microsoft Corporation) -- F:\WINNT\Explorer.EXE
PRC - [2008/07/24 19:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/02/08 01:12:48 | 00,488,984 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 01:13:48 | 00,774,168 | ---- | M] () -- F:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2003/05/15 02:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
PRC - [2009/09/07 17:43:01 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2007/02/06 17:43:26 | 00,252,704 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007/02/08 01:12:20 | 00,230,936 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2002/08/29 07:14:40 | 00,091,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/09/14 11:09:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2002/08/29 07:14:40 | 00,091,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\IEXPLORE.EXE

========== Win32 Services (SafeList) ==========

SRV - [2006/03/07 13:02:34 | 00,192,160 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/03/07 13:03:02 | 00,169,632 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2006/03/17 06:34:12 | 00,030,448 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Stopped])
SRV - [2003/06/19 12:05:04 | 00,147,728 | ---- | M] (VERITAS Software Corp.) -- F:\WINNT\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
SRV - [2003/06/19 12:05:04 | 00,094,992 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\faxsvc.exe -- (Fax [On_Demand | Stopped])
SRV - [2003/06/19 13:05:04 | 00,019,728 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\hidserv.exe -- (HidServ [Auto | Running])
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2009/09/07 17:43:22 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2007/02/06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- f:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/02/06 17:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2003/06/19 12:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\regsvc.exe -- (RemoteRegistry [Auto | Running])
SRV - [2006/03/17 06:34:24 | 00,115,952 | ---- | M] (symantec) -- F:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - [2004/09/07 08:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\MSTask.exe -- (Schedule [Auto | Running])
SRV - [2006/01/24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2006/02/06 12:50:24 | 01,160,848 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2006/03/17 06:34:20 | 01,799,408 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Stopped])
SRV - [2003/06/19 12:05:04 | 00,022,800 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\UtilMan.exe -- (UtilMan [On_Demand | Stopped])
SRV - [2003/06/19 12:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\WBEM\WinMgmt.exe -- (WinMgmt [Auto | Running])
SRV - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- F:\WINNT\System32\mspmspsv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - File not found -- -- (WMP54GSVC [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://now.abs-cbn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://now.abs-cbn.com/"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2009/09/14 20:40:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2009/09/14 20:40:29 | 00,000,000 | ---D | M]

[2009/09/14 20:41:06 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/09/14 20:41:06 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/14 20:41:06 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\m9dqfgfx.default\extensions
[2009/09/14 20:40:30 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions
[2009/09/14 20:40:30 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 13:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 13:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 13:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- F:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - F:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] F:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe File not found
O4 - HKLM..\Run: [Synchronization Manager] F:\WINNT\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Task Manager] F:\WINNT\svhost32.exe File not found
O4 - HKLM..\Run: [vptray] F:\PROGRA~1\SYMANT~2\VPTray.exe File not found
O4 - HKCU..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = F:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
F3 - HKCU WinNT: Load - (F:\DOCUME~1\User\LOCALS~1\Temp\awtut.exe) - F:\DOCUME~1\User\LOCALS~1\Temp\awtut.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - F:\WINNT\System32\rnr20.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - F:\WINNT\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - F:\WINNT\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - F:\WINNT\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - F:\WINNT\System32\msafd.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} F:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8143.6976041667 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} http://now.abs-cbn.c...EasyInstall.cab (ESPluginInstallProgress Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://F:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://F:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - F:\WINNT\System32\msdxm.ocx ()
O18 - Protocol\Filter: - Class Install Handler - No CLSID value found
O18 - Protocol\Filter: - deflate - No CLSID value found
O18 - Protocol\Filter: - gzip - No CLSID value found
O18 - Protocol\Filter: - lzdhtml - No CLSID value found
O18 - Protocol\Filter: - text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - F:\WINNT\system32\NavLogon.dll - F:\WINNT\System32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\nwprovau: DllName - nwprovau.dll - F:\WINNT\System32\nwprovau.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - F:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - F:\WINNT\System32\NETSHELL.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (F:\DOCUME~1\User\LOCALS~1\Temp\awtut) - File not found
O30 - LSA: Authentication Packages - (nwprovau) - F:\WINNT\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/18 12:43:56 | 00,000,051 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2002/04/11 18:30:00 | 00,000,053 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: Ias - F:\WINNT\System32\ias [2008/06/24 00:31:39 | 00,000,000 | ---D | M]
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/14 20:43:49 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Administrator\My Documents\Downloads
[2009/09/14 20:40:45 | 00,000,000 | ---- | C] () -- F:\WINNT\nsreg.dat
[2009/09/14 20:40:39 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/09/14 20:40:39 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/09/14 20:40:34 | 00,001,488 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/14 20:40:27 | 00,000,000 | ---D | C] -- F:\Program Files\Mozilla Firefox
[2009/09/14 20:35:40 | 00,016,384 | ---- | C] () -- F:\WINNT\System32\Perflib_Perfdata_3e8.dat
[2009/09/14 20:33:02 | 00,016,384 | ---- | C] () -- F:\WINNT\System32\Perflib_Perfdata_374.dat
[2009/09/14 20:09:23 | 00,000,718 | ---- | C] () -- F:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2009/09/14 19:38:20 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Avg7
[2009/09/14 19:16:40 | 00,069,632 | ---- | C] (Voxware, Inc.) -- F:\WINNT\System32\voxmvdec.ax
[2009/09/14 19:16:40 | 00,069,632 | ---- | C] (Voxware, Inc.) -- F:\WINNT\System32\voxmsdec.ax
[2009/09/14 19:16:04 | 00,045,056 | ---- | C] (Thomson Consumer Electronics) -- F:\WINNT\System32\wmplenc.dll
[2009/09/14 11:13:18 | 00,000,000 | ---- | C] () -- F:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/09/14 11:10:19 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Administrator\Desktop\logs
[2009/09/14 11:09:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/14 11:09:01 | 00,464,491 | ---- | C] () -- F:\Documents and Settings\Administrator\Desktop\RootRepeal.zip
[2009/09/13 20:31:50 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/09/13 20:31:40 | 00,000,576 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/13 20:31:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/09/13 20:31:30 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- F:\WINNT\System32\drivers\mbam.sys
[2009/09/13 20:31:30 | 00,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2009/09/13 20:31:30 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/13 20:25:40 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- F:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/09/13 20:23:30 | 00,271,872 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/09/13 20:22:02 | 00,794,112 | ---- | C] () -- F:\Documents and Settings\Administrator\Desktop\The_Comedian.exe
[2009/09/12 18:30:43 | 00,016,384 | ---- | C] () -- F:\WINNT\System32\Perflib_Perfdata_400.dat
[2009/09/08 07:38:16 | 00,016,384 | ---- | C] () -- F:\WINNT\System32\Perflib_Perfdata_134.dat
[2009/09/02 20:49:45 | 00,016,384 | ---- | C] () -- F:\WINNT\System32\Perflib_Perfdata_7ec.dat
[2009/09/02 08:05:19 | 00,016,384 | ---- | C] () -- F:\WINNT\System32\Perflib_Perfdata_80c.dat
[2009/09/01 18:03:31 | 00,016,384 | ---- | C] () -- F:\WINNT\System32\Perflib_Perfdata_408.dat

========== Files - Modified Within 14 Days ==========

[2009/09/14 20:40:45 | 00,000,000 | ---- | M] () -- F:\WINNT\nsreg.dat
[2009/09/14 20:40:34 | 00,001,488 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/14 20:35:40 | 00,016,384 | ---- | M] () -- F:\WINNT\System32\Perflib_Perfdata_3e8.dat
[2009/09/14 20:33:02 | 00,016,384 | ---- | M] () -- F:\WINNT\System32\Perflib_Perfdata_374.dat
[2009/09/14 20:32:51 | 00,000,006 | -H-- | M] () -- F:\WINNT\tasks\SA.DAT
[2009/09/14 20:29:57 | 00,732,854 | -H-- | M] () -- F:\WINNT\ShellIconCache
[2009/09/14 20:09:23 | 00,000,718 | ---- | M] () -- F:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2009/09/14 20:04:29 | 00,023,392 | ---- | M] () -- F:\WINNT\System32\nscompat.tlb
[2009/09/14 20:04:29 | 00,016,832 | ---- | M] () -- F:\WINNT\System32\amcompat.tlb
[2009/09/14 20:00:02 | 00,001,409 | ---- | M] () -- F:\WINNT\imsins.BAK
[2009/09/14 19:30:03 | 00,341,536 | ---- | M] () -- F:\WINNT\System32\PerfStringBackup.INI
[2009/09/14 19:30:03 | 00,300,378 | ---- | M] () -- F:\WINNT\System32\perfh009.dat
[2009/09/14 19:30:03 | 00,038,036 | ---- | M] () -- F:\WINNT\System32\perfc009.dat
[2009/09/14 19:20:32 | 00,000,987 | ---- | M] () -- F:\WINNT\ODBC.INI
[2009/09/14 19:16:00 | 00,316,640 | ---- | M] () -- F:\WINNT\WMSysPr9.prx
[2009/09/14 11:13:18 | 00,000,000 | ---- | M] () -- F:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/09/14 11:09:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/14 11:09:03 | 00,464,491 | ---- | M] () -- F:\Documents and Settings\Administrator\Desktop\RootRepeal.zip
[2009/09/13 20:31:40 | 00,000,576 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/13 20:25:36 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- F:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/09/13 20:23:32 | 00,271,872 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/09/13 20:22:04 | 00,794,112 | ---- | M] () -- F:\Documents and Settings\Administrator\Desktop\The_Comedian.exe
[2009/09/12 18:30:43 | 00,016,384 | ---- | M] () -- F:\WINNT\System32\Perflib_Perfdata_400.dat
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:48 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- F:\WINNT\System32\drivers\mbam.sys
[2009/09/08 07:38:16 | 00,016,384 | ---- | M] () -- F:\WINNT\System32\Perflib_Perfdata_134.dat
[2009/09/07 17:43:05 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- F:\WINNT\System32\LMIRfsClientNP.dll
[2009/09/07 17:43:04 | 00,028,984 | ---- | M] (LogMeIn, Inc.) -- F:\WINNT\System32\LMIport.dll
[2009/09/07 17:43:03 | 00,025,248 | ---- | M] (LogMeIn, Inc.) -- F:\WINNT\System32\lmimirr.dll
[2009/09/07 17:43:03 | 00,011,552 | ---- | M] (LogMeIn, Inc.) -- F:\WINNT\System32\lmimirr2.dll
[2009/09/02 20:49:45 | 00,016,384 | ---- | M] () -- F:\WINNT\System32\Perflib_Perfdata_7ec.dat
[2009/09/02 08:05:19 | 00,016,384 | ---- | M] () -- F:\WINNT\System32\Perflib_Perfdata_80c.dat
[2009/09/01 18:03:31 | 00,016,384 | ---- | M] () -- F:\WINNT\System32\Perflib_Perfdata_408.dat

========== LOP Check ==========

[2009/09/14 20:40:39 | 00,000,000 | -H-D | M] -- F:\Documents and Settings\Administrator\Application Data
[2007/10/29 08:40:44 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
[2009/09/14 19:38:17 | 00,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Application Data
[2009/09/14 19:38:20 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Avg7
[2009/04/25 20:34:15 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Logishrd
[2008/11/09 14:32:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LogMeIn
[1999/12/07 05:00:00 | 00,000,065 | RH-- | M] () -- F:\WINNT\Tasks\desktop.ini
[2009/09/14 20:32:51 | 00,000,006 | -H-- | M] () -- F:\WINNT\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2003/06/19 12:05:04 | 00,150,528 | RHS- | M] () -- F:\arcldr.exe
[2003/06/19 12:05:04 | 00,163,840 | RHS- | M] () -- F:\arcsetup.exe
< End of report >

Back to top

#2 OFFLINE SpySentinel

Member

Members
126 posts

Gender:Male
Location:The United States
Interests:Fighting Malware.

Posted 16 September 2009 - 04:55 AM

Hi madeinjapan, welcome to the Piriform Community Forums

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [Task Manager] F:\WINNT\svhost32.exe File not found
O30 - LSA: Authentication Packages - (F:\DOCUME~1\User\LOCALS~1\Temp\awtut) - File not found

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Proud Graduate of GeekU - Learn how to remove malware

Unified Network of Instructors and Trained Eliminators

My help is always free, but if you can, please

to help me continue the fight against malware.

Back to top

#3 OFFLINE madeinjapan

Member

Members
34 posts

Posted 18 September 2009 - 02:28 AM

OTL was able to scan and below is the log, however the kaspersky online scanner could not initiate and the "accept" button is disabled, could not continue.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 6080561 bytes
->Temporary Internet Files folder emptied: 602189789 bytes
->FireFox cache emptied: 23534190 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michelle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 23995 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 602.59 mb

OTL by OldTimer - Version 3.0.11.0 log created on 09162009_222908

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Back to top

#4 OFFLINE SpySentinel

Member

Members
126 posts

Gender:Male
Location:The United States
Interests:Fighting Malware.

Posted 20 September 2009 - 05:40 PM

Launch Malwarebytes' Anti-Malware

If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Proud Graduate of GeekU - Learn how to remove malware

Unified Network of Instructors and Trained Eliminators

My help is always free, but if you can, please

to help me continue the fight against malware.

Back to top

#5 OFFLINE SpySentinel

Member

Members
126 posts

Gender:Male
Location:The United States
Interests:Fighting Malware.

Posted 06 October 2009 - 05:55 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please PM Me or another Moderator with the original link.

All others please start a new topic.

Proud Graduate of GeekU - Learn how to remove malware

Unified Network of Instructors and Trained Eliminators

My help is always free, but if you can, please

to help me continue the fight against malware.

Back to top

Back to Spyware Hell