Solved Scanners Can't Scan Registry+Corrupt .exe File Assosiation

Boogs · 2011/07/27

[Resolved] Scanners Can't Scan Registry+Corrupt .exe File Assosiation

Hey

Having some issues with our laptop

I've tried various antivirus/malware scanners, and every single one of them auto-closes when it comes to scanning the registry.

Then if I try to rerun any of those scanners I get a "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." error.
I can fix this with a program called "Inherit.exe ".

The scanners do work fine in Safe Mode though, and I've been able to remove a lot of viruses, etc. through them, but still obviously have some issues none of them have picked up.

List of programs run:
CCleaner
Free Window Registry Repair
Malwarebytes' Anti-Malware
Spybot - Search & Destroy
SUPERAntispyware
TDSSKiller

Another problem I'm having is with .exe files.
I pretty sure this is related to the above issue being a registry thing.
A SUPERAntispyware scan found a registry issue with .exe file assosiations, which it then removed, but has only done that, removed the problem, not fixed it.

Now every single .exe program will not run because there's no longer a .exe file assosiation and therefore windows doesn't know how to run them.
I can get a tempory fix from a file called "xp_exe_fix.reg" with adds the default .exe file assosiation back and allows me to run programs again,
but after any reboot(Even to Safe Mode) the file assosiation disappears and forces me to run the tempory fix everytime.

So there's clearly something going on that's preventing anything to do with the registry, and I've come here in hopes of solving this.

Malwarebytes Log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/28/2011 2:04:09 PM
mbam-log-2011-07-28 (14-04-09).txt

Scan type: Quick scan
Objects scanned: 156057
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As mentioned above, had to run in Safe Mode in order to get a completed scan, or it would just close on me.
Also, not sure why it's showing the database version as 6705, I manually transfered the rules files from this comp
(Don't wish to let the laptop connect to the net till this is all fixed), which are version 7294.
Nothing major found anyway, the SecurityCenter thing is more of a false positive.

GMER Log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-28 14:59:07
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AT rev.0022
Running: oqe3e6s5.exe; Driver: C:\DOCUME~1\Debs\LOCALS~1\Temp\kgwdiaob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB13223$\1143717067 0 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689 0 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\L 0 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\L\vssmqmgg 162816 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\loader.tlb 2540 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U 0 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U\@00000001 54368 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U\@000000c0 2560 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U\@000000cb 2048 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U\@80000000 24576 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U\@800000c0 33280 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U\@800000cb 27648 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\U\@800000cf 27648 bytes
File C:\WINDOWS\$NtUninstallKB13223$\149013689\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes

---- EOF - GMER 1.0.15 ----

aswMSR Log:
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-28 15:52:20
-----------------------------
15:52:20.203 OS Version: Windows 5.1.2600 Service Pack 2
15:52:20.203 Number of processors: 1 586 0xD06
15:52:20.203 ComputerName: DEBS-256AEA431A UserName: Debs
15:52:20.453 Initialize success
15:52:23.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:52:23.390 Disk 0 Vendor: FUJITSU_MHT2040AT 0022 Size: 38154MB BusType: 3
15:52:23.437 Disk 0 MBR read successfully
15:52:23.437 Disk 0 MBR scan
15:52:23.453 Disk 0 Windows XP default MBR code
15:52:23.468 Disk 0 scanning sectors +78124095
15:52:23.546 Disk 0 scanning C:\WINDOWS\system32\drivers
15:52:32.734 Service scanning
15:52:34.187 Modules scanning
*15:52:43.859 Module: C:\WINDOWS\system32\DRIVERS\netbt.sys **SUSPICIOUS**
15:52:50.984 Disk 0 trace - called modules:
*15:52:51.031 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf943bf00]<<
15:52:51.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x812dc370]
15:52:51.062 3 CLASSPNP.SYS[f9f7205b] -> nt!IofCallDriver -> [0xffb33f08]
*15:52:51.593 \Driver\00001150[0xffb708d0] -> IRP_MJ_CREATE -> 0xf943bf00
15:52:51.609 Scan finished successfully
15:54:22.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Debs\Desktop\MBR.dat "
15:54:22.859 The log file has been saved successfully to "C:\Documents and Settings\Debs\Desktop\aswMBR.log "

* =Lines that were highlighted in red

3 issues here, hopefully something to work with.

DDS Log:
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Debs at 15:42:53 on 2011-07-28
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.81 [GMT 10:00]
.
.
============== Running Processes ===============
.
"\\.\globalroot\Device\svchost.exe\svchost.exe "
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\docume~1\debs\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2011-7-13 12880]
R1 SASKUTIL;SASKUTIL;c:\docume~1\debs\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2011-7-13 67664]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-1-4 66048]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-26 39984]
S3 mpr_freader;MPR FileReader Driver;\??\c:\program files\multi password recovery\mpr_freader.sys --> c:\program files\multi password recovery\mpr_freader.sys [?]
.
=============== Created Last 30 ================
.
2011-07-27 10:35:59 -------- d-----w- c:\documents and settings\debs\application data\SUPERAntiSpyware.com
2011-07-27 10:35:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-27 09:58:53 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-07-27 03:01:30 -------- d-----w- c:\program files\common files\PC Tools
2011-07-27 01:47:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-26 08:07:05 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-26 08:06:13 -------- d-----w- c:\program files\CCleaner
2011-07-26 07:30:51 -------- d-----w- c:\documents and settings\debs\application data\Malwarebytes
2011-07-26 07:24:26 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 07:24:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-26 07:24:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 07:24:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 01:37:25 0 ----a-w- c:\documents and settings\all users\application data\ytpf.exe
2011-07-26 01:37:25 0 ----a-w- c:\documents and settings\all users\application data\rryd.exe
2011-07-26 01:37:25 0 ----a-w- c:\documents and settings\all users\application data\ipab.exe
2011-07-26 01:37:25 0 ----a-w- c:\documents and settings\all users\application data\dvcn.exe
2011-07-16 12:30:50 -------- d-----w- c:\program files\Ainvo
2011-07-16 06:06:30 -------- d-sh--w- c:\documents and settings\debs\IECompatCache
2011-07-16 03:33:06 -------- d-sh--w- c:\documents and settings\debs\PrivacIE
2011-07-16 03:17:15 -------- d-sh--w- c:\documents and settings\debs\IETldCache
2011-07-16 03:13:38 -------- d-----w- c:\windows\ie8updates
2011-07-16 03:05:13 -------- dc-h--w- c:\windows\ie8
2011-07-16 02:51:47 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-16 02:51:47 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-16 02:51:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-16 02:51:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-16 02:51:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-16 02:51:44 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-16 02:51:40 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-16 02:16:50 -------- d-----w- c:\program files\Free Window Registry Repair
2011-07-16 01:45:26 -------- d-----w- c:\documents and settings\all users\application data\RegCure
2011-07-16 01:29:50 -------- d-----w- c:\documents and settings\debs\local settings\application data\Promosoft Corporation
2011-07-16 01:05:39 -------- d-----w- c:\windows\system32\QVJGTGljZW5zZUluZm8=
2011-07-15 23:21:49 -------- d-----w- c:\documents and settings\debs\application data\DriverCure
2011-07-15 23:21:48 -------- d-----w- c:\documents and settings\debs\application data\ParetoLogic
2011-07-15 23:21:20 -------- d-----w- c:\program files\common files\ParetoLogic
2011-07-15 23:21:16 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2011-07-15 23:04:48 -------- d-----w- c:\documents and settings\debs\application data\ErrorTeck
.
==================== Find3M ====================
.
.
============= FINISH: 15:44:04.84 ===============

ATTACH LOG:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/2/2007 6:08:16 AM
System Uptime: 7/28/2011 3:02:11 PM (0 hours ago)
.
Motherboard: Quanta | | 09B8
Processor: Intel(R) Celeron(R) M processor 1.40GHz | U1 | 1396/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 24.23 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3080103C&REV_10\4&16793A72&0&00F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3080103C&REV_10\4&16793A72&0&00F0
Service: RTL8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11b/g WLAN
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12FA103C&REV_03\4&16793A72&0&30F0
Manufacturer: Broadcom
Name: Broadcom 802.11b/g WLAN
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12FA103C&REV_03\4&16793A72&0&30F0
Service: BCM43XX
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FD85CC09F00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3FD85CC09F00
Service: NIC1394
.
==== System Restore Points ===================
.
RP186: 6/20/2011 3:16:25 PM - System Checkpoint
RP187: 6/22/2011 11:43:22 PM - System Checkpoint
RP188: 7/7/2011 4:47:22 PM - System Checkpoint
RP189: 7/10/2011 10:11:33 AM - System Checkpoint
RP190: 7/14/2011 6:04:54 AM - System Checkpoint
RP191: 7/16/2011 9:10:21 AM - ErrorTeck Restore point
RP192: 7/16/2011 12:58:54 PM - Software Distribution Service 3.0
RP193: 7/16/2011 1:06:41 PM - Installed Windows Internet Explorer 8.
RP194: 7/16/2011 1:12:26 PM - Software Distribution Service 3.0
RP195: 7/17/2011 1:27:39 PM - System Checkpoint
RP196: 7/25/2011 11:20:06 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Battle.net
Broadcom 802.11 Driver
CCleaner
Conexant AC-Link Audio
Dungeon Siege Legends of Aranna
Free Window Registry Repair
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Help and Support
Intel(R) Extreme Graphics 2 Driver
InterVideo WinDVD
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) SE Runtime Environment 6 Update 1
Living Marine Aquarium 2 Animated Wallpaper
Malwarebytes' Anti-Malware version 1.51.0.1200
Memory Cleaner 2.3.1.271
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Quick Launch Buttons 5.00 C2
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VLC media player 1.0.3
WebFldrs XP
WG111v2 Configuration Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip 14.0
.
==== Event Viewer Messages From Past Week ========
.
7/28/2011 2:22:03 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/27/2011 8:19:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eabfiltr eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
7/27/2011 2:10:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/27/2011 2:03:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
7/27/2011 12:56:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
7/27/2011 1:32:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eabfiltr eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
7/27/2011 1:11:58 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\PC Tools Security\DllRunner.exe. Reference error message: The operation completed successfully. .
7/27/2011 1:08:11 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2011 1:04:40 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\PC Tools Security\SDContextExt32.dll. Reference error message: The operation completed successfully. .
7/27/2011 1:04:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
7/27/2011 1:04:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\PC Tools Security\libkumo.dll. Reference error message: The operation completed successfully. .
7/27/2011 1:04:33 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
7/27/2011 1:00:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/26/2011 7:26:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
7/26/2011 7:12:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eabfiltr eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/26/2011 7:12:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2011 7:12:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2011 7:12:30 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2011 7:12:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2011 7:12:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2011 7:11:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/26/2011 6:03:09 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
7/26/2011 12:16:54 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
7/26/2011 11:56:56 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
7/25/2011 12:56:14 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86466 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|10.0.0.8:123->64.4.10.44:123) is working properly.
7/25/2011 12:41:32 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/25/2011 11:20:36 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 10.0.0.8. The machine with the IP address 10.0.0.3 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================

That should be the lot, hopefully it helps in solving my problems.

Thx.

broni · 2011/07/27

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================

Free Window Registry Repair
Click to expand...

Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

===================================================

Download and run exeHelper.

Please download exeHelper from Raktor to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

A log file named log.txt will be created in the directory where you ran exeHelper.com

Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Let me know if it solves ".exe" issue.

Then....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Boogs · 2011/07/27

EXEHelper Log:
exeHelper by Raktor
Build 20100414
Run at 12:57:46 on 07/29/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

This works, but like the reg fix I used, after a reboot goes back to not working.

ComboFix Log:
ComboFix 11-07-27.03 - Debs 07/29/2011 13:28:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.22 [GMT 10:00]
Running from: c:\documents and settings\Debs\Desktop\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Debs\Application Data\a.exe
c:\documents and settings\Debs\Application Data\inst.exe
c:\documents and settings\Debs\My Documents\cc_20110726_183856.reg
c:\documents and settings\Debs\WINDOWS
c:\windows\$NtUninstallKB13223$
c:\windows\$NtUninstallKB13223$\1143717067
c:\windows\$NtUninstallKB13223$\149013689\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB13223$\149013689\L\vssmqmgg
c:\windows\$NtUninstallKB13223$\149013689\loader.tlb
c:\windows\$NtUninstallKB13223$\149013689\U\@00000001
c:\windows\$NtUninstallKB13223$\149013689\U\@000000c0
c:\windows\$NtUninstallKB13223$\149013689\U\@000000cb
c:\windows\$NtUninstallKB13223$\149013689\U\@000000cf
c:\windows\$NtUninstallKB13223$\149013689\U\@80000000
c:\windows\$NtUninstallKB13223$\149013689\U\@800000c0
c:\windows\$NtUninstallKB13223$\149013689\U\@800000cb
c:\windows\$NtUninstallKB13223$\149013689\U\@800000cf
c:\windows\regedit.com
c:\windows\system32\c_44901.nls
c:\windows\system32\taskmgr.com
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPR_FREADER
-------\Service_mpr_freader
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-29 03:22 . 2004-08-04 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-07-27 10:35 . 2011-07-27 10:35 -------- d-----w- c:\documents and settings\Debs\Application Data\SUPERAntiSpyware.com
2011-07-27 10:35 . 2011-07-27 11:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-27 09:58 . 2011-07-27 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-27 04:10 . 2011-07-27 04:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-07-27 03:01 . 2011-07-27 03:17 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-27 01:47 . 2011-07-27 01:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-26 08:07 . 2011-07-26 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-26 08:06 . 2011-07-26 08:37 -------- d-----w- c:\program files\CCleaner
2011-07-26 07:30 . 2011-07-26 07:30 -------- d-----w- c:\documents and settings\Debs\Application Data\Malwarebytes
2011-07-26 07:24 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 07:24 . 2011-07-26 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-26 07:24 . 2011-07-26 08:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 07:24 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 01:37 . 2011-07-26 01:37 0 ----a-w- c:\documents and settings\All Users\Application Data\ytpf.exe
2011-07-26 01:37 . 2011-07-26 01:37 0 ----a-w- c:\documents and settings\All Users\Application Data\rryd.exe
2011-07-26 01:37 . 2011-07-26 01:37 0 ----a-w- c:\documents and settings\All Users\Application Data\ipab.exe
2011-07-26 01:37 . 2011-07-26 01:37 0 ----a-w- c:\documents and settings\All Users\Application Data\dvcn.exe
2011-07-16 12:30 . 2011-07-16 12:30 -------- d-----w- c:\program files\Ainvo
2011-07-16 06:06 . 2011-07-16 06:06 -------- d-sh--w- c:\documents and settings\Debs\IECompatCache
2011-07-16 03:33 . 2011-07-16 03:33 -------- d-sh--w- c:\documents and settings\Debs\PrivacIE
2011-07-16 03:17 . 2011-07-16 03:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-16 03:17 . 2011-07-16 03:17 -------- d-sh--w- c:\documents and settings\Debs\IETldCache
2011-07-16 03:05 . 2011-07-16 03:07 -------- dc-h--w- c:\windows\ie8
2011-07-16 02:51 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-16 02:51 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-16 02:51 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-16 02:51 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-16 02:51 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-16 02:51 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-16 02:51 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-16 02:16 . 2011-07-26 08:48 -------- d-----w- c:\program files\Free Window Registry Repair
2011-07-16 01:45 . 2011-07-16 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2011-07-16 01:29 . 2011-07-16 01:29 -------- d-----w- c:\documents and settings\Debs\Local Settings\Application Data\Promosoft Corporation
2011-07-16 01:05 . 2011-07-16 01:06 -------- d-----w- c:\windows\system32\QVJGTGljZW5zZUluZm8=
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\Debs\Application Data\DriverCure
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\Debs\Application Data\ParetoLogic
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-07-15 23:04 . 2011-07-15 23:11 -------- d-----w- c:\documents and settings\Debs\Application Data\ErrorTeck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"Cpqset "= "c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-18 290816]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman "=" "
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
.
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/4/2007 3:59 AM 66048]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/26/2011 5:24 PM 39984]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 13:39
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????h????|?????? ???B?????????????H<C? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(424)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(480)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(1624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-29 13:46:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-29 03:46
.
Pre-Run: 26,332,868,608 bytes free
Post-Run: 26,426,982,400 bytes free
.
- - End Of File - - DCB553ABB6420FA90D2BB08510D7A3F6

With the Recovery Console, I had to say no to the download, as I mentioned dont want the comp accessing the net till it's clean.
Also, XP HOME was pre installed on the laptop, And I dont have a copy of XP Home to get it from the CD.
But I do have a copy of XP PRO I can get it from, but as I have a Service Pack installed need to get/currently downloading a SP Intergration pack to get it from that(According to Microsoft's support site).
If you need me to run ComboFix again once I've got it, no problem.

As a result of this didn't want to just close/cancel ComboFix, so had to let it run.
It found a rootkit called ZeroAccess, not totaly sure, but I think it may have got rid of it.
Although the .exe issue is still happening, but instead of .exe files giving me an error, it's now asking me to choose what to open it with, so on the right track, hopefully(And exeHelper still doesn't fix).

Hopefully something to work with.

broni · 2011/07/27

ZeroAccess is a fairly new and rather nasty rootkit.
We'll see what we can do....

Uninstall RegCure and Free Window Registry Repair for reasons I mentioned in my previous reply.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\documents and settings\All Users\Application Data\ytpf.exe
c:\documents and settings\All Users\Application Data\rryd.exe
c:\documents and settings\All Users\Application Data\ipab.exe
c:\documents and settings\All Users\Application Data\dvcn.exe

DirLook::
c:\windows\system32\QVJGTGljZW5zZUluZm8=
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Boogs · 2011/07/28

Seems RegCure was already uninstalled, just some left over undeleted files by the looks of it.
(My dad is the only one that uses this laptop now, guess he's not very good at cleaning up after uninstalling programs, hehe.)
FWRR is uninstalled now.
And yes, think I'll give reg cleaners the flick, thx.

Got Recovery Console installed now, for ComboFix

(New) ComboFix Log:
ComboFix 11-07-27.03 - Debs 07/29/2011 15:20:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.12 [GMT 10:00]
Running from: c:\documents and settings\Debs\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Debs\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users\Application Data\dvcn.exe "
"c:\documents and settings\All Users\Application Data\ipab.exe "
"c:\documents and settings\All Users\Application Data\rryd.exe "
"c:\documents and settings\All Users\Application Data\ytpf.exe "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dvcn.exe
c:\documents and settings\All Users\Application Data\ipab.exe
c:\documents and settings\All Users\Application Data\rryd.exe
c:\documents and settings\All Users\Application Data\ytpf.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-29 04:18 . 2011-07-29 04:56 -------- d-----w- C:\XPSP2
2011-07-29 04:18 . 2011-07-29 05:02 -------- d-----w- C:\XPCD
2011-07-29 03:22 . 2004-08-04 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-07-27 10:35 . 2011-07-27 10:35 -------- d-----w- c:\documents and settings\Debs\Application Data\SUPERAntiSpyware.com
2011-07-27 10:35 . 2011-07-27 11:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-27 09:58 . 2011-07-27 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-27 04:10 . 2011-07-27 04:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-07-27 03:01 . 2011-07-27 03:17 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-27 01:47 . 2011-07-27 01:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-26 08:07 . 2011-07-26 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-26 08:06 . 2011-07-26 08:37 -------- d-----w- c:\program files\CCleaner
2011-07-26 07:30 . 2011-07-26 07:30 -------- d-----w- c:\documents and settings\Debs\Application Data\Malwarebytes
2011-07-26 07:24 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 07:24 . 2011-07-26 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-26 07:24 . 2011-07-26 08:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 07:24 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 12:30 . 2011-07-16 12:30 -------- d-----w- c:\program files\Ainvo
2011-07-16 06:06 . 2011-07-16 06:06 -------- d-sh--w- c:\documents and settings\Debs\IECompatCache
2011-07-16 03:33 . 2011-07-16 03:33 -------- d-sh--w- c:\documents and settings\Debs\PrivacIE
2011-07-16 03:17 . 2011-07-16 03:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-16 03:17 . 2011-07-16 03:17 -------- d-sh--w- c:\documents and settings\Debs\IETldCache
2011-07-16 03:05 . 2011-07-16 03:07 -------- dc-h--w- c:\windows\ie8
2011-07-16 02:51 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-16 02:51 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-16 02:51 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-16 02:51 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-16 02:51 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-16 02:51 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-16 02:51 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-16 01:29 . 2011-07-16 01:29 -------- d-----w- c:\documents and settings\Debs\Local Settings\Application Data\Promosoft Corporation
2011-07-16 01:05 . 2011-07-16 01:06 -------- d-----w- c:\windows\system32\QVJGTGljZW5zZUluZm8=
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\Debs\Application Data\DriverCure
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\Debs\Application Data\ParetoLogic
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-07-15 23:04 . 2011-07-15 23:11 -------- d-----w- c:\documents and settings\Debs\Application Data\ErrorTeck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\QVJGTGljZW5zZUluZm8= ----
.
2011-07-16 01:06 . 2011-07-16 01:06 89 ---h--w- c:\windows\system32\QVJGTGljZW5zZUluZm8=\QVJGTGljZW5zZUluZm8=.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"Cpqset "= "c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-18 290816]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
.
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/4/2007 3:59 AM 66048]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/26/2011 5:24 PM 39984]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 15:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????h????|?????? ???B?????????????H<C? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(424)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(480)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-07-29 15:33:11
ComboFix-quarantined-files.txt 2011-07-29 05:33
ComboFix2.txt 2011-07-29 03:46
.
Pre-Run: 25,204,350,976 bytes free
Post-Run: 25,190,375,424 bytes free
.
- - End Of File - - CC9B7F221631849B5D95E1DAB07A8B09

broni · 2011/07/28

How is computer doing at the moment?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\windows\system32\QVJGTGljZW5zZUluZm8=
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Boogs · 2011/07/28

ComboFix Log:
ComboFix 11-07-27.03 - Debs 07/30/2011 11:59:14.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.14 [GMT 10:00]
Running from: c:\documents and settings\Debs\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Debs\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\QVJGTGljZW5zZUluZm8=
c:\windows\system32\QVJGTGljZW5zZUluZm8=\QVJGTGljZW5zZUluZm8=.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-29 04:18 . 2011-07-29 04:56 -------- d-----w- C:\XPSP2
2011-07-29 04:18 . 2011-07-29 05:02 -------- d-----w- C:\XPCD
2011-07-29 03:22 . 2004-08-04 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-07-27 10:35 . 2011-07-27 10:35 -------- d-----w- c:\documents and settings\Debs\Application Data\SUPERAntiSpyware.com
2011-07-27 10:35 . 2011-07-27 11:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-27 09:58 . 2011-07-27 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-27 04:10 . 2011-07-27 04:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-07-27 03:01 . 2011-07-27 03:17 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-27 01:47 . 2011-07-27 01:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-26 08:07 . 2011-07-26 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-26 08:06 . 2011-07-26 08:37 -------- d-----w- c:\program files\CCleaner
2011-07-26 07:30 . 2011-07-26 07:30 -------- d-----w- c:\documents and settings\Debs\Application Data\Malwarebytes
2011-07-26 07:24 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 07:24 . 2011-07-26 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-26 07:24 . 2011-07-26 08:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 07:24 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 12:30 . 2011-07-16 12:30 -------- d-----w- c:\program files\Ainvo
2011-07-16 06:06 . 2011-07-16 06:06 -------- d-sh--w- c:\documents and settings\Debs\IECompatCache
2011-07-16 03:33 . 2011-07-16 03:33 -------- d-sh--w- c:\documents and settings\Debs\PrivacIE
2011-07-16 03:17 . 2011-07-16 03:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-16 03:17 . 2011-07-16 03:17 -------- d-sh--w- c:\documents and settings\Debs\IETldCache
2011-07-16 03:05 . 2011-07-16 03:07 -------- dc-h--w- c:\windows\ie8
2011-07-16 02:51 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-16 02:51 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-16 02:51 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-16 02:51 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-16 02:51 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-16 02:51 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-16 02:51 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-16 01:29 . 2011-07-16 01:29 -------- d-----w- c:\documents and settings\Debs\Local Settings\Application Data\Promosoft Corporation
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\Debs\Application Data\DriverCure
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\Debs\Application Data\ParetoLogic
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-07-15 23:21 . 2011-07-15 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-07-15 23:04 . 2011-07-15 23:11 -------- d-----w- c:\documents and settings\Debs\Application Data\ErrorTeck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"Cpqset "= "c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-18 290816]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
.
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/4/2007 3:59 AM 66048]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Debs\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/26/2011 5:24 PM 39984]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-30 12:13
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????h????|?????? ???B?????????????H<C? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(420)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(476)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-07-30 12:18:13
ComboFix-quarantined-files.txt 2011-07-30 02:18
ComboFix2.txt 2011-07-29 05:33
ComboFix3.txt 2011-07-29 03:46
.
Pre-Run: 25,263,910,912 bytes free
Post-Run: 25,255,796,736 bytes free
.
- - End Of File - - 6B3F9FC047F6B38D949450B0497CF893

Should I try running a scanner to see if it still closes when scanning the registry?
Still getting the .exe problem.
But has fixed another problem I noticed was happening, "Folder Options" would, after a reboot, reset to "Open each folder in the same window ".
That is now fixed and staying on "...own window" how I like it.
Still an issue somewhere I guess?

broni · 2011/07/28

Good

With the latest Combofix run did you get "ZeroAccess" warning?

Now I want you to check if you can update and run MBAM in normal mode.

Also...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
consrv.dll
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Boogs · 2011/07/28

After the very first run of ComboFix, haven't had the ZeroAccess warning since.

Malwarebytes is now able to complete a Quick Scan!
And with updating it, forgot about updating the program itself, that's done now.
Also noticed that when manually transfering the rules file, although it is still showing the wrong database version, the number of fingerprints it loads is acurate.
Did you want a log from it? Posting in case(Nothing found though):

Malwarebytes Log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/30/2011 2:30:01 PM
mbam-log-2011-07-30 (14-30-01).txt

Scan type: Quick scan
Objects scanned: 155850
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SystemLook wont run(Even in Safe Mode). Tried both links.
Error: "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem. "
Need something else installed first?

broni · 2011/07/29

That's fine.

This works, but like the reg fix I used, after a reboot goes back to not working.
Click to expand...

Does it hold now?

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
consrv.dll
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Boogs · 2011/07/29

No, the .exe issue is still happening.
And also, now the "Folder Option" I mentioned earlier as being fixed, is starting to default itself again.

OTL Log:
OTL logfile created on: 7/31/2011 12:08:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Debs\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.42 Mb Total Physical Memory | 14.78 Mb Available Physical Memory | 6.64% Memory free
543.07 Mb Paging File | 387.75 Mb Available in Paging File | 71.40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.49 Gb Free Space | 63.07% Space Free | Partition Type: NTFS

Computer Name: DEBS-256AEA431A | User Name: Debs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 10:31:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debs\Desktop\OTL.exe
PRC - [2007/06/13 20:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/07/30 10:31:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debs\Desktop\OTL.exe
MOD - [2006/08/26 01:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

========== Driver Services (SafeList) ==========

DRV - [2007/04/10 18:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/03/13 06:00:55 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/03/11 11:16:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/11/09 08:06:08 | 000,085,504 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/10/15 00:53:00 | 000,276,480 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/10/15 00:52:02 | 000,292,864 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/08/05 11:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/28 20:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/15 02:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/10 21:40:28 | 000,199,552 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/03/10 21:37:26 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/03/10 21:35:48 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/07 06:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

O1 HOSTS File: ([2011/07/30 12:13:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecConsole = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.melbourne-airport.com.au/images/logos/melair.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Amber Migration.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/02 05:25:33 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 12:04:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debs\Desktop\OTL.exe
[2011/07/30 12:37:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/30 12:18:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/29 15:04:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/29 15:04:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/07/29 14:18:37 | 000,000,000 | ---D | C] -- C:\XPSP2
[2011/07/29 14:18:28 | 000,000,000 | ---D | C] -- C:\XPCD
[2011/07/29 13:00:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/29 13:00:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/29 13:00:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/29 13:00:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/29 12:59:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/29 12:59:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/29 12:51:32 | 004,155,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Debs\Desktop\ComboFix.exe
[2011/07/28 13:27:38 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Debs\Desktop\aswMBR.exe
[2011/07/28 13:27:38 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Debs\Desktop\dds.scr
[2011/07/27 20:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debs\Application Data\SUPERAntiSpyware.com
[2011/07/27 20:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/27 20:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/27 19:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/27 13:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/07/27 11:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/27 11:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/26 18:08:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Debs\Recent
[2011/07/26 18:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/26 18:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/26 18:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/26 17:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debs\Application Data\Malwarebytes
[2011/07/26 17:24:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/26 17:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 17:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/26 17:24:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/26 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/26 12:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/16 22:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ainvo
[2011/07/16 22:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Ainvo
[2011/07/16 16:06:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Debs\IECompatCache
[2011/07/16 13:33:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Debs\PrivacIE
[2011/07/16 13:17:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Debs\IETldCache
[2011/07/16 13:13:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/07/16 13:05:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/16 11:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debs\Local Settings\Application Data\Promosoft Corporation
[2011/07/16 09:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debs\Application Data\DriverCure
[2011/07/16 09:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debs\Application Data\ParetoLogic
[2011/07/16 09:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/07/16 09:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/07/16 09:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debs\Application Data\ErrorTeck
[2010/03/01 20:16:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Debs\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 11:58:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 11:58:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 11:58:06 | 233,295,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 12:13:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/30 10:31:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debs\Desktop\OTL.exe
[2011/07/29 15:04:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2011/07/29 12:53:15 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ainvo Memory Cleaner.lnk
[2011/07/28 13:28:22 | 000,002,600 | ---- | M] () -- C:\Documents and Settings\Debs\Desktop\xp_exe_fix.reg
[2011/07/28 12:47:09 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Debs\Desktop\ComboFix.exe
[2011/07/28 12:45:51 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Debs\Desktop\exeHelper.com
[2011/07/27 22:48:08 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\Debs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/27 22:47:34 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege.lnk
[2011/07/27 22:47:20 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege Legends of Aranna.lnk
[2011/07/27 15:55:25 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2011/07/27 11:56:51 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Debs\Desktop\dds.scr
[2011/07/27 11:56:29 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Debs\Desktop\aswMBR.exe
[2011/07/27 11:55:29 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Debs\Desktop\oqe3e6s5.exe
[2011/07/26 18:38:08 | 000,004,238 | ---- | M] () -- C:\Documents and Settings\Debs\My Documents\cc_20110726_183804.reg
[2011/07/26 17:45:34 | 000,014,200 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/07/25 18:20:44 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Debs\Desktop\Inherit.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 14:43:01 | 233,295,872 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/29 15:04:36 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2011/07/29 15:04:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/29 13:00:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/29 13:00:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/29 13:00:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/29 13:00:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/29 13:00:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/29 12:51:33 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Debs\Desktop\exeHelper.com
[2011/07/28 14:12:01 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Debs\Desktop\Inherit.exe
[2011/07/28 13:27:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Debs\Desktop\oqe3e6s5.exe
[2011/07/26 18:38:06 | 000,004,238 | ---- | C] () -- C:\Documents and Settings\Debs\My Documents\cc_20110726_183804.reg
[2011/07/26 11:37:35 | 000,014,200 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/07/16 22:30:54 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ainvo Memory Cleaner.lnk
[2011/07/16 13:17:24 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\Debs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/29 12:03:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2010/11/01 19:09:02 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2010/11/01 18:52:58 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL
[2010/11/01 18:52:58 | 000,004,608 | ---- | C] () -- C:\WINDOWS\MTNEWS.DLL
[2010/11/01 18:52:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\BestGame.ini
[2010/03/01 20:17:29 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Debs\Application Data\vso_ts_preview.xml
[2010/03/01 20:16:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Debs\Application Data\pcouffin.cat
[2010/03/01 20:16:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Debs\Application Data\pcouffin.inf
[2010/02/16 11:03:41 | 000,000,191 | ---- | C] () -- C:\WINDOWS\pcgamer.ini
[2010/02/16 11:03:33 | 000,009,813 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/02/16 10:36:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/02/07 10:20:08 | 000,000,585 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/07 10:19:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\pex.exe
[2010/01/20 11:44:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/06/21 14:06:59 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/05/22 14:12:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/03/15 15:42:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vcccp106.dll
[2007/03/15 15:42:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dcccp106.dll
[2007/03/15 15:42:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2007/03/15 14:46:04 | 000,000,160 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2007/03/14 15:42:44 | 000,000,768 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/03/13 06:41:07 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSya.DLL
[2007/03/13 06:39:57 | 000,000,356 | R--- | C] () -- C:\WINDOWS\System32\CNCASv50.ini
[2007/03/13 06:39:41 | 000,000,462 | R--- | C] () -- C:\WINDOWS\System32\CNCMP50.INI
[2007/03/10 09:13:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Twacker.ini
[2007/03/10 09:13:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\lifeview.ini
[2007/02/20 13:04:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/01/04 02:28:20 | 000,002,179 | ---- | C] () -- C:\WINDOWS\CMOTech_Driver.ini
[2007/01/02 12:01:49 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/01/02 05:45:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/02 05:29:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/02 05:29:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/02 05:29:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/02 05:29:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/02 05:29:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/02 05:29:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/02 05:24:53 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/01/02 05:18:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\igfxtray.exe
[2007/01/02 05:08:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/01/02 05:01:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/01 20:53:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/01/01 20:51:08 | 000,261,432 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 22:00:00 | 000,401,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 22:00:00 | 000,062,542 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 22:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/14 11:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/29 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/29 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/28 06:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/14 00:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2004/01/03 14:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/05/12 11:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2007/05/23 01:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/09/19 14:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License
[2011/07/26 18:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/01/02 05:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/07/16 09:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/03/19 09:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/07/28 03:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/09/11 11:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/07/28 04:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/07/27 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/15 12:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/07/08 12:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2007/03/11 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\ACD Systems
[2011/07/16 09:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\DriverCure
[2011/07/16 09:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\ErrorTeck
[2007/05/12 11:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\FloodLightGames
[2007/10/19 11:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\ForgottenRiddles
[2007/02/03 13:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\InterVideo
[2007/03/29 09:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\Leadertech
[2007/10/19 02:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\Legends of pirates
[2007/06/08 10:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\Magic Academy
[2010/09/18 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\MSNInstaller
[2007/08/20 12:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\Mysteryville2
[2011/07/16 09:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\ParetoLogic
[2007/07/28 03:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\PlayFirst
[2010/03/08 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debs\Application Data\Vso

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/01/02 05:25:33 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/27 15:55:25 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2011/07/29 15:04:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/07/30 12:18:14 | 000,008,609 | ---- | M] () -- C:\ComboFix.txt
[2007/01/02 05:05:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/31 11:58:06 | 233,295,872 | -HS- | M] () -- C:\hiberfil.sys
[2007/01/02 05:05:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/01/02 05:05:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/26 16:54:58 | 000,993,715 | ---- | M] () -- C:\new_log.html
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 22:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/07/31 11:58:04 | 349,839,360 | -HS- | M] () -- C:\pagefile.sys
[2010/11/01 18:56:07 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007/10/19 01:56:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/03/28 05:44:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/02/06 09:58:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/02/06 10:00:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/02/06 10:01:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/02/16 12:20:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/02/16 12:20:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/02/16 12:22:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/02/16 12:24:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/02/16 16:02:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/02/16 16:11:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/02/16 16:11:16 | 000,000,160 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/02/16 16:11:16 | 000,000,160 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/03/07 14:10:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2007/07/25 10:43:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2007/10/19 01:06:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2007/10/19 01:11:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2007/10/19 01:17:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2007/10/19 01:20:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2007/10/19 01:55:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2007/02/06 09:58:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/02/06 10:00:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/02/06 10:01:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/02/16 12:20:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/02/16 12:20:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/02/16 12:22:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/02/16 12:24:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/02/16 16:02:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/02/16 16:11:16 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/03/07 14:10:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/07/25 10:43:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/10/19 01:06:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/10/19 01:11:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/10/19 01:17:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2007/10/19 01:20:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2007/10/19 01:55:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2007/10/19 01:56:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/03/28 05:44:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2007/01/30 09:52:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2007/02/06 09:58:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2011/07/26 18:28:07 | 000,041,068 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_26.07.2011_18.26.46_log.txt
[2011/07/26 18:36:45 | 000,040,158 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_26.07.2011_18.35.20_log.txt
[2011/07/26 19:06:22 | 000,040,158 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_26.07.2011_19.05.38_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/01/02 05:04:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2002/09/30 06:00:00 | 000,013,824 | R--- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDya.DLL
[2002/09/30 06:00:00 | 000,046,080 | R--- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPya.DLL
[2006/10/27 13:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/03/14 11:57:30 | 000,001,554 | -H-- | M] () -- C:\Documents and Settings\Debs\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/01/01 20:50:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/01/01 20:50:25 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/01/01 20:50:25 | 000,880,640 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2007/01/02 05:05:22 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/01/02 05:12:18 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Debs\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/01/02 05:12:17 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Debs\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/07/27 11:56:29 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Debs\Desktop\aswMBR.exe
[2011/07/28 12:47:09 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Debs\Desktop\ComboFix.exe
[2011/07/25 18:20:44 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Debs\Desktop\Inherit.exe
[2011/07/27 11:55:29 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Debs\Desktop\oqe3e6s5.exe
[2011/07/30 10:31:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debs\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/01/02 05:12:17 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Debs\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/16 20:27:21 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Debs\Cookies\desktop.ini
[2011/07/31 11:58:46 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Debs\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/04 22:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 22:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 19:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 19:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/08/04 19:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 19:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/14 02:24:37 | 001,694,208 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 22:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 22:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 22:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 19:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 19:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

broni · 2011/07/29

I still need Extras.txt log.

Boogs · 2011/07/29

Yeh, too long to post both

Extras Log:
OTL Extras logfile created on: 7/31/2011 12:08:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Debs\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.42 Mb Total Physical Memory | 14.78 Mb Available Physical Memory | 6.64% Memory free
543.07 Mb Paging File | 387.75 Mb Available in Paging File | 71.40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.49 Gb Free Space | 63.07% Space Free | Partition Type: NTFS

Computer Name: DEBS-256AEA431A | User Name: Debs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B8811DB-64BA-4F9A-8E0F-481D5583F1E5}" = Living Marine Aquarium 2 Animated Wallpaper
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C569D686-A444-4AF0-A437-15CBB2816E34}" = TIxx21/x515
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"Battle.net" = Battle.net
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"CCleaner" = CCleaner
"Conexant PCI Audio" = Conexant AC-Link Audio
"Dungeon Siege Legends of Aranna 1.0" = Dungeon Siege Legends of Aranna
"ENTERPRISE" = Microsoft Office Enterprise 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{C569D686-A444-4AF0-A437-15CBB2816E34}" = Texas Instruments PCIxx21/x515 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Memory Cleaner_is1" = Memory Cleaner 2.3.1.271
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/15/2011 11:09:07 PM | Computer Name = DEBS-256AEA431A | Source = ESENT | ID = 454
Description = wuauclt (956) Database recovery/restore failed with unexpected error
-1216.

Error - 7/15/2011 11:09:07 PM | Computer Name = DEBS-256AEA431A | Source = ESENT | ID = 485
Description = wuauclt (956) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log "
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 7/15/2011 11:09:08 PM | Computer Name = DEBS-256AEA431A | Source = ESENT | ID = 486
Description = wuauclt (776) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log "
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" failed with system
error 183 (0x000000b7): "Cannot create a file when that file already exists. ".
The move file operation will fail with error -1022 (0xfffffc02).

Error - 7/15/2011 11:09:09 PM | Computer Name = DEBS-256AEA431A | Source = ESENT | ID = 413
Description = wuauclt (776) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1022.

Error - 7/15/2011 11:09:09 PM | Computer Name = DEBS-256AEA431A | Source = ESENT | ID = 492
Description = wuauclt (776) The logfile sequence in "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\ "
has been halted due to a fatal error. No further updates are possible for the
databases that use this logfile sequence. Please correct the problem and restart
or restore from backup.

Error - 7/26/2011 11:07:30 PM | Computer Name = DEBS-256AEA431A | Source = sdCoreService | ID = 0
Description =

Error - 7/26/2011 11:11:55 PM | Computer Name = DEBS-256AEA431A | Source = pctsSvc.exe | ID = 0
Description =

Error - 7/27/2011 12:00:19 AM | Computer Name = DEBS-256AEA431A | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Debs\Desktop\AVG Anti-Virus
Professional 9.0 Build 663a1706\avg_avwt_stf_all_90_663a1706\vcredist.msi is not
permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 7/27/2011 12:12:36 AM | Computer Name = DEBS-256AEA431A | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Debs\Desktop\AVG Anti-Virus
Professional 9.0 Build 663a1706\avg_avwt_stf_all_90_663a1706\vcredist.msi is not
permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 7/27/2011 5:51:24 AM | Computer Name = DEBS-256AEA431A | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/30/2011 12:38:16 AM | Computer Name = DEBS-256AEA431A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD eabfiltr eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
Tcpip
WS2IFSL

Error - 7/30/2011 12:38:24 AM | Computer Name = DEBS-256AEA431A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/30/2011 12:39:04 AM | Computer Name = DEBS-256AEA431A | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/30/2011 12:39:04 AM | Computer Name = DEBS-256AEA431A | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/30/2011 12:39:04 AM | Computer Name = DEBS-256AEA431A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\Debs\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 7/30/2011 12:40:37 AM | Computer Name = DEBS-256AEA431A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/30/2011 12:43:21 AM | Computer Name = DEBS-256AEA431A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 7/30/2011 6:45:20 AM | Computer Name = DEBS-256AEA431A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 7/30/2011 9:55:20 PM | Computer Name = DEBS-256AEA431A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 7/30/2011 9:58:36 PM | Computer Name = DEBS-256AEA431A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

< End of report >

broni · 2011/07/29

At this point you should be OK to reconnect to the internet.

Make sure your Windows firewall is on before you do it.

Firstly I want to see, if internet connection, browsers work fine.
Then, I want you to install one of these AV programs:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
Update, run full scan, report on any findings.
Lastly I want you to update MBAM, run FULL scan and post new log.

At the same time I'll check your OTL logs and post next instructions.

broni · 2011/07/29

Proceed with steps listed below only when you're done with my previous instructions.

Your computer has very little of RAM:

222.42 Mb Total Physical Memory
Click to expand...

It must be slow as molasses....

===================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - [2007/04/10 18:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/03/13 06:00:55 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = localhost
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - Reg Error: Key error. File not found
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/07/26 17:45:34 | 000,014,200 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\05a3a062i5h21hn5r14r184j8402x6866h8
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Boogs · 2011/07/30

Ok, will get working on all this.

The laptop is quite old, and so yeh, is quite slow.
My dad only uses it for internet stuff these days, so not that big an issue.

Quick question, JavaRa is run after the update, not before?

Might be a day or two before I get back to you with the results.

broni · 2011/07/30

JavaRa is run after the update, not before?
Click to expand...

Normally yes.

broni · 2011/08/03

Still with me?

Boogs · 2011/08/04

Yep, back now.

Internet browser seems to be working fine.
Avast installed, updated, and scanned. Found 92 infections lol
There a way of saving the log(Can only view in program), if you want to see it?
Malwarebytes updated and scanned.
Java updated and cleaned

OTL is running atm, but not sure it's doing anything, seems stuck on processing the very first fix.
Will let it run a while longer, but doesn't seem to be doing anything.

Can't post logs till it's done.

{Edit}
Malwarebytes Log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7369

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/5/2011 3:07:16 PM
mbam-log-2011-08-05 (15-07-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 188674
Time elapsed: 1 hour(s), 33 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{f5cc8b0e-fcc8-40b9-bfd8-9fc07a4ba771}\RP196\A0082788.dll (PUP.FunWebProducts) -> No action taken.

Got OTL going, but after reboot it couldn't run due to .exe issue, so no log.
Found a folder on C: drive though, which had a log file it likely would have shown:

All processes killed
========== OTL ==========
Service eeCtrl stopped successfully!
Service eeCtrl deleted successfully!
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys moved successfully.
Service tmcomm stopped successfully!
Service tmcomm deleted successfully!
C:\WINDOWS\system32\drivers\tmcomm.sys moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ic32pp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571}\ not found.
File {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - Reg Error: Key error. File not found not found.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CNCUPM2K.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\05a3a062i5h21hn5r14r184j8402x6866h8 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4295826C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Debs
->Temp folder emptied: 11047617 bytes
->Temporary Internet Files folder emptied: 8878218 bytes
->Java cache emptied: 63181 bytes
->Flash cache emptied: 362 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 458 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 88520 bytes

Total Files Cleaned = 19.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Debs
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08052011_171006

broni · 2011/08/04

Your MBAM log says "No action taken ".
Re-run MBAM, FIX all issues and post new log.

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Log in or Sign up

Solved Scanners Can't Scan Registry+Corrupt .exe File Assosiation

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Scanners Can't Scan Registry+Corrupt .exe File Assosiation

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Boogs Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches