1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Malware/Keeps rebooting after blue screen

Discussion in 'Malware and Virus Removal Archive' started by Woodstock, 2011/03/23.

Page 1 of 4
  1. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    [Resolved] Malware/Keeps rebooting after blue screen

    I had a melware called animal doctor, I followed some steps on another site that was suppose to remove threat but now comp keeps re-booting, once it hits the blue screen it repeats. I don't have me original XP disk so i've downloaded one hoping it would go but nothing changes.
    Please help I ma very egar to get past this step, willing to remormat but I can't figure out how.
    thank you, hope i'm falling codes other forums did not help
     
    Woodstock,
    #1
  2. 2011/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================

    Would it be Antimalware Doctor rather?

    Did you try to start in Safe Mode?
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    It was antimalware doctor, I have tried to start it in safe mode when it promtes me too same outcome
     
    Woodstock,
    #3
  5. 2011/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
    broni,
    #4
  6. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    My only problem then i'm at now is I have 2x DVD rw cds when I go to instal on to disk the program Imgburn infroms me there is no room, i've reformatted the disk but still nothin. Even tried to extract to cd but then does not work on comp
     
    Woodstock,
    #5
  7. 2011/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It has to be CDR.
     
    broni,
    #6
  8. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    Ok I will get a CDR within days and will get back. Thank you for your help so far.
     
    Woodstock,
    #7
  9. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    Actually going now
     
    Woodstock,
    #8
  10. 2011/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok.....
     
    broni,
    #9
  11. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    OTL logfile created on: 3/24/2011 12:13:07 AM - Run
    OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 309.00 Mb Available Physical Memory | 62.00% Memory free
    454.00 Mb Paging File | 334.00 Mb Available in Paging File | 74.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 66.72 Gb Total Space | 37.59 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (ANIWZCSdService)
    SRV - [2011/03/22 23:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2008/07/09 09:58:42 | 000,143,360 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
    SRV - [2008/03/27 15:24:46 | 000,348,160 | ---- | M] (Marvell) [Auto] -- C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe -- (HPM1319RcvFaxSrvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (rt2870)
    DRV - File not found [Kernel | On_Demand] -- -- (RimUsb)
    DRV - File not found [Kernel | Boot] -- -- (pulckaa)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (npaa2a9)
    DRV - File not found [Kernel | On_Demand] -- -- (mcdbus)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (gjje79a)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | System] -- -- (achaa58)
    DRV - [2011/03/22 23:16:28 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2011/03/22 23:16:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2011/03/22 23:16:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/08/09 21:05:08 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/09/25 13:10:43 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2008/09/12 12:37:40 | 000,443,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8192u.sys -- (RTL8192u)
    DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2008/03/27 15:21:38 | 000,013,824 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HP1319FAX.sys -- (HP1319FAX)
    DRV - [2008/03/27 15:21:36 | 000,012,800 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HP1319EWS.sys -- (HP1319EWS)
    DRV - [2007/05/12 17:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
    DRV - [2007/05/10 18:28:00 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/06/13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2006/06/01 08:55:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2006/04/10 14:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
    DRV - [2006/01/25 10:44:52 | 000,488,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2006/01/17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006/01/17 10:19:46 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
    DRV - [2006/01/17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/01/17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006/01/17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2005/12/13 23:08:00 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\Ben_Sage_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

    IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes


    FF - HKLM\software\mozilla\Firefox\extensions\\{A922CF20-CFF6-43F0-B526-940D70ED19AA}: C:\Documents and Settings\Ben Sage\Local Settings\Application Data\{A922CF20-CFF6-43F0-B526-940D70ED19AA} [2010/08/19 21:00:52 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/03/22 23:13:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/03/22 23:15:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 22:03:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 11:37:49 | 000,000,000 | ---D | M]

    [2011/03/22 23:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Tango) - {DCC9EA44-9A10-4C9E-B9CE-2173D806D501} - File not found
    O3 - HKU\Ben_Sage_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ANIWZCS2Service] File not found
    O4 - HKLM..\Run: [avast5] File not found
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files\D-Link\DWA-130\AirNCFG.exe (D-Link)
    O4 - HKLM..\Run: [erosaxwcmn.tmp] File not found
    O4 - HKLM..\Run: [INPROCOMMWireless] File not found
    O4 - HKLM..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
    O4 - HKLM..\Run: [Yrataqogu] C:\WINDOWS\asiwikisoxebuxe.dll ()
    O4 - HKU\Ben_Sage_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\Ben_Sage_ON_C..\Run: [Fbubilareju] C:\WINDOWS\sonmsyc.dll ()
    O4 - HKU\Ben_Sage_ON_C..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
    O4 - HKU\Ben_Sage_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
    O4 - HKU\Ben_Sage_ON_C..\RunOnce: [Shockwave Updater] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Ben_Sage_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/24 17:19:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/22 23:42:28 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2011/03/22 23:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ben Sage\Local Settings\Application Data\AVG Security Toolbar
    [2011/03/22 23:16:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/03/22 23:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
    [2011/03/22 23:16:29 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/03/22 23:16:24 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/03/22 23:16:13 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/03/22 23:16:10 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/03/22 23:15:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2011/03/22 23:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011/03/22 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/03/22 22:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2011/03/22 20:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/03/22 20:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/03/22 18:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ben Sage\Application Data\Malwarebytes
    [2011/03/22 18:19:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/03/22 18:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/22 18:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/03/22 18:19:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/03/22 18:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/22 17:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/23 23:05:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/22 23:16:32 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2011/03/22 23:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
    [2011/03/22 23:16:31 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/03/22 23:16:28 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/03/22 23:16:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/03/22 23:16:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/03/22 23:16:10 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/03/22 23:16:09 | 073,073,025 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/03/22 22:57:46 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ben Sage\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/22 22:57:46 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/03/22 22:53:33 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
    [2011/03/22 22:50:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    [2011/03/22 22:49:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/22 19:07:59 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dxfigiv.sys
    [2011/03/22 18:36:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2011/03/22 18:19:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/22 18:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/22 18:01:46 | 000,002,520 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
    [2011/03/22 14:16:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/22 23:16:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2011/03/22 23:16:10 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/03/22 23:15:52 | 073,073,025 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/03/22 22:57:46 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/22 22:57:46 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/03/22 19:07:59 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\dxfigiv.sys
    [2011/03/22 18:36:00 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2011/03/22 18:19:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/11 17:00:06 | 000,002,520 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
    [2010/08/19 21:00:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lhuceburimuqu.dat
    [2010/08/19 21:00:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rzumoxo.bin
    [2010/07/01 20:41:40 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Application Data\ANICONFIG_{93ECFF78-B7A0-491B-A176-271DFA3284B8}.ini
    [2010/05/22 15:59:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/04/17 21:32:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2010/03/24 14:12:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2010/03/23 22:41:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Local Settings\Application Data\prvlcl.dat
    [2010/03/23 21:38:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2009/12/31 15:34:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/27 21:23:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
    [2009/12/27 21:22:39 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
    [2009/12/27 21:22:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
    [2009/12/27 21:21:45 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
    [2009/12/27 21:21:45 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
    [2009/10/15 23:12:24 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Application Data\ANICONFIG_{678518C6-A5E6-4A4F-8C7E-4EC14B6C51BF}.ini
    [2009/10/04 20:24:07 | 000,045,740 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/09/30 15:36:58 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2009/09/07 11:29:44 | 004,455,865 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/09/06 10:52:04 | 000,828,611 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2009/09/03 11:05:47 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/09/02 16:23:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2009/09/02 16:22:58 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2009/09/02 16:22:40 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2009/09/02 16:22:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2009/09/02 16:22:10 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2009/09/02 16:22:06 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2009/09/02 16:22:00 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2009/09/02 12:45:34 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/09/02 12:38:44 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/09/02 12:35:12 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/09/02 12:01:48 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/08/26 20:55:26 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
    [2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
    [2009/07/30 16:51:36 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2009/07/30 16:51:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2009/07/30 09:10:13 | 000,413,696 | R--- | C] () -- C:\WINDOWS\ZSM1319.EXE
    [2009/07/30 09:10:13 | 000,413,696 | R--- | C] () -- C:\WINDOWS\System32\ZSM1319.EXE
    [2009/07/30 09:10:12 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
    [2009/07/29 22:26:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/07/29 22:19:05 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/27 08:43:27 | 000,002,880 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2009/07/27 08:43:27 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DA9EDAAE01.sys
    [2009/07/24 18:18:17 | 000,193,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynTP.sys
    [2009/07/24 18:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/07/24 17:22:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/07/24 17:15:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/06/07 19:04:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/06/07 19:02:44 | 000,215,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
    [2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
    [2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
    [2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
    [2009/01/10 18:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
    [2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
    [2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
    [2009/01/10 18:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
    [2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
    [2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
    [2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
    [2009/01/10 18:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
    [2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
    [2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
    [2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
    [2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
    [2007/03/08 11:48:36 | 000,198,144 | ---- | C] () -- C:\WINDOWS\asiwikisoxebuxe.dll
    [2007/03/08 11:48:36 | 000,074,752 | ---- | C] () -- C:\WINDOWS\sonmsyc.dll
    [2007/03/08 11:48:36 | 000,034,699 | ---- | C] () -- C:\WINDOWS\System32\hlp.dat
    [2006/01/17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 08:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 08:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 08:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys
    [2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/07/21 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/07/21 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2009/10/22 13:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\Agenda
    [2010/08/18 22:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\B6B3E9022EE7D45D04CA529B991EB4D8
    [2009/09/03 11:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\Blackberry Desktop
    [2010/08/09 21:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\DAEMON Tools Lite
    [2010/03/23 21:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\Leadertech
    [2010/08/02 23:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\LimeWire
    [2009/09/08 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\MSNInstaller
    [2009/09/03 11:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\Research In Motion
    [2010/04/25 21:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\TS3Client
    [2010/08/18 19:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\uTorrent
    [2011/03/22 14:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/03/22 23:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011/03/22 23:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/07/13 21:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
    [2011/03/22 23:16:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/08/09 21:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/03/23 20:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2009/08/26 20:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
    [2009/10/17 01:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2010/04/13 19:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/04/27 12:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/29 22:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/03/22 22:53:33 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Startup.job
    [2010/08/16 08:12:48 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure.job

    ========== Purity Check ==========


    < End of report >
     
    Woodstock,
    #10
  12. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    Won't allow me to post
     
    Last edited: 2011/03/23
    Woodstock,
    #11
  13. 2011/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
DRV - File not found [Kernel | Boot] -- -- (pulckaa)
DRV - File not found [Kernel | System] -- -- (npaa2a9)
DRV - File not found [Kernel | System] -- -- (gjje79a)
DRV - File not found [Kernel | System] -- -- (achaa58)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Tango) - {DCC9EA44-9A10-4C9E-B9CE-2173D806D501} - File not found
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [erosaxwcmn.tmp] File not found
O4 - HKLM..\Run: [INPROCOMMWireless] File not found
O4 - HKLM..\Run: [Yrataqogu] C:\WINDOWS\asiwikisoxebuxe.dll ()
O4 - HKU\Ben_Sage_ON_C..\Run: [Fbubilareju] C:\WINDOWS\sonmsyc.dll ()
O4 - HKU\Ben_Sage_ON_C..\RunOnce: [Shockwave Updater] File not found
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/03/22 18:01:46 | 000,002,520 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/08/19 21:00:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lhuceburimuqu.dat
[2010/08/19 21:00:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rzumoxo.bin
[2010/05/22 15:59:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/27 08:43:27 | 000,002,880 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/07/27 08:43:27 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DA9EDAAE01.sys
[2010/08/18 22:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\B6B3E9022EE7D45D04CA529B991EB4D8
[2011/03/22 14:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
 "Shell "= "Explorer.exe "


:Files

:Commands
[purity]
[emptytemp]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into Windows.
     
    broni,
    #12
  14. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    Where can I find the log
     
    Woodstock,
    #13
  15. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    Error: Unable to interpret < > in the current context!
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pulckaa deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npaa2a9 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gjje79a deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\achaa58 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DCC9EA44-9A10-4C9E-B9CE-2173D806D501} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCC9EA44-9A10-4C9E-B9CE-2173D806D501}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\erosaxwcmn.tmp deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\INPROCOMMWireless deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Yrataqogu deleted successfully.
    C:\WINDOWS\asiwikisoxebuxe.dll moved successfully.
    Registry value HKEY_USERS\Ben_Sage_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Fbubilareju deleted successfully.
    C:\WINDOWS\sonmsyc.dll moved successfully.
    Registry value HKEY_USERS\Ben_Sage_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
    C:\WINDOWS\003314_.tmp deleted successfully.
    C:\WINDOWS\SET100.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\SETF1.tmp deleted successfully.
    C:\WINDOWS\SETF4.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\lsrslt.ini moved successfully.
    C:\WINDOWS\Lhuceburimuqu.dat moved successfully.
    C:\WINDOWS\Rzumoxo.bin moved successfully.
    C:\WINDOWS\system32\ezsidmv.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys moved successfully.
    C:\Documents and Settings\All Users\Application Data\DA9EDAAE01.sys moved successfully.
    C:\Documents and Settings\Ben Sage\Application Data\B6B3E9022EE7D45D04CA529B991EB4D8 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\ "Shell "| "Explorer.exe" /E : value set successfully!
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Ben Sage
    ->Temp folder emptied: 1105925967 bytes
    ->Temporary Internet Files folder emptied: 14740679 bytes
    ->Java cache emptied: 115924422 bytes
    ->FireFox cache emptied: 52529688 bytes
    ->Flash cache emptied: 2159698 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 703198 bytes
    ->FireFox cache emptied: 3663198 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 18749695 bytes
    ->Flash cache emptied: 1757 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 34651176 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77500606 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

    Total Files Cleaned = 1,361.00 mb


    OTLPE by OldTimer - Version 3.1.46.0 log created on 03242011_011555

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Ben Sage\Local Settings\Temp\Temporary Directory 1 for D-Blocks_Front_Man_-_The_Best_of_Jadakiss-(DatPiff.com).zip\Jadakiss - D-Blocks Front Man - The Best of Jadak (DatPiff.com)\Jadakiss_D-Blocks_Front_Man_-_The_Best_of_Jadakis-front-large.jpg not found!

    Registry entries deleted on Reboot...
     
    Woodstock,
    #14
  16. 2011/03/23
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    Same situation.
     
    Woodstock,
    #15
  17. 2011/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks like may have explorer.exe file missing.

    Do you have Windows XP CD?
     
    broni,
    #16
  18. 2011/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Boot from OTLPE CD one more time and....

    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Under the Custom Scan box paste this in:

      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop

    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
    broni,
    #17
  19. 2011/03/24
    Woodstock

    Woodstock Inactive Thread Starter

    Joined:
    2011/03/23
    Messages:
    37
    Likes Received:
    0
    I do not have the disk for xp, I did download a copy onto a dvd disk hoping I could use it to repair but did nothing.
    My results from last scan.....

    OTL logfile created on: 3/24/2011 8:41:43 PM - Run
    OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 307.00 Mb Available Physical Memory | 61.00% Memory free
    454.00 Mb Paging File | 334.00 Mb Available in Paging File | 74.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 66.72 Gb Total Space | 38.81 Gb Free Space | 58.16% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (ANIWZCSdService)
    SRV - [2011/03/22 23:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2008/07/09 09:58:42 | 000,143,360 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
    SRV - [2008/03/27 15:24:46 | 000,348,160 | ---- | M] (Marvell) [Auto] -- C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe -- (HPM1319RcvFaxSrvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (rt2870)
    DRV - File not found [Kernel | On_Demand] -- -- (RimUsb)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- -- (mcdbus)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2011/03/22 23:16:28 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2011/03/22 23:16:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2011/03/22 23:16:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/08/09 21:05:08 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/09/25 13:10:43 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2008/09/12 12:37:40 | 000,443,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8192u.sys -- (RTL8192u)
    DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2008/03/27 15:21:38 | 000,013,824 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HP1319FAX.sys -- (HP1319FAX)
    DRV - [2008/03/27 15:21:36 | 000,012,800 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HP1319EWS.sys -- (HP1319EWS)
    DRV - [2007/05/12 17:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
    DRV - [2007/05/10 18:28:00 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/06/13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2006/06/01 08:55:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2006/04/10 14:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
    DRV - [2006/01/25 10:44:52 | 000,488,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2006/01/17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006/01/17 10:19:46 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
    DRV - [2006/01/17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/01/17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006/01/17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2005/12/13 23:08:00 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\Ben_Sage_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKU\Ben_Sage_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

    IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes


    FF - HKLM\software\mozilla\Firefox\extensions\\{A922CF20-CFF6-43F0-B526-940D70ED19AA}: C:\Documents and Settings\Ben Sage\Local Settings\Application Data\{A922CF20-CFF6-43F0-B526-940D70ED19AA} [2010/08/19 21:00:52 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/03/22 23:13:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/03/22 23:15:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 22:03:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 11:37:49 | 000,000,000 | ---D | M]

    [2011/03/22 23:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKU\Ben_Sage_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ANIWZCS2Service] File not found
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files\D-Link\DWA-130\AirNCFG.exe (D-Link)
    O4 - HKLM..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
    O4 - HKU\Ben_Sage_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\Ben_Sage_ON_C..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
    O4 - HKU\Ben_Sage_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Ben_Sage_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/24 17:19:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/24 01:16:04 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
    [2011/03/24 01:15:55 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/03/22 23:42:28 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2011/03/22 23:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ben Sage\Local Settings\Application Data\AVG Security Toolbar
    [2011/03/22 23:16:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/03/22 23:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
    [2011/03/22 23:16:29 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/03/22 23:16:24 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/03/22 23:16:13 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/03/22 23:16:10 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/03/22 23:15:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2011/03/22 23:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011/03/22 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/03/22 22:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2011/03/22 20:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/03/22 20:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/03/22 18:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ben Sage\Application Data\Malwarebytes
    [2011/03/22 18:19:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/03/22 18:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/22 18:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/03/22 18:19:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/03/22 18:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/22 17:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

    ========== Files - Modified Within 30 Days ==========

    [2011/03/24 18:12:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/22 23:16:32 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2011/03/22 23:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
    [2011/03/22 23:16:31 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/03/22 23:16:28 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/03/22 23:16:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/03/22 23:16:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/03/22 23:16:10 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/03/22 23:16:09 | 073,073,025 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/03/22 22:57:46 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ben Sage\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/22 22:57:46 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/03/22 22:53:33 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
    [2011/03/22 22:50:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    [2011/03/22 22:49:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/22 19:07:59 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dxfigiv.sys
    [2011/03/22 18:36:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2011/03/22 18:19:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/22 18:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/22 14:16:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/03/06 18:12:59 | 002,234,368 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

    ========== Files Created - No Company Name ==========

    [2011/03/22 23:16:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2011/03/22 23:16:10 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/03/22 23:15:52 | 073,073,025 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/03/22 22:57:46 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/22 22:57:46 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/03/22 19:07:59 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\dxfigiv.sys
    [2011/03/22 18:36:00 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2011/03/22 18:19:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/07/01 20:41:40 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Application Data\ANICONFIG_{93ECFF78-B7A0-491B-A176-271DFA3284B8}.ini
    [2010/04/17 21:32:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2010/03/24 14:12:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2010/03/23 22:41:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Local Settings\Application Data\prvlcl.dat
    [2010/03/23 21:38:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2009/12/31 15:34:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/27 21:23:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
    [2009/12/27 21:22:39 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
    [2009/12/27 21:22:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
    [2009/12/27 21:21:45 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
    [2009/12/27 21:21:45 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
    [2009/10/15 23:12:24 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Application Data\ANICONFIG_{678518C6-A5E6-4A4F-8C7E-4EC14B6C51BF}.ini
    [2009/10/04 20:24:07 | 000,045,740 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/09/30 15:36:58 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2009/09/07 11:29:44 | 004,455,865 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/09/06 10:52:04 | 000,828,611 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2009/09/03 11:05:47 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/09/02 16:23:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2009/09/02 16:22:58 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2009/09/02 16:22:40 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2009/09/02 16:22:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2009/09/02 16:22:10 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2009/09/02 16:22:06 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2009/09/02 16:22:00 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2009/09/02 12:45:34 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/09/02 12:38:44 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/09/02 12:35:12 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/09/02 12:01:48 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/08/26 20:55:26 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
    [2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
    [2009/07/30 16:51:36 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2009/07/30 16:51:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2009/07/30 09:10:13 | 000,413,696 | R--- | C] () -- C:\WINDOWS\ZSM1319.EXE
    [2009/07/30 09:10:13 | 000,413,696 | R--- | C] () -- C:\WINDOWS\System32\ZSM1319.EXE
    [2009/07/30 09:10:12 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
    [2009/07/29 22:26:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/07/29 22:19:05 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Ben Sage\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/24 18:18:17 | 000,193,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynTP.sys
    [2009/07/24 18:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/07/24 17:22:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/07/24 17:15:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/06/07 19:04:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/06/07 19:02:44 | 000,215,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
    [2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
    [2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
    [2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
    [2009/01/10 18:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
    [2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
    [2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
    [2009/01/10 18:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
    [2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
    [2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
    [2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
    [2009/01/10 18:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
    [2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
    [2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
    [2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
    [2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
    [2007/03/08 11:48:36 | 000,034,699 | ---- | C] () -- C:\WINDOWS\System32\hlp.dat
    [2006/01/17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 08:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 08:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 08:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys
    [2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/07/21 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/07/21 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2009/10/22 13:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\Agenda
    [2009/09/03 11:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\Blackberry Desktop
    [2010/08/09 21:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\DAEMON Tools Lite
    [2010/03/23 21:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\Leadertech
    [2010/08/02 23:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\LimeWire
    [2009/09/08 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\MSNInstaller
    [2009/09/03 11:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\Research In Motion
    [2010/04/25 21:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\TS3Client
    [2010/08/18 19:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben Sage\Application Data\uTorrent
    [2011/03/22 23:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011/03/22 23:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/07/13 21:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
    [2011/03/22 23:16:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/08/09 21:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/03/23 20:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2009/08/26 20:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
    [2009/10/17 01:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2010/04/13 19:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/04/27 12:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/29 22:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/03/22 22:53:33 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Startup.job
    [2010/08/16 08:12:48 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure.job

    ========== Purity Check ==========



    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    < End of report >
     
    Woodstock,
    #18
  20. 2011/03/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, we have couple of system files missing from its designed locations, but the good news is, you have some replacements on your hard drive.
    I just got home, but I can see, you're online, so I'm posting this to let you know, we'll try to fix it.

    Hold on there....
     
    broni,
    #19
  21. 2011/03/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Boot from OTLPE again.
    When you get to desktop, open File Manager.

    Now, make sure you read the following very carefully, so you place correct file in correct locations.

    Navigate to C:\WINDOWS\ServicePackFiles\i386 folder, copy explorer.exe file from there and paste it in C:\WINDOWS folder.

    From the very same folder (C:\WINDOWS\ServicePackFiles\i386) copy winlogon.exe file and paste it in C:\WINDOWS\system32 folder.

    Attempt to start Windows normally.

    I have some other emails to check, so it may take a bit before I got back here.
     
    broni,
    #20
Page 1 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...