WiredWX Hobby Weather ToolsLog in

 


"XP Antivirus Pro 2010" infection...No success in deleting at all!

2 posters

description"XP Antivirus Pro 2010" infection...No success in deleting at all! Empty"XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Can you help? I've had no success...no money for good programs...I'm almost bawling...please help...

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
OTL.Txt









OTL logfile created on: 2/27/2010 6:56:11 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 401.36 Gb Free Space | 86.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-B76099523F
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/27 18:55:29 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2010/02/26 17:45:34 | 000,186,368 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\av.exe
PRC - [2010/01/21 18:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/12/11 16:17:03 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/12/11 16:16:55 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/12/08 10:32:18 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/12/08 10:32:14 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/12/08 10:32:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/10/03 04:08:38 | 000,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/13 18:51:24 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 18:49:22 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2007/09/25 01:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/08/15 02:49:26 | 000,063,040 | ---- | M] () -- C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
PRC - [2006/07/13 00:33:14 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
PRC - [2006/07/13 00:22:50 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
PRC - [2006/04/17 12:42:14 | 000,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2006/04/17 12:41:24 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2006/03/23 20:17:50 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/23 20:13:40 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/10/31 20:42:40 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


========== Modules (SafeList) ==========

MOD - [2010/02/27 18:55:29 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/21 18:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/11 16:16:55 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/12/08 10:32:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/15 02:49:26 | 000,063,040 | ---- | M] () [Auto | Running] -- C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- (PnkBstrA)
SRV - [2006/04/17 12:42:14 | 000,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2010/01/30 23:07:49 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009/12/08 10:32:18 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/08 10:32:18 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/29 17:17:44 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/29 16:22:24 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/08/28 16:52:36 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/04/15 13:45:46 | 000,519,168 | ---- | M] (Atheros Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanGZXP.SYS -- (ZG760_XP)
DRV - [2008/04/15 13:45:46 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2008/04/15 13:45:44 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2008/04/14 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/23 20:47:06 | 001,166,972 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/03/22 11:08:40 | 000,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://z4.invisionfree.com/Happy_Tree_Forums/index.php"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 16:06:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 16:06:58 | 000,000,000 | ---D | M]

[2009/12/08 15:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/02/26 19:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p9khj3ef.default\extensions
[2009/12/08 16:04:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p9khj3ef.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/08 15:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/02 14:47:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-202 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL G-202\ZyXEL G-202.exe (ZyXEL Communications Corp.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/25 12:12:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 18:03:38 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/26 18:03:37 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/26 18:03:37 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/02/26 18:03:37 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/26 18:01:28 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/26 18:01:12 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/26 18:01:12 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/26 18:01:02 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/26 18:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/26 18:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/26 18:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PC Tools
[2010/02/26 18:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/26 18:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/20 00:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/02/20 00:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/20 00:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/19 23:53:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/19 23:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/02 15:41:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/02 14:50:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/02 10:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Old RP's
[2010/02/02 09:53:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/02 09:51:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/02 09:51:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/02 09:51:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/02 09:51:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/02 09:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/02 09:43:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/31 23:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Microsoft Games
[2010/01/31 23:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Games
[2010/01/31 23:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2009/12/16 06:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/29 17:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/29 17:07:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/29 17:07:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/27 18:53:43 | 000,010,986 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\SlfBpB8
[2010/02/27 18:53:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/27 18:52:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/27 18:52:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 19:38:37 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/02/26 19:38:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/02/26 18:53:29 | 056,305,693 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/26 18:01:05 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/26 17:55:13 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\User\My Documents\exefix.reg
[2010/02/26 17:49:00 | 000,021,391 | ---- | M] () -- C:\Documents and Settings\User\My Documents\20. Were Leopard Pan.odt
[2010/02/26 17:45:34 | 000,186,368 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\av.exe
[2010/02/26 16:36:40 | 000,026,577 | ---- | M] () -- C:\Documents and Settings\User\My Documents\9. Feral 2.odt
[2010/02/25 20:53:54 | 000,028,562 | ---- | M] () -- C:\Documents and Settings\User\My Documents\8. Feral Level.odt
[2010/02/25 16:49:28 | 000,021,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\18. General.odt
[2010/02/23 22:49:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 16:36:31 | 000,018,243 | ---- | M] () -- C:\Documents and Settings\User\My Documents\19. Pet.odt
[2010/02/21 14:14:20 | 000,023,142 | ---- | M] () -- C:\Documents and Settings\User\My Documents\17. Li's Mind.odt
[2010/02/20 22:47:13 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 17:25:21 | 000,021,554 | ---- | M] () -- C:\Documents and Settings\User\My Documents\16. Another new.odt
[2010/02/20 00:11:22 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/20 00:11:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/20 00:11:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/19 19:52:34 | 000,022,411 | ---- | M] () -- C:\Documents and Settings\User\My Documents\15. New Character.odt
[2010/02/18 18:01:18 | 000,016,805 | ---- | M] () -- C:\Documents and Settings\User\My Documents\14. Rita Vores.odt
[2010/02/17 18:54:15 | 000,022,181 | ---- | M] () -- C:\Documents and Settings\User\My Documents\13. Li's Insanity.odt
[2010/02/16 18:11:42 | 000,023,564 | ---- | M] () -- C:\Documents and Settings\User\My Documents\12. Rita Visits.odt
[2010/02/14 17:06:06 | 000,024,972 | ---- | M] () -- C:\Documents and Settings\User\My Documents\un.odt
[2010/02/14 16:52:57 | 000,020,968 | ---- | M] () -- C:\Documents and Settings\User\My Documents\11. Weapons.odt
[2010/02/13 22:07:49 | 001,580,722 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/02/13 19:57:47 | 000,014,967 | ---- | M] () -- C:\Documents and Settings\User\My Documents\10. Sleep Vore.odt
[2010/02/13 12:04:12 | 000,020,192 | ---- | M] () -- C:\Documents and Settings\User\My Documents\conversation.odt
[2010/02/11 16:53:38 | 000,014,128 | ---- | M] () -- C:\Documents and Settings\User\My Documents\7. Kody.odt
[2010/02/11 16:40:06 | 000,014,133 | ---- | M] () -- C:\Documents and Settings\User\My Documents\6. Li's Preg AGAIN.odt
[2010/02/10 16:36:06 | 000,017,991 | ---- | M] () -- C:\Documents and Settings\User\My Documents\5. Li and Laya Inflation.odt
[2010/02/09 21:17:35 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/09 16:42:32 | 000,020,462 | ---- | M] () -- C:\Documents and Settings\User\My Documents\4. Charlie & Ferals.odt
[2010/02/07 13:37:20 | 000,023,264 | ---- | M] () -- C:\Documents and Settings\User\My Documents\3. The Thing.odt
[2010/02/06 14:01:05 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Forgotten Hope.lnk
[2010/02/05 19:56:55 | 000,023,690 | ---- | M] () -- C:\Documents and Settings\User\My Documents\2. Rita School Again.odt
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/03 16:45:21 | 000,020,821 | ---- | M] () -- C:\Documents and Settings\User\My Documents\2. Rita School.odt
[2010/02/02 16:48:42 | 000,017,135 | ---- | M] () -- C:\Documents and Settings\User\My Documents\1. Pan and Jayde.odt
[2010/02/02 14:51:28 | 000,023,372 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ComboFix report2.odt
[2010/02/02 14:47:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/02 14:40:31 | 003,843,928 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/02/02 10:57:16 | 000,014,304 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/02 10:17:06 | 000,023,747 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ComboFix report.odt
[2010/01/31 23:43:49 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zoo Tycoon 2 Endangered Species.lnk
[2010/01/30 23:07:49 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/01/30 19:55:15 | 000,000,297 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2010/01/30 14:14:40 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys

========== Files Created - No Company Name ==========

[2010/02/26 18:03:38 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/26 18:03:38 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/26 18:03:38 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/26 18:03:38 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/26 18:03:38 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/26 18:03:38 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/26 18:01:28 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/26 18:01:12 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/26 18:01:12 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/26 18:01:05 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/26 18:01:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/26 17:55:13 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\User\My Documents\exefix.reg
[2010/02/26 17:48:59 | 000,021,391 | ---- | C] () -- C:\Documents and Settings\User\My Documents\20. Were Leopard Pan.odt
[2010/02/26 17:45:35 | 000,010,986 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\SlfBpB8
[2010/02/26 17:45:34 | 000,186,368 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\av.exe
[2010/02/23 16:36:30 | 000,018,243 | ---- | C] () -- C:\Documents and Settings\User\My Documents\19. Pet.odt
[2010/02/22 16:36:12 | 000,021,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\18. General.odt
[2010/02/21 12:18:42 | 000,023,142 | ---- | C] () -- C:\Documents and Settings\User\My Documents\17. Li's Mind.odt
[2010/02/20 11:13:25 | 000,021,554 | ---- | C] () -- C:\Documents and Settings\User\My Documents\16. Another new.odt
[2010/02/19 17:40:30 | 000,022,411 | ---- | C] () -- C:\Documents and Settings\User\My Documents\15. New Character.odt
[2010/02/18 17:17:37 | 000,016,805 | ---- | C] () -- C:\Documents and Settings\User\My Documents\14. Rita Vores.odt
[2010/02/17 16:45:04 | 000,022,181 | ---- | C] () -- C:\Documents and Settings\User\My Documents\13. Li's Insanity.odt
[2010/02/14 20:03:02 | 000,023,564 | ---- | C] () -- C:\Documents and Settings\User\My Documents\12. Rita Visits.odt
[2010/02/14 13:08:39 | 000,020,968 | ---- | C] () -- C:\Documents and Settings\User\My Documents\11. Weapons.odt
[2010/02/14 12:45:09 | 000,024,972 | ---- | C] () -- C:\Documents and Settings\User\My Documents\un.odt
[2010/02/13 19:57:46 | 000,014,967 | ---- | C] () -- C:\Documents and Settings\User\My Documents\10. Sleep Vore.odt
[2010/02/13 14:03:42 | 000,026,577 | ---- | C] () -- C:\Documents and Settings\User\My Documents\9. Feral 2.odt
[2010/02/13 10:44:47 | 000,020,192 | ---- | C] () -- C:\Documents and Settings\User\My Documents\conversation.odt
[2010/02/12 17:37:10 | 000,028,562 | ---- | C] () -- C:\Documents and Settings\User\My Documents\8. Feral Level.odt
[2010/02/11 16:53:38 | 000,014,128 | ---- | C] () -- C:\Documents and Settings\User\My Documents\7. Kody.odt
[2010/02/11 16:40:05 | 000,014,133 | ---- | C] () -- C:\Documents and Settings\User\My Documents\6. Li's Preg AGAIN.odt
[2010/02/10 16:36:05 | 000,017,991 | ---- | C] () -- C:\Documents and Settings\User\My Documents\5. Li and Laya Inflation.odt
[2010/02/09 21:17:35 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/08 16:54:13 | 000,020,462 | ---- | C] () -- C:\Documents and Settings\User\My Documents\4. Charlie & Ferals.odt
[2010/02/06 14:01:53 | 000,023,264 | ---- | C] () -- C:\Documents and Settings\User\My Documents\3. The Thing.odt
[2010/02/06 14:01:05 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Forgotten Hope.lnk
[2010/02/04 16:46:34 | 000,023,690 | ---- | C] () -- C:\Documents and Settings\User\My Documents\2. Rita School Again.odt
[2010/02/03 13:57:23 | 000,020,821 | ---- | C] () -- C:\Documents and Settings\User\My Documents\2. Rita School.odt
[2010/02/02 14:51:28 | 000,023,372 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ComboFix report2.odt
[2010/02/02 14:37:15 | 003,843,928 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/02/02 14:34:53 | 000,017,135 | ---- | C] () -- C:\Documents and Settings\User\My Documents\1. Pan and Jayde.odt
[2010/02/02 10:17:06 | 000,023,747 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ComboFix report.odt
[2010/02/02 09:53:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/02 09:53:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/02 09:51:47 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/02 09:51:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/02 09:51:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/02 09:51:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/02 09:51:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/31 23:43:49 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zoo Tycoon 2 Endangered Species.lnk
[2010/01/30 19:55:15 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2009/12/19 12:59:06 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 20:20:20 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/12/05 21:10:55 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/12/05 15:33:34 | 000,000,580 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/12/03 19:01:36 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/12/03 19:01:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/12/03 16:04:39 | 000,000,248 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/12/03 16:04:36 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/06/19 09:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 08:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/01/30 07:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2002/11/13 02:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Extras.Txt








OTL Extras logfile created on: 2/27/2010 6:56:11 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 401.36 Gb Free Space | 86.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-B76099523F
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Documents and Settings\User\Local Settings\Application Data\av.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\ZyXEL G-202\ZyXEL G-202.exe" = C:\Program Files\ZyXEL G-202\ZyXEL G-202.exe:*:Disabled:ZyXEL G-202 Wireless Adapter Utility -- (ZyXEL Communications Corp.)
"C:\Program Files\EA GAMES\American McGee's Alice\alice.exe" = C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice -- (Rogue Entertainment)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49F09453-8205-48CF-ADE6-29CE6B509669}" = SmartFTP Client
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice(tm)
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{824539D7-D27E-4CC3-B36F-6404B5EB726B}" = Medal of Honor Pacific Assault(tm) Patch2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = ZyXEL G-202 Wireless Adapter Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"AVG8Uninstall" = AVG Free 8.5
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Forgotten Hope" = Forgotten Hope 0.70
"Fraps" = Fraps
"GameSpy Arcade" = GameSpy Arcade
"Half-Life" = Half-Life
"Half-Life: Blue Shift" = Half-Life: Blue Shift
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"ie8" = Windows Internet Explorer 8
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Railroad Tycoon 2 Platinum" = Railroad Tycoon 2 Platinum
"Sierra Utilities" = Sierra Utilities
"SimCity2000CDv1" = SimCity 2000®️ Special Edition
"Spyware Doctor" = Spyware Doctor 7.0
"Steam(TM)" = Steam(TM)
"Tropico 3_is1" = Tropico 3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"World War III Black Gold" = World War III Black Gold
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zoo Tycoon 2" = Zoo Tycoon 2 Endangered Species

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2010 11:50:34 AM | Computer Name = USER-B76099523F | Source = Application Hang | ID = 1001
Description = Fault bucket 10408654.

Error - 1/24/2010 11:50:34 AM | Computer Name = USER-B76099523F | Source = Application Hang | ID = 1001
Description = Fault bucket 10408654.

Error - 1/24/2010 7:12:49 PM | Computer Name = USER-B76099523F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/24/2010 7:24:42 PM | Computer Name = USER-B76099523F | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/1/2010 1:40:07 PM | Computer Name = USER-B76099523F | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 10.0.0.1102, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/1/2010 2:09:40 PM | Computer Name = USER-B76099523F | Source = Application Hang | ID = 1002
Description = Hanging application SimCity 4.exe, version 1.1.610.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/3/2010 12:56:01 PM | Computer Name = USER-B76099523F | Source = Application Hang | ID = 1002
Description = Hanging application lxczaiox.exe, version 1.0.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/3/2010 3:49:01 PM | Computer Name = USER-B76099523F | Source = Application Error | ID = 1000
Description = Faulting application bf1942.exe, version 0.0.0.0, faulting module
msvcr70.dll, version 7.0.9466.0, fault address 0x0000133d.

Error - 2/4/2010 7:36:15 PM | Computer Name = USER-B76099523F | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 3:44:41 PM | Computer Name = USER-B76099523F | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 10.0.0.1102, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0023e794.

[ System Events ]
Error - 2/20/2010 12:59:38 AM | Computer Name = USER-B76099523F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/20/2010 1:00:52 AM | Computer Name = USER-B76099523F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/20/2010 1:03:20 AM | Computer Name = USER-B76099523F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/20/2010 1:03:39 AM | Computer Name = USER-B76099523F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/20/2010 1:06:47 AM | Computer Name = USER-B76099523F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/20/2010 1:07:07 AM | Computer Name = USER-B76099523F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/20/2010 1:07:51 AM | Computer Name = USER-B76099523F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm

Error - 2/20/2010 1:08:19 AM | Computer Name = USER-B76099523F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/20/2010 1:44:04 AM | Computer Name = USER-B76099523F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 2/26/2010 7:24:05 PM | Computer Name = USER-B76099523F | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Lexmark 1200 Series share name
Printer2.


< End of report >

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Hello.

We may have a deeper problem than what I suspected, but we'll see.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/02/26 17:45:34 | 000,186,368 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\av.exe
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2010/02/26 17:45:34 | 000,186,368 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\av.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
The fix log won't appear...I've tried multiple times...

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Hello.
There should be a log file inside this folder:
C:\_OTL

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Hope this is the right one...


========== OTL ==========
Process av.exe killed successfully!
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\av.exe moved successfully.

OTL by OldTimer - Version 3.1.30.3 log created on 02272010_204809

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
That's the one. Right On! I want to do a check for a rootkit, but I see traces of Combofix, so I think that has fixed it.


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
All is get is an "open with" window and list of programs.

Then again, I didn't know how to save to desktop before extracting.

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Hello.

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

It's a zip file, so you should be able to open it like a folder.

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
exeHelper by Raktor
Build 20091220
Run at 21:10:51 on 02/27/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Are you able to run TDSSKiller?

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Okay, I double click on TDSS in the downloads window (the one that automatically pops p when download starts), then the widow comes up with "Eula" and "TDSSKiller." I double-click on the latter, go to "extract all," set it to save them to desktop. I double click on that or try start & run, but either way, when I hit "Run," I get the "Open With?" list. ...In fact, it does this with several programs...including MSPaint, so I can't get screenshots.

On an unrelated note, my E-mail inbox shows a message from "Servimg" about my account being created...not sure it I should open, I don't remember sch a site.

EDIT: okay, now I can't even start any programs...the thing that automatically pops up that allows internet to start won't happen. I can't remember what it was, Mom is forcing me off because she says I'll do the same to this computer...

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
Hello.

No biggy, we can repair this, it's not your fault, the malware has changed the file association with exe, that's why exeHelper can be run fine because it doesn't use .exe, but the rest of our tools do.

Can you see file extensions on the end of files?

description"XP Antivirus Pro 2010" infection...No success in deleting at all! EmptyRe: "XP Antivirus Pro 2010" infection...No success in deleting at all!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum