need sum help...pleez

ive been using Utorrent and lime wire a lot lately and im guessing thats probably where i picked up some of these infections. Basically i dont have any real anti virus tools other than the crappy norton virus that came with the machine. now my windows defended keeps opening all these crazy windows telling me that there is a trillion infections and keeps sending me to websites for removal tools. I ve tried downloading some removal tools but they only scan your computer and then suggest that you pay like 50 dollars for the full program(ya rite), so here i am..Any suggestions...activeX controlls dont work and sometimes i cant run certain removal tools...THNX

Lets run a rootkit scan.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

I did exactly as you said but it would not go through for sum reason..this is the message that i got multiple times...

error;could not set driver imagepath.aborting execution! (error 0 :the operation completed successfully.)

Okay, lets skip the avenger for now and see what this says.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-02-01.01) - NTFSx86
Run by Fatima at 12:30:29.04 on Thu 02/26/2009
Internet Explorer: 7.0.6001.18000
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3061.1540 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Fatima\AppData\Local\Temp\a.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Fatima\AppData\Local\Temp\~tmpa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Fatima\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080802
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MSFox] c:\users\fatima\appdata\local\temp\a.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [815608714] "c:\programdata\1824161404\815608714.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Cleanup] C:\cleanup.exe
StartupFolder: c:\users\fatima\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: sonicwall.com\sslvpn
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.rex-corp.net/XTSAC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-2-26 130424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-1 73728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-1-9 149864]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-26 348752]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-1 111616]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-26 38496]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-8-1 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-8-1 7424]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-8-1 180272]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

=============== Created Last 30 ================

2009-02-26 11:51 --d----- c:\users\fatima\appdata\roaming\Malwarebytes
2009-02-26 11:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-26 11:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-26 11:51 --d----- c:\programdata\Malwarebytes
2009-02-26 11:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-26 11:51 --d----- c:\progra~2\Malwarebytes
2009-02-26 11:05 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-02-26 11:05 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-02-26 11:05 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-26 11:05 a-d----- c:\programdata\TEMP
2009-02-26 11:05 --d----- c:\program files\common files\PC Tools
2009-02-26 11:05 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-02-26 11:05 --d----- c:\users\fatima\appdata\roaming\PC Tools
2009-02-26 11:05 --d----- c:\programdata\PC Tools
2009-02-26 11:05 --d----- c:\program files\Spyware Doctor
2009-02-26 11:05 --d----- c:\progra~2\PC Tools
2009-02-26 10:48 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-26 10:48 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-26 10:48 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-26 10:48 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-26 10:48 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-26 10:48 11,264 a------- c:\windows\system32\icardres.dll
2009-02-26 10:48 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-26 10:48 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-26 10:44 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-26 10:44 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-26 10:44 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-26 10:43 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-26 10:43 83,968 a------- c:\windows\system32\mscories.dll
2009-02-26 10:17 --d----- c:\programdata\1824161404
2009-02-26 10:17 --d----- c:\progra~2\1824161404
2009-02-26 08:49 --d----- c:\program files\Trend Micro
2009-02-26 07:49 --d----- c:\users\fatima\appdata\roaming\Logs
2009-02-14 19:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-14 19:37 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-14 19:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-14 19:37 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-14 19:37 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-13 22:01 --d----- c:\program files\BitPim
2009-02-13 21:00 --d----- c:\programdata\AVS4YOU
2009-02-13 21:00 --d----- c:\progra~2\AVS4YOU
2009-02-13 21:00 --d----- c:\program files\common files\AVSMedia
2009-02-13 21:00 24,576 a------- c:\windows\system32\msxml3a.dll
2009-02-13 21:00 --d----- c:\program files\AVS4YOU
2009-02-13 17:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-13 17:42 --d----- c:\program files\common files\Real
2009-02-13 17:41 22,912 a------- c:\windows\system32\drivers\lgusbmodem.sys
2009-02-13 17:41 21,248 a------- c:\windows\system32\drivers\lgusbdiag.sys
2009-02-13 17:41 12,672 a------- c:\windows\system32\drivers\lgusbbus.sys
2009-02-13 17:41 --d----- c:\program files\LG Electronics
2009-02-13 17:39 --d----- c:\program files\V CAST Music with Rhapsody
2009-02-11 04:15 --d----- c:\program files\Amazon
2009-02-10 20:26 827,392 a------- c:\windows\system32\wininet.dll
2009-02-10 20:26 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-10 19:29 --d----- c:\users\fatima\appdata\roaming\uTorrent
2009-02-07 04:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-02-07 04:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-02-04 19:05 --d----- c:\users\fatima\appdata\roaming\LimeWire
2009-02-04 19:05 --d----- c:\program files\LimeWire

==================== Find3M ====================

2009-02-13 17:42 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-13 17:42 51,200 a------- c:\windows\inf\infpub.dat
2009-02-13 17:42 86,016 a------- c:\windows\inf\infstor.dat
2009-01-24 19:28 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-09-22 18:43 0 a------- c:\users\fatima\appdata\roaming\wklnhst.dat
2008-09-11 22:48 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:31:05.03 ===============

Hello.
Well atleast we have something now.

Are you running Norton on trial?

I see that you are running Limewire uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight Limewire and uTorrent
  
• Click on the Uninstall/Change button at the top.
  

Please let me know if you followed my advice and uninstalled them.

Please see here to disable your protection programs while we do this. [Windows Defender, Spyware Doctor, and Symantec]
http://www.bleepingcomputer.com/forums/index.php?showtopic=114351

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\progra~2\1824161404
  c:\programdata\1824161404
  
  :commands
  [emptytemp]
  [reboot]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Last edited by Belahzur on 26th February 2009, 7:02 pm; edited 1 time in total

i removed lime wire and utorrent and ran the program that you had suggested. after i rebooted the computer I re opened the program and this is pretty much what i got...now the computer seems alright right now as far as i can tell and also that spyware2009 app seems to be gone which is a plus since it was geting on my last nerve...anyway

========== FILES ==========
File/Folder C:\cleanup.exe not found.
Folder move failed. c:\programdata\1824161404 scheduled to be moved on reboot.
Folder move failed. c:\progra~2\1824161404 scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSFox deleted successfully.
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\815608714 .
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Cleanup not found.
Error: Unable to interpret <:comamnds> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[reboot]> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02262009_125252

Files moved on Reboot...
Folder move failed. c:\programdata\1824161404 scheduled to be moved on reboot.
Folder move failed. c:\progra~2\1824161404 scheduled to be moved on reboot.

Hello.
Not sure it's gone, please run a new DDS scan and post the log.

aigh


DDS (Ver_09-02-01.01) - NTFSx86
Run by Fatima at 13:29:24.71 on Thu 02/26/2009
Internet Explorer: 7.0.6001.18000
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3061.1707 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Fatima\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080802
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [815608714] "c:\programdata\1824161404\815608714.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\fatima\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: sonicwall.com\sslvpn
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.rex-corp.net/XTSAC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-2-26 130424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-1 73728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-1-9 149864]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-26 348752]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-1 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-8-1 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-8-1 7424]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-8-1 180272]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

=============== Created Last 30 ================

2009-02-26 12:52 --d----- C:\_OTMoveIt
2009-02-26 11:51 --d----- c:\users\fatima\appdata\roaming\Malwarebytes
2009-02-26 11:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-26 11:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-26 11:51 --d----- c:\programdata\Malwarebytes
2009-02-26 11:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-26 11:51 --d----- c:\progra~2\Malwarebytes
2009-02-26 11:05 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-02-26 11:05 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-02-26 11:05 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-26 11:05 a-d----- c:\programdata\TEMP
2009-02-26 11:05 --d----- c:\program files\common files\PC Tools
2009-02-26 11:05 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-02-26 11:05 --d----- c:\users\fatima\appdata\roaming\PC Tools
2009-02-26 11:05 --d----- c:\programdata\PC Tools
2009-02-26 11:05 --d----- c:\program files\Spyware Doctor
2009-02-26 11:05 --d----- c:\progra~2\PC Tools
2009-02-26 10:48 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-26 10:48 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-26 10:48 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-26 10:48 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-26 10:48 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-26 10:48 11,264 a------- c:\windows\system32\icardres.dll
2009-02-26 10:48 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-26 10:48 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-26 10:44 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-26 10:44 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-26 10:44 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-26 10:43 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-26 10:43 83,968 a------- c:\windows\system32\mscories.dll
2009-02-26 10:17 --d----- c:\programdata\1824161404
2009-02-26 10:17 --d----- c:\progra~2\1824161404
2009-02-26 08:49 --d----- c:\program files\Trend Micro
2009-02-26 07:49 --d----- c:\users\fatima\appdata\roaming\Logs
2009-02-14 19:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-14 19:37 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-14 19:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-14 19:37 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-14 19:37 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-13 22:01 --d----- c:\program files\BitPim
2009-02-13 21:00 --d----- c:\programdata\AVS4YOU
2009-02-13 21:00 --d----- c:\progra~2\AVS4YOU
2009-02-13 21:00 --d----- c:\program files\common files\AVSMedia
2009-02-13 21:00 24,576 a------- c:\windows\system32\msxml3a.dll
2009-02-13 21:00 --d----- c:\program files\AVS4YOU
2009-02-13 17:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-13 17:42 --d----- c:\program files\common files\Real
2009-02-13 17:41 22,912 a------- c:\windows\system32\drivers\lgusbmodem.sys
2009-02-13 17:41 21,248 a------- c:\windows\system32\drivers\lgusbdiag.sys
2009-02-13 17:41 12,672 a------- c:\windows\system32\drivers\lgusbbus.sys
2009-02-13 17:41 --d----- c:\program files\LG Electronics
2009-02-13 17:39 --d----- c:\program files\V CAST Music with Rhapsody
2009-02-11 04:15 --d----- c:\program files\Amazon
2009-02-10 20:26 827,392 a------- c:\windows\system32\wininet.dll
2009-02-10 20:26 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-10 19:29 --d----- c:\users\fatima\appdata\roaming\uTorrent
2009-02-07 04:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-02-07 04:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-02-04 19:05 --d----- c:\users\fatima\appdata\roaming\LimeWire
2009-02-04 19:05 --d----- c:\program files\LimeWire

==================== Find3M ====================

2009-02-13 17:42 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-13 17:42 51,200 a------- c:\windows\inf\infpub.dat
2009-02-13 17:42 86,016 a------- c:\windows\inf\infstor.dat
2009-01-24 19:28 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-09-22 18:43 0 a------- c:\users\fatima\appdata\roaming\wklnhst.dat
2008-09-11 22:48 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:30:04.72 ===============

Okay, first lets remove the run value, the have MBAM do the rest.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "815608714"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Cleanup"=-
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.34
Database version: 1806
Windows 6.0.6001 Service Pack 1

2/26/2009 1:51:06 PM
mbam-log-2009-02-26 (13-51-06).txt

Scan type: Quick Scan
Objects scanned: 57954
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\stone\AppData\Local\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Okay, now we've removed the run values, lets see if OTMoveIt can delete them.

• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\progra~2\1824161404
  c:\programdata\1824161404
  
  :commands
  [emptytemp]
  [reboot]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
Folder move failed. c:\progra~2\1824161404 scheduled to be moved on reboot.
Folder move failed. c:\programdata\1824161404 scheduled to be moved on reboot.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02262009_141521

Files moved on Reboot...
Folder move failed. c:\progra~2\1824161404 scheduled to be moved on reboot.
Folder move failed. c:\programdata\1824161404 scheduled to be moved on reboot.

These folders do not want to die.
See if the avenger will run.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
c:\progra~2\1824161404
c:\programdata\1824161404

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

yea tell me about it, can't i just remove them manually...? P>S more good news!

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Thu Feb 26 12:09:46 2009

12:09:46: Error: Could not set driver ImagePath.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Thu Feb 26 12:10:27 2009

12:09:54: Error: Could not set driver ImagePath.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Thu Feb 26 12:10:48 2009

12:10:43: Error: Could not set driver ImagePath.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Thu Feb 26 12:15:37 2009

12:15:37: Error: Could not set driver ImagePath.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Thu Feb 26 12:15:46 2009

12:15:45: Error: Could not set driver ImagePath.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Thu Feb 26 14:43:32 2009

14:43:32: Error: Could not set driver ImagePath.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\progra~2\1824161404" deleted successfully.

Error: folder "c:\programdata\1824161404" not found!
Deletion of folder "c:\programdata\1824161404" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.