False Vista Spyware Virus Or Maleware??? Please Help.

Okay. Hello and Thank You for your services, I would have never thought a site like this is possible.

So first i was getting those (what im pretty sure were false) Windows Security Center Spyware Alerts and Threats Detected non-stop. So i go to download Maleware Anti-Bytes (because before today all i used was Windows Advanced SystemCare) as suggested from everyone. Then i realized it wouldn't let me download ANY of them (it would let me do the set-up, but when trying to "run" the download it just wouldn't do anything...anything).

Then after a little bit of downloading other Anti-Virus programs, maybe 1 too many but they still downloaded (for a lil bit). I then run these only to find out I need to pay for em.

So then after awhile I cant even open up any programs. I keep getting the "open with?" display (which i can use for Firefox because that's actually an option too). So im pretty sure the only thing I can do is go online THANK GOD.

So i was told to go to System Restore and do all that good stuff...but even when trying to click that program i get that "open with".

Im pretty sure this is a Windows XP 2000...even when i try and open up properties from the Desktop I get a " C:\WINDOWS\system32\rundll32.exe " which ive seen also when trying to open up other programs.

Nothing is different in Safe Mode...Any kind of assistance would be GREATLY APPRECIATED, Thank You.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:51 PM, on 4/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\winlogon.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221689492827
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 4530 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O20 - AppInit_DLLs:
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Thanks for helping...

Okay, there was only one of the O20 - AppInit_DLLs: files. I Fixed It.

Then tried to Install the Malwarebytes Anti-Malware program and the same problem happened. When i double clicked on the mbam-setup.exe another window popped up asking to Run or Cancel and when i hit Run i get a C:\Documents and Settings\Administrator\My Documents\Downloads\mbam-setup(3).exe......pop up. and it also says "Application Not Found"???


-Thank You

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

I wish i could download that...i keep running into the same problem. Besides that Hijack This...anything i try and download from the Download List (double click) i get the same "C:\Documents and Settings\Administrator\My Documents\Downloads\.....( this time = OTL.exe)" "Application Not Found"...

Step By Step What I Did:

I hit the OTL link you gave me, i got an"Open File - Security Warning" box with the options to Save File or Cancel. I hit Save File like i normally do, which brings me up to the Download List. Then Double Clicking the saved OTL one makes the "Application Not Found" box appear. Then i started typing this message lol.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

The same thing happened. When I go too double click "Como-Fix" from the download list, "Application Not Found".

I was supposed to already have changed the name in the previous step right? It asked me where to save the file, it was pre-set to My Pictures so I switched it out to Desktop. Here's my step by step lol. Thanks For Your Time.

1: I applied the "Always ask me where to save files" option.

2: I clicked your "Link1" umm....link button.

3: Opening "Combofix.exe" box popped up, I hit Save File.

4: The "Enter name of file to save too box popped up. I switched from "My Pictures to Desktop, then changed name to Combo-Fix and hit Save.

5: The "Downloads" box popped up, I double clicked "Combo-Fix.exe"

6: The "Open File - Security Warning" box popped up, ( w/ the "always ask before opening" option previously checked ) , then i hit Run.

7: The SAME hated "C:\Documents and Settings\Administrator\My Documents\Downloads\Combo-Fix" "Application Not Found " box popped up.

8: That's it.

Hmm.
Rename Combo-fix.exe to Combo-fix.scr

Try running it now.

Nope.

The final result was "C:\Documents and Settings\Administrator\My Documents\Downloads\Combo-Fix.scr.exe" Application Not Found.

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 20:49:36.26 on Mon 04/05/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.30 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221689492827
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7sjorgeh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-4 217032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-4 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-4 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-4 1142224]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-04 19:20:45 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-04 19:20:44 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-04 19:20:44 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-04 19:20:44 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-04 19:20:44 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-04 19:20:44 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-04 19:20:44 131 ----a-w- c:\windows\IDB.zip
2010-04-04 19:20:44 1152444 ----a-w- c:\windows\UDB.zip
2010-04-04 19:17:12 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-04 19:17:12 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-04 19:17:00 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-04 19:17:00 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-04 19:17:00 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-04 19:17:00 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-04 19:16:38 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-04 19:16:38 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-04 19:16:15 0 d-----w- c:\program files\Spyware Doctor
2010-04-04 19:16:15 0 d-----w- c:\program files\common files\PC Tools
2010-04-04 19:16:15 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-04 19:16:15 0 d-----w- c:\docume~1\admini~1\applic~1\PC Tools
2010-04-04 18:55:43 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-04-01 23:42:49 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2010-04-01 23:42:48 53248 ----a-w- c:\windows\PalmDevC.dll
2010-04-01 23:39:43 0 d-----w- c:\program files\Palm
2010-03-16 04:42:48 3157 ----a-w- c:\windows\cdplayer.ini
2010-03-12 04:52:38 0 d-----w- c:\program files\common files\xing shared
2010-03-12 04:48:25 0 d-----w- c:\program files\common files\Real
2010-03-09 17:37:03 0 d-----w- c:\program files\IObit

==================== Find3M ====================

2010-04-01 23:38:26 53248 ----a-w- c:\windows\system32\palmdevc.dll
2010-03-12 04:48:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-12 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll
2008-09-21 07:07:33 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat

============= FINISH: 20:51:18.78 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2008 10:12:08 PM
System Uptime: 4/4/2010 5:39:05 PM (27 hours ago)

Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel(R) Celeron(R) CPU 2.20GHz | Socket 478 | 2192/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 21.862 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP224: 2/10/2010 5:11:05 PM - Software Distribution Service 3.0
RP225: 2/10/2010 7:56:39 PM - avast! Pro Antivirus Setup
RP226: 2/10/2010 8:26:31 PM - Installed SUPERAntiSpyware Free Edition
RP227: 2/11/2010 5:05:16 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP228: 2/12/2010 5:57:55 PM - System Checkpoint
RP229: 2/13/2010 6:01:04 PM - System Checkpoint
RP230: 2/14/2010 7:03:43 PM - System Checkpoint
RP231: 2/15/2010 7:57:51 PM - System Checkpoint
RP232: 2/16/2010 8:58:23 PM - System Checkpoint
RP233: 2/17/2010 9:14:48 PM - System Checkpoint
RP234: 2/18/2010 10:45:55 PM - System Checkpoint
RP235: 2/19/2010 11:56:27 PM - System Checkpoint
RP236: 2/20/2010 6:28:59 PM - avast! Pro Antivirus Setup
RP237: 2/20/2010 6:48:47 PM - Installed AVG 9.0
RP238: 2/21/2010 8:23:48 AM - Avg8 Update
RP239: 2/22/2010 9:09:57 AM - System Checkpoint
RP240: 2/23/2010 5:44:28 PM - System Checkpoint
RP241: 2/24/2010 3:00:24 AM - Software Distribution Service 3.0
RP242: 2/24/2010 7:07:56 PM - Avg8 Update
RP243: 2/25/2010 8:28:09 PM - System Checkpoint
RP244: 2/26/2010 9:20:01 PM - System Checkpoint
RP245: 2/27/2010 10:29:19 PM - System Checkpoint
RP246: 2/28/2010 11:09:24 PM - System Checkpoint
RP247: 3/1/2010 8:05:32 PM - Removed AVG 9.0
RP248: 3/2/2010 8:15:25 PM - System Checkpoint
RP249: 3/3/2010 11:46:55 AM - Removed AVG 9.0
RP250: 3/3/2010 11:52:00 AM - Installed AVG 9.0
RP251: 3/8/2010 10:52:28 PM - System Checkpoint
RP252: 3/10/2010 12:02:15 AM - System Checkpoint
RP253: 3/11/2010 12:18:03 AM - System Checkpoint
RP254: 3/11/2010 3:00:25 AM - Software Distribution Service 3.0
RP255: 3/12/2010 3:18:01 AM - System Checkpoint
RP256: 3/13/2010 4:18:00 AM - System Checkpoint
RP257: 3/14/2010 6:17:59 AM - System Checkpoint
RP258: 3/15/2010 7:18:00 AM - System Checkpoint
RP259: 3/16/2010 8:19:05 AM - System Checkpoint
RP260: 3/17/2010 9:18:00 AM - System Checkpoint
RP261: 3/18/2010 10:17:30 AM - System Checkpoint
RP262: 3/19/2010 11:17:30 AM - System Checkpoint
RP263: 3/20/2010 12:17:31 PM - System Checkpoint
RP264: 3/21/2010 1:18:39 PM - System Checkpoint
RP265: 3/22/2010 6:35:05 PM - System Checkpoint
RP266: 3/23/2010 7:44:06 PM - System Checkpoint
RP267: 3/24/2010 7:55:39 PM - System Checkpoint
RP268: 3/25/2010 8:32:42 PM - System Checkpoint
RP269: 3/26/2010 8:33:46 PM - System Checkpoint
RP270: 3/28/2010 12:06:36 AM - System Checkpoint
RP271: 3/29/2010 1:00:00 AM - System Checkpoint
RP272: 3/30/2010 1:59:59 AM - System Checkpoint
RP273: 3/31/2010 3:00:01 AM - System Checkpoint
RP274: 4/1/2010 3:00:23 AM - Software Distribution Service 3.0
RP275: 4/1/2010 7:39:34 PM - Installed Palm
RP276: 4/2/2010 8:10:29 PM - System Checkpoint
RP277: 4/3/2010 3:36:49 PM - Software Distribution Service 3.0
RP278: 4/4/2010 3:42:33 PM - System Checkpoint
RP279: 4/5/2010 3:43:39 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Advanced SystemCare 3
B57Inst
BACS
Broadcom 440x 10/100 Integrated Controller
Broadcom Advanced Control Suite
Broadcom Driver Installer
Browser Defender 2.0.6.15
Comcast High-Speed Internet Install Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 7
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
Palm
RealPlayer
RealUpgrade 1.0
RegCure
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SoundMAX
Spyware Doctor 7.0
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Player 10
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

4/4/2010 5:24:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/4/2010 5:23:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
4/4/2010 5:23:08 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2010 5:23:08 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2010 5:23:08 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2010 5:23:08 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2010 5:22:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/4/2010 5:22:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2010 4:49:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/4/2010 4:49:52 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/3/2010 3:37:44 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.

==== End Of File ===========================


On your pop up after the download it said the Attach one had to be "zipped" im not sure what that means, so this is just a copy and paste?

Thank You!

Hello.

1. Open My Computer.
   
2. Go to Tools > Folder Options.
   
3. Select the View tab.
   
4. Scroll down to Hidden files and folders.
   
5. Uncheck (untick) Hide extensions of known file types.
   
6. Click Yes when prompted.
   
7. Click OK.
   
8. Close My Computer.
   

Now you can see file extensions, go back to OTL, you'll see it's called OTL.scr.exe - remove the .exe - now try OTL one more time.

What you mean by go back to OTL...

I tried to re-download the Link you had on the page then at the name change step erased the .exe.

Then had the same problem.

Can you see file extensions?

Yes...but there was only the exe thats how I erased it. But there was no scr to keep...

And this was all done in the "Enter name of file to save too" box....?

Okay, please add .scr to the file extension instead.

Actually ive been busy...

So I Downloaded Rkill and ran that...which allowed me to Install Malwarebytes Anti-Malware finally.

Ran that found 6 infections, fixed em all.

So now my computer SEEMS to be running fine...is there anything else you think I should do?

And i was gonna ask you for your suggestions on my protection. I am running...

System:
Microsoft XP Professional
Version 2002
Service Pack 3

Computer:
Dell Dimension 2350
Intel(R)
Celeron (R)
CPU 2.20 GHz 2.19 GHz. 256 MB of RAM

Any suggestions? Right now I have to Free Editions of:
SUPER AntiSpyware Free Edition
Advanced SystemCare Free
n now Malwarebytes Anti-Malware

- Thank You

Hello.
Looks good. Please run OTL anyhow, I wanna check for leftovers.