Jump to content

Unsure Virus Possibly Redirect Have Logs!


Recommended Posts

So i've posted in a few redirect threads because I believe thats what this is. I have ran aswMBR and it found a Rootkit and I fixed that part. Stupid me, didnt save that log. However I have several others that will be helpful. I will post them one at the time.

First here is the MalwareBytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6116

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

3/21/2011 5:16:42 AM

mbam-log-2011-03-21 (05-16-40).txt

Scan type: Quick scan

Objects scanned: 166792

Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tukdtjsr (Trojan.Downloader) -> Value: tukdtjsr -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\updata.exe (Trojan.Clicker) -> No action taken.

c:\WINDOWS\dpretl32.dll (Trojan.Hiloti) -> No action taken.

c:\WINDOWS\system32\service.sys (Rootkit.Agent) -> No action taken.

c:\WINDOWS\system32\tukdtjsr.exe (Trojan.Downloader) -> No action taken.

Link to post
Share on other sites

Here is the ROOTREPEAL Report:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2011/03/21 05:39

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: aswMBR.sys

Image Path: C:\DOCUME~1\admin\LOCALS~1\Temp\aswMBR.sys

Address: 0xB72B5000 Size: 36096 File Visible: No Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB81AF000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF79AD000 Size: 8192 File Visible: No Signed: -

Status: -

Name: qkgav.sys

Image Path: qkgav.sys

Address: 0xF75F7000 Size: 54016 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB74CD000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\CurseClient.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\CurseClient.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\CurseClient.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\CurseClient.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\GammaJul.LgLcd.Wpf.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Microsoft.Windows.Shell.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Microsoft.Windows.Shell.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Win32Interop.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Win32Interop.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\GammaJul.LgLcd.Wpf.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Xceed.Wpf.DataGrid.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Curse.CurseClient.WowStead.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Curse.CurseClient.WowStead.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\GammaJul.LgLcd.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\GammaJul.LgLcd.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Xceed.Wpf.DataGrid.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Xceed.Wpf.Controls.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\Xceed.Wpf.Controls.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\zlib.net.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\manifests\zlib.net.manifest

Status: Locked to the Windows API!

==EOF==

Link to post
Share on other sites

I also ran OTL and here is the OTL Report and my next post will have the Extras file from OTL:

OTL logfile created on: 3/21/2011 4:34:12 AM - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\admin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 42.28 Gb Free Space | 37.82% Space Free | Partition Type: NTFS

Drive D: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CODYSPC | User Name: admin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\admin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\admin\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (AsSysCtrlService) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()

========== Driver Services (SafeList) ==========

DRV - (SSMO3v2Filter) -- C:\WINDOWS\system32\drivers\MO3v2Driver.sys (Sagatek Co. Ltd.)

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)

DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)

DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1417001333-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1214440339-1417001333-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1214440339-1417001333-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 DA B1 22 B1 E7 CB 01 [binary data]

IE - HKU\S-1-5-21-1214440339-1417001333-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox

FF - HKLM\software\mozilla\Firefox\Extensions\\{D2E089CA-32C4-4669-AD30-933EDEC2B5D4}: C:\Documents and Settings\Cody\Local Settings\Application Data\{D2E089CA-32C4-4669-AD30-933EDEC2B5D4} [2011/03/19 23:29:20 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/03/20 19:35:24 | 000,000,779 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.

O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe ()

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] File not found

O4 - HKLM..\Run: [steelSeries World of Warcraft Cataclysm MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe (SteelSeries)

O4 - HKLM..\Run: [tukdtjsr] C:\WINDOWS\system32\tukdtjsr.exe ()

O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1214440339-1417001333-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.11 69.1.30.10

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/23 10:15:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/09/09 20:14:07 | 000,000,047 | RH-- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Installer.exe -- [2010/09/09 20:14:07 | 002,508,760 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 04:25:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe

[2011/03/21 04:24:17 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\admin\Desktop\aswMBR.exe

[2011/03/21 04:23:48 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\admin\Desktop\ATF_Cleaner.exe

[2011/03/21 04:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Sun

[2011/03/21 03:52:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IECompatCache

[2011/03/21 03:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Adobe

[2011/03/21 03:47:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\PrivacIE

[2011/03/21 03:47:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IETldCache

[2011/03/21 03:28:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\admin\Application Data\Microsoft

[2011/03/21 03:28:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\SendTo

[2011/03/21 03:28:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Application Data

[2011/03/21 03:28:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Startup

[2011/03/21 03:28:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu

[2011/03/21 03:28:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Accessories

[2011/03/21 03:28:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\Cookies

[2011/03/21 03:28:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\Templates

[2011/03/21 03:28:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\Recent

[2011/03/21 03:28:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\PrintHood

[2011/03/21 03:28:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\NetHood

[2011/03/21 03:28:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\Local Settings

[2011/03/21 03:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents

[2011/03/21 03:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft

[2011/03/21 03:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Macromedia

[2011/03/21 03:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Favorites

[2011/03/21 03:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop

[2011/03/20 19:58:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2011/03/20 19:40:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/03/20 19:35:37 | 000,015,360 | ---- | C] (????) -- C:\WINDOWS\System32\updata.exe

[2011/03/20 00:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2011/03/20 00:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp

[2011/03/20 00:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/03/20 00:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/03/19 23:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/03/19 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/03/12 01:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble

[2011/02/28 02:20:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/21 04:34:20 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/03/21 04:34:20 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/03/21 04:30:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/03/21 04:30:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/03/21 04:25:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe

[2011/03/21 04:24:22 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\admin\Desktop\aswMBR.exe

[2011/03/21 04:23:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/03/21 04:23:48 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\admin\Desktop\ATF_Cleaner.exe

[2011/03/20 19:35:38 | 000,015,360 | ---- | M] (????) -- C:\WINDOWS\System32\updata.exe

[2011/03/20 19:35:04 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2011/03/20 19:34:57 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\JLBKTWX.job

[2011/03/20 19:34:57 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\Rbgyfwnir.job

[2011/03/20 19:09:47 | 000,000,959 | -H-- | M] () -- C:\WINDOWS\mlog

[2011/03/20 19:01:47 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys

[2011/03/20 19:00:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2011/03/20 17:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/03/19 23:28:24 | 000,133,120 | ---- | M] () -- C:\WINDOWS\System32\tukdtjsr.exe

[2011/03/19 23:27:34 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\System32\powrprofr.dll

[2011/03/12 01:48:57 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk

[2011/02/19 12:18:59 | 071,381,601 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 03:28:47 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Remote Assistance.lnk

[2011/03/21 03:28:47 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Windows Media Player.lnk

[2011/03/20 19:01:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\service.sys

[2011/03/19 23:55:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/03/19 23:28:46 | 000,000,959 | -H-- | C] () -- C:\WINDOWS\mlog

[2011/03/19 23:28:24 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\tukdtjsr.exe

[2011/03/19 23:27:37 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\JLBKTWX.job

[2011/03/19 23:27:37 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\Rbgyfwnir.job

[2011/03/19 23:27:34 | 000,118,784 | RHS- | C] () -- C:\WINDOWS\System32\powrprofr.dll

[2010/06/30 20:09:45 | 000,274,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/05/23 10:35:38 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2010/05/23 10:35:38 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2010/05/23 10:35:35 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/05/23 10:35:30 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2010/05/23 10:35:30 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2010/05/23 10:35:14 | 000,024,071 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2010/05/23 10:34:16 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010/05/23 10:34:12 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2010/05/23 10:34:10 | 000,017,890 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/05/23 10:34:10 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/05/23 10:21:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/05/23 10:18:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/05/23 10:13:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/05/23 03:01:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/05/23 02:59:27 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/03 23:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 06:00:00 | 000,462,168 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 06:00:00 | 000,078,114 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/05/23 10:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASUS OC Profiles

[2011/03/21 03:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/07/17 19:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boson Software

[2011/03/15 19:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\.minecraft

[2010/05/23 11:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\AVG9

[2011/01/21 09:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\Dyyno

[2010/12/28 12:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\LolClient

[2011/03/14 17:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\Mumble

[2010/11/05 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\Octoshape

[2011/03/19 23:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\OfferBox

[2010/08/10 08:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\OpenOffice.org

[2011/02/27 14:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\Opera

[2011/01/31 15:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\Pass4sure

[2010/12/28 10:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\SteelSeries

[2011/01/25 16:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\TS3Client

[2010/05/23 10:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\Windows Desktop Search

[2010/12/05 21:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\Windows Search

[2011/02/28 02:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cody\Application Data\Yandex

[2011/03/20 19:34:57 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\JLBKTWX.job

[2011/03/20 19:34:57 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\Rbgyfwnir.job

[2011/03/20 17:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL EXTRAS FILE:

OTL Extras logfile created on: 3/21/2011 4:31:56 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\admin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 42.28 Gb Free Space | 37.82% Space Free | Partition Type: NTFS

Drive D: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CODYSPC | User Name: admin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher

"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher

"6890:TCP" = 6890:TCP:*:Enabled:League of Legends Launcher

"6890:UDP" = 6890:UDP:*:Enabled:League of Legends Launcher

"6901:TCP" = 6901:TCP:*:Enabled:League of Legends Launcher

"6901:UDP" = 6901:UDP:*:Enabled:League of Legends Launcher

"6952:TCP" = 6952:TCP:*:Enabled:League of Legends Launcher

"6952:UDP" = 6952:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

"C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\Cody\Local Settings\Apps\2.0\LD44CW61.O1R\PJAOAPHA.4VM\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0

"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)

"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"C:\Program Files\Steam\steamapps\saskroch1983\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\saskroch1983\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Disabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Disabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Dyyno\Dyyno Broadcaster\dppm_source.exe" = C:\Program Files\Dyyno\Dyyno Broadcaster\dppm_source.exe:*:Disabled:Dyyno Broadcaster

"C:\Program Files\Dyyno\Dyyno Broadcaster\dgcsrv.exe" = C:\Program Files\Dyyno\Dyyno Broadcaster\dgcsrv.exe:*:Disabled:Dyyno Broadcaster

"C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe" = C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe:*:Disabled:GomTVStreamerLive -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3

"{B832F6BF-B53E-4A51-BD95-A1D5D956207C}" = World of Warcraft Cataclysm MMO Gaming Mouse

"{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4747A25-A713-4506-838A-A6F046976EBE}" = Pass4sure Questions and Answers for CompTIA SY0-201

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility

"227FF546E51B37EE801113B9EC6D88E5A5E892A5" = Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/19/2010 1.2.4.0)

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG9Uninstall" = AVG Free 9.0

"Cisco Packet Tracer_is1" = Cisco Packet Tracer 5.2

"GomTVStreamer" = GOMTV Streamer

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Network Simulator For CCNA" = Network Simulator For CCNA 1.2.0

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"StarCraft II" = StarCraft II

"Steam App 440" = Team Fortress 2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/2/2011 10:30:55 PM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application Launcher.exe, version 4.0.0.2104, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2011 10:31:33 PM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application Wow.exe, version 4.0.3.13329, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2011 10:31:42 PM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2011 2:17:38 AM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application Minecraft Community Pack.exe, version 6.0.220.4,

hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2011 4:23:00 PM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application Minecraft Community Pack.exe, version 6.0.220.4,

hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2011 4:28:09 PM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application Minecraft Community Pack.exe, version 6.0.220.4,

hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2011 4:32:37 PM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application Minecraft Community Pack.exe, version 6.0.220.4,

hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2011 4:58:41 PM | Computer Name = CODYSPC | Source = Application Error | ID = 1000

Description = Faulting application java.exe, version 6.0.220.4, faulting module

awt.dll, version 6.0.220.4, fault address 0x000a3664.

Error - 1/22/2011 10:23:10 PM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application VHScrCapDlg.exe, version 2.2.2.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2011 2:00:10 PM | Computer Name = CODYSPC | Source = Application Hang | ID = 1002

Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 3/21/2011 5:47:22 AM | Computer Name = CODYSPC | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/21/2011 5:59:21 AM | Computer Name = CODYSPC | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/21/2011 6:04:47 AM | Computer Name = CODYSPC | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/21/2011 6:22:09 AM | Computer Name = CODYSPC | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/21/2011 6:22:09 AM | Computer Name = CODYSPC | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/21/2011 6:29:06 AM | Computer Name = CODYSPC | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/21/2011 6:30:18 AM | Computer Name = CODYSPC | Source = SRService | ID = 104

Description = The System Restore initialization process failed.

Error - 3/21/2011 6:30:42 AM | Computer Name = CODYSPC | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/21/2011 6:31:44 AM | Computer Name = CODYSPC | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

%%2

Error - 3/21/2011 6:31:44 AM | Computer Name = CODYSPC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AsIO AvgLdx86 AvgMfx86 Fips intelppm SRTSP SRTSPX

< End of report >

Link to post
Share on other sites

Couple other points of interest:

I tried installing Combofix but it says I have to uninstall AVG. When I try to uninstall AVG it tells me it had 1 error and something about a HKLM KEY: (some reg. location) cannot create new registry. So I cannot delete AVG.

Secondly, I used the ATF Cleaner and selected all, and removed all that stuff.

Thirdly, I dont know what Yandex is or how it got on here, and everytime I go to any search engine I cannot go to the site I want it to. Thats why I fig. it was a redirect thing.

I took the night off to try and fix this issue, so I will be here when you respond. :)

Thank You in advance for your help! :)

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.