Author Topic: Antivirus GT problem (Read 3752 times)

country32 · « **on:** October 01, 2010, 04:49:29 AM »

Hi,

tonight I got Antivirus GT. Oh, it's nasty!

I cannot run or open anything except I/E and Firefox.

Can't open task manager, malwarebytes. msconfig, regedit, I just tried doing the Erunt and I cannot run it.

Is there anyway I can 'disable/turn off' the virus so I can begin to remove it?

Thanks,

Rick

Corrine · « **Reply #1 on:** October 01, 2010, 06:45:35 PM »

Hi, country32.

Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please download rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

Double-click rkill to run.
A command window will open then disappear upon completion, this is normal.
Please leave rkill on the Desktop until otherwise advised.
Do NOT restart your computer after running rkill as the malware program(s) will start again.

Notes:

If you you receive security warnings about rkill, please ignore and allow the download to continue.

You should now be able to run Malwarebytes' Anti-Malware. Please do the following:

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
Once the update has been installed and the program has loaded, select Quick scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next, please download random's system information tool (RSIT):

Download RSIT by random/random from here and save it to your desktop.
Double-click RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).

In your reply, please include the MBAM log along with the two RSIT logs.

country32 · « **Reply #2 on:** October 01, 2010, 11:14:15 PM »

Hi,

I tried Rkill but it does not work. So I used the explorer.exe named version and I click it, the black window opens there is a brief 3 lines of text then it disappears and the antivirus gt (pop up) appears.

I don't want to get ahead of myself, but I've tried finding and renaming taskmgr. It wasn't in systems32 it was in a folder S1843 or something similar. I tried renaming and opening and same thing it just prompt the (pop up) for antivirus GT.

The only change was at one point (after blue screen) when I rebooted, my Norton's 'stopped' a trojan, and I was able to do a full scan (I know Norton has a bad rep, but I still have it for 6 months or so) It showed 2 items and fixed them, but all through the scan the Antivirus GT pop-up was happening. And it's still doing it like before.

any hope?

country32 · « **Reply #3 on:** October 01, 2010, 11:51:18 PM »

update... got it to work. currently running malwarebytes...

Corrine · « **Reply #4 on:** October 02, 2010, 12:02:15 AM »

Hi, country32.

Please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Thank you.

country32 · « **Reply #5 on:** October 02, 2010, 02:02:49 AM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4381

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/1/2010 9:27:01 PM
mbam-log-2010-10-01 (21-27-01).txt

Scan type: Quick scan
Objects scanned: 256917
Time elapsed: 50 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avgt (Rogue.AntivirusGT) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AVGT (Rogue.AntivirusGT) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AVGT\antivirusGT.exe (Rogue.AntivirusGT) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick\Desktop\AntivirusGT.LNK (Rogue.AntivirusGT) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.6552324685919289.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.9237785828019827.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Rick at 2010-10-01 21:43:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (32%) free of 73 GB
Total RAM: 502 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:47 PM, on 10/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Rick\Desktop\RSIT.exe
C:\Program Files\trend micro\Rick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MyCleanPC Registry Cleaner] C:\Program Files\CyberDefender\Registry Scanner\CDregclean.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6285 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]
"MyCleanPC Registry Cleaner"=C:\Program Files\CyberDefender\Registry Scanner\CDregclean.exe [2010-08-24 7314760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-11-20 2335880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aliim]
C:\Program Files\trademanager\aliim.exe [2010-06-13 210328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2009-11-12 323392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-05-11 5252408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PalTalk.lnk]
C:\PROGRA~1\PALTAL~1\paltalk.exe [2010-06-16 12732680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene"
"C:\Program Files\Alibaba\TradeManager\TradeManager.exe"="C:\Program Files\Alibaba\TradeManager\TradeManager.exe:*:Enabled:TradeManager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\trademanager\AliIM.exe"="C:\Program Files\trademanager\AliIM.exe:*:Enabled:AliIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-10-01 21:43:40 ----D---- C:\Program Files\trend micro
2010-10-01 21:43:38 ----D---- C:\rsit
2010-09-09 17:29:58 ----D---- C:\Documents and Settings\Rick\Application Data\vlc
2010-09-06 12:58:24 ----D---- C:\Documents and Settings\Rick\Application Data\CyberDefender
2010-09-06 12:57:49 ----D---- C:\Program Files\CyberDefender

======List of files/folders modified in the last 1 months======

2010-10-01 21:58:22 ----D---- C:\WINDOWS\Temp
2010-10-01 21:43:53 ----D---- C:\WINDOWS\Prefetch
2010-10-01 21:43:40 ----RAD---- C:\Program Files
2010-10-01 21:37:50 ----D---- C:\WINDOWS\Minidump
2010-10-01 21:37:50 ----D---- C:\WINDOWS
2010-10-01 21:37:36 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2010-10-01 21:27:41 ----D---- C:\WINDOWS\system32\DRIVERS
2010-10-01 21:27:15 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-01 14:25:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-01 11:49:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-30 21:12:36 ----SHD---- C:\WINDOWS\SYSTEM32
2010-09-30 20:18:54 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2010-09-26 00:59:18 ----D---- C:\Documents and Settings\Rick\Application Data\BitTorrent
2010-09-23 12:47:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-17 13:54:22 ----D---- C:\Program Files\Mozilla Firefox
2010-09-15 01:11:28 ----HD---- C:\WINDOWS\INF
2010-09-15 01:10:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-08 22:07:11 ----D---- C:\Program Files\trademanager

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-08-04 87136]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-09-25 43528]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS [2009-08-22 310320]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys [2010-01-28 482432]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2009-09-25 9336]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100930.005\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS [2009-08-22 43696]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS [2009-08-22 217136]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101001.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101001.002\NAVEX15.SYS []
R3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2004-04-15 339488]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-18 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS [2009-08-22 36400]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 wwbebmv;wwbebmv; C:\WINDOWS\System32\drivers\iulvkad.sys []
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2009-09-25 9464]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Rick\LOCALS~1\Temp\catchme.sys []
S3 diskchk;diskchk; \??\C:\WINDOWS\system32\diskchk.sys []
S3 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-29 47360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-18 36400]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2010-10-01 21:58:51

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft FrontPage 2002-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Word 2002-->MsiExec.exe /I{901B0409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MyCleanPC Registry Scanner-->"C:\Program Files\CyberDefender\Registry Scanner\cduninstx.exe" /r "C:\Program Files\CyberDefender\Registry Scanner\unins000.exe"
PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Snood 4-->"C:\Program Files\Snood 4\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TradeManager 2010 Beta1-->C:\Program Files\trademanager\Uninstall.exe
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Norton AntiVirus

======System event log======

Computer Name: RICKS
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 21
Source Name: W32Time
Time Written: 20100901151149.000000-240
Event Type: error
User:

Computer Name: RICKS
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 20
Source Name: W32Time
Time Written: 20100901151149.000000-240
Event Type: error
User:

Computer Name: RICKS
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 19
Source Name: W32Time
Time Written: 20100901151149.000000-240
Event Type: error
User:

Computer Name: RICKS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000F66798377. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 18
Source Name: Dhcp
Time Written: 20100901151140.000000-240
Event Type: warning
User:

Computer Name: RICKS
Event Code: 7000
Message: The ASCTRM service failed to start due to the following error:
The system cannot find the file specified.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20100901151122.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: RICKS
Event Code: 1002
Message: Hanging application paltalk.exe, version 9.96.3439.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 78
Source Name: Application Hang
Time Written: 20091028130403.000000-240
Event Type: error
User:

Computer Name: RICKS
Event Code: 1002
Message: Hanging application paltalk.exe, version 9.96.3439.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 77
Source Name: Application Hang
Time Written: 20091028130246.000000-240
Event Type: error
User:

Computer Name: RICKS
Event Code: 12001
Message:
Record Number: 45
Source Name: usnjsvc
Time Written: 20091027203512.000000-240
Event Type:
User:

Computer Name: RICKS
Event Code: 12001
Message:
Record Number: 6
Source Name: usnjsvc
Time Written: 20091023214117.000000-240
Event Type:
User:

Computer Name: RICKS
Event Code: 1002
Message: Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5
Source Name: Application Hang
Time Written: 20091023183625.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Corrine · « **Reply #6 on:** October 02, 2010, 06:35:38 PM »

Hi, country32.

I see a several programs installed on your computer that cause me personal concern. The first is "MyCleanPC Registry Cleaner" by CyberDefender. To begin with, registry cleaners generally do more harm than good. Further, please note the following articles about CyberDefender:

Based on IOBit's past practices, I wouldn't run it on my computer. See the following for additional information:

It appears that you may have edited the uninstall list as I note a number of discrepancies between what is shown there and other entries in the logs:

The service for Java dated 2009-07-25 but there is no indication in Add/Remove programs and confirm that you have only Java SE Runtime Environment (JRE) 6 Update 21 installed as older versions are vulnerable.
I note an indication in Start up programs of a vulnerable version of Adobe installed: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]
C:\Program Files\BitTorrent\bittorrent.exe is also shown without an uninstall entry.

P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

I note you ran MBAM in Safe Mode. Please do the following:

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Now a fresh scan with MBAM:

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
Once the update has been installed and the program has loaded, select Quick scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the MBAM log with your next reply, address the above issues and let me know how your computer is now.

Thank you.

country32 · « **Reply #7 on:** October 02, 2010, 09:06:08 PM »

Hi,

Regarding cyberdefense and ISO, I don't use those. A year or so I got antivirusxp, I believe I got the Iso while I was trying to get rid of that one, The cyber defense I've never run. I saw the ad on tv and thought it was a joke. I thought it was just a website that would scan the computer.

The ones I use are

--Advanced System Care -which I don't think is very effective

--Norton's Antivirus

--Spybot Search and Destroy

--Malwarebytes.

here is latest log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4734

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/2/2010 4:54:43 PM
mbam-log-2010-10-02 (16-54-43).txt

Scan type: Quick scan
Objects scanned: 193702
Time elapsed: 13 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Corrine · « **Reply #8 on:** October 02, 2010, 11:28:04 PM »

Quote from: country32 on October 02, 2010, 09:06:08 PM

Hi,

Regarding cyberdefense and ISO, I don't use those. A year or so I got antivirusxp, I believe I got the Iso while I was trying to get rid of that one, The cyber defense I've never run. I saw the ad on tv and thought it was a joke. I thought it was just a website that would scan the computer.

The ones I use are

--Advanced System Care -which I don't think is very effective

Hi, country32.

Since you don't use it, why not uninstall it? Just go to Add/Remove programs and look for MyCleanPC Registry Scanner.

Regarding Advanced System Care, that is the Iobit product I referred to in my previous reply. Since you don't find it effective, again, why not uninstall it? Because there are no items listed in your uninstall log between H and M, I don't know if Advanced System Care is listed under Iobit. If not there, go to your Start Menu and look for the programs folder and see if there is an uninstall option. Also check in the Program Files folder for C:\Program Files\IObit. Either there or in a subfolder for Advanced SystemCare 3 should be an uninstaller could be called Uninstall, UnWise, Unin000 or similar number.

Having a firewall, anti-virus and anti-malware software are not enough. You also need to stay current with security updates. If you don't have your computer set to automatically install the Microsoft Security Updates, please check for updates now. For additional information, see my blog post Understanding Microsoft Updates

To check if your system is missing security updates or has insecure applications installed, install Secunia Personal Software Inspector or, alternatively, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications

Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html

Please let me know if you have any questions.

country32 · « **Reply #9 on:** October 03, 2010, 01:37:36 AM »

Hi,

my only question is about Rkill, RSIT, and TFC. Should I keep these on my desktop or delete them? I will clean up and get rid of the old programs and check to make sure my updates are current. Would you recommend I delete spybot search and destroy and use spyware-blaster, instead?

Again, thanks for all your help.

-Rick

Corrine · « **Reply #10 on:** October 03, 2010, 05:31:20 PM »

Hi, Rick.

You can delete RKill from your desktop. There is no uninstall for RSIT either. Just delete the folder located at C:\rsit.

Regarding TFC, you can remove if you wish. However, it wouldn't hurt to keep it around for occasional use. The reason is that TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs).

I wasn't thinking about Teatimer. Of course, keep Spybot since it is doing what you need.

country32 · « **Reply #11 on:** October 12, 2010, 05:51:20 PM »

Hi again,

My computer has been running pretty good since you helped. However, Today I got a blue screen (which I've had in the past) But I cannot re-boot.

In the past, if I get a blue screen, I just shut down and reboot and things have been fine.. This time, It just keeps going back to blue screen.

I tried to reboot to safe-mode and it pauses on the screen full of commands. It wont get past that to boot up.

On the blue screen it has..

CRQL_Not_Less_or_equal.

also:

Tech Info

Stop: 0x0000000A (0x00000000, 0x00000002, 0x00000001, 0x804E75B5)

any suggestions???

-Thanks..

Corrine · « **Reply #12 on:** October 12, 2010, 08:59:13 PM »

Hi, contry32.

The only site I am finding any information on with the same error message and Tech Info is in German. From what I can tell from the translation, it may be related to a Symantec program. Then again, it may not be. The translation is pretty rough.

Are you able to select "Last Known Good Configuration"? If so, it is possible that this Microsoft Fix it will help: Hardware devices are not working or are not detected in Windows since most of the Stop 0x0000000A errors point to hardware or drivers.

If you cannot get to a stable place without the computer blue-screening, a repair install may work.

country32 · « **Reply #13 on:** October 15, 2010, 01:31:46 AM »

Hi,

Just wanted to update. Still have the blue screen (boot up) problem. I went to the 'last known configuration" and my desktop icons didn't load, and an error (could not connect to internet) windows is shutting down message came up. Before the computer shut off, it downloaded 6 updates.

But nothing changed.

Can't get to safe mode, only about 8 lines of command prompts show and the last one is

Multi(0)disk(0)rdisk(0)partition(2)/windows/system32/drivers/sapnp.sys

I'm guessing it's serious and needs a re-format.

I'm just wondering if it's worth taking to a shop or should I just dump and start over?

Again, Thanks

-Rick

Corrine · « **Reply #14 on:** October 15, 2010, 05:42:01 PM »

Hi, country32.

Could you have not copied the driver name correctly and it should be Isapnp.sys? If that is the case, a repair install should work. See You receive a "Windows could not start because the following file is missing or corrupt: Isapnp.sys" error message at startup.

To prevent the shutdown, prior to the windows is shutting down message, do the following:

Click on Start then select Run, type in what is shown below in bold but do not click OK yet. As soon as the message appears, click to run the command.

shutdown -a

LandzDown Forum

News:

Author Topic: Antivirus GT problem (Read 3752 times)

country32

Antivirus GT problem

Corrine

Re: Antivirus GT problem

country32

Re: Antivirus GT problem

country32

Re: Antivirus GT problem

Corrine

Re: Antivirus GT problem

country32

Re: Antivirus GT problem

Corrine

Re: Antivirus GT problem

country32

Re: Antivirus GT problem

Corrine

Re: Antivirus GT problem

country32

Re: Antivirus GT problem

Corrine

Re: Antivirus GT problem

country32

Re: Antivirus GT problem

Corrine

Re: Antivirus GT problem

country32

Re: Antivirus GT problem

Corrine

Re: Antivirus GT problem