« previous next »
Pages: [1] 2 3   Go Down

Author Topic: can't find c://WINDOWS\system32\.exe problem after scan  (Read 25631 times)

0 Members and 1 Guest are viewing this topic.

nailbite3

  • Guest
can't find c://WINDOWS\system32\.exe problem after scan
« on: August 09, 2009, 03:15:26 AM »
A message that says can't find c://WINDOWS\system32\.exe problem after scan  everytime i boot up my pc. This came out after I scanned the pc and avast removed a lot of viruses. How can i fix this? Thnx avast guys!
« Last Edit: August 09, 2009, 04:46:35 AM by nailbite3 »
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #1 on: August 09, 2009, 01:18:47 PM »
Easy enough - all I need to do is locate the associated registry entry for you

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #2 on: August 13, 2009, 02:46:17 AM »
Thank you so much sir!.. By the way, why is my avast

does not appear in my taskbar?.. and I have to click desktop icon twice to open?.. the first click will give me the splash screen but it will not run. I have to click the desktop icon of avast again for it to run?

Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #3 on: August 15, 2009, 10:34:58 AM »
OTL logfile created on: 8/13/2009 8:09:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.6     Folder = F:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
502.05 Mb Total Physical Memory | 136.91 Mb Available Physical Memory | 27.27% Memory free
1.20 Gb Paging File | 0.83 Gb Available in Paging File | 69.15% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 4.81 Gb Free Space | 16.42% Space Free | Partition Type: NTFS
Drive D: | 26.59 Gb Total Space | 21.27 Gb Free Space | 79.99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 963.72 Mb Total Space | 220.55 Mb Free Space | 22.88% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: END-B7483B79B7E
Current User Name: End User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #4 on: August 15, 2009, 10:36:11 AM »
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\windows\System32\PSIService.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\windows\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\windows\AGRSMMSG.exe (Agere Systems)
PRC - C:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\windows\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\windows\System32\uWDF.exe (Microsoft Corporation)
PRC - F:\gphone.exe ()
PRC - F:\New Folder.exe ()
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
 
========== Win32 Services (SafeList) ==========
 
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ATMsrvc [Disabled | Stopped]) -- C:\windows\System32\ATMsrvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Block Level Filtering Service [Disabled | Stopped]) --  File not found
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (ProtexisLicensing [Auto | Running]) -- C:\windows\System32\PSIService.exe ()
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (RFCyberOne [Auto | Stopped]) -- C:\Program Files\RFCyber\bin\rfcreader.exe (RFCyber Corp.)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (UMWdf [Auto | Running]) -- C:\windows\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (UxTuneUp [Auto | Stopped]) -- C:\windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
========== Driver Services (SafeList) ==========
 
DRV - (Aavmker4 [System | Running]) -- C:\windows\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\windows\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AFS2K [System | Running]) -- C:\windows\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aswFsBlk [Auto | Running]) -- C:\windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\windows\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (btaudio [On_Demand | Running]) -- C:\windows\System32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\windows\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (CPEb [System | Running]) -- C:\windows\System32\drivers\CPEb.sys (Compal)
DRV - (EMSCR [On_Demand | Running]) -- C:\windows\System32\DRIVERS\EMS7SK.sys (ENE Technology Inc.)
DRV - (ESDCR [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ESD7SK.sys (ENE Technology Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\windows\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\HPZius12.sys (HP)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Stopped]) -- C:\windows\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ktp [On_Demand | Running]) -- C:\windows\System32\DRIVERS\Ktp.sys (ELANTECH Devices Corp.)
DRV - (Nokia USB Generic [On_Demand | Stopped]) -- C:\windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (Nokia USB Modem [On_Demand | Stopped]) -- C:\windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Phone Parent [On_Demand | Stopped]) -- C:\windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port [On_Demand | Stopped]) -- C:\windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Ptilink [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\windows\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (s24trans [Auto | Running]) -- C:\windows\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\windows\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SNP2STD [On_Demand | Running]) -- C:\windows\System32\DRIVERS\snp2sxp.sys ()
DRV - (w39n51 [On_Demand | Running]) -- C:\windows\System32\DRIVERS\w39n51.sys (Intel® Corporation)
 
========== Standard Registry (SafeList) ==========
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #5 on: August 15, 2009, 10:37:04 AM »
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rnd009.googlepages.com/google.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rnd009.googlepages.com/google.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://rnd009.googlepages.com/google.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:2.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.0
FF - prefs.js..extensions.enabledItems: searchme@searchme.com:1.7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/31 08:56:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/02 20:47:10 | 00,000,000 | ---D | M]
 
[2008/09/19 09:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\mozilla\Extensions
[2008/09/19 09:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/09 12:40:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\mozilla\Firefox\Profiles\g01klyzj.default\extensions
[2009/05/23 12:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\mozilla\Firefox\Profiles\g01klyzj.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/05/23 12:37:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\mozilla\Firefox\Profiles\g01klyzj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/20 17:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\mozilla\Firefox\Profiles\g01klyzj.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/08/09 11:46:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/31 08:59:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/08 21:35:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/07/31 08:59:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\searchme@searchme.com
[2009/06/07 09:56:15 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/07 09:56:16 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2003/02/11 06:02:56 | 00,032,768 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2002/02/21 09:19:06 | 00,049,245 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPJava11.dll
[2002/02/21 09:19:06 | 00,053,341 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPJava12.dll
[2002/02/21 09:19:06 | 00,053,338 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPJava131_03.dll
[2002/02/21 09:19:06 | 00,049,245 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPJava32.dll
[2009/06/07 09:56:28 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2002/02/21 09:19:06 | 00,045,150 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPOJI600.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2009/06/08 13:11:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin9.dll
[2008/03/24 20:21:00 | 02,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2007/03/10 07:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/06/07 09:56:31 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/07 09:56:31 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/07 09:56:32 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/07 09:56:32 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/07 09:56:32 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/13 17:39:56 | 00,002,494 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchme.xml
[2009/06/07 09:56:32 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/07 09:56:32 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #6 on: August 15, 2009, 10:38:40 AM »
O1 HOSTS File: (734 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKCU..\Run: [Yahoo Messengger] C:\windows\System32\gphone.exe ()
O4 - Startup: C:\Documents and Settings\End User\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Download All Links with IDM - E:\IDM_5_11_5_REA\IEGetAll.htm File not found
O8 - Extra context menu item: Download FLV video content with IDM - E:\IDM_5_11_5_REA\IEGetVL.htm File not found
O8 - Extra context menu item: Download with IDM - E:\IDM_5_11_5_REA\IEExt.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #7 on: August 15, 2009, 10:40:29 AM »
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #8 on: August 15, 2009, 10:41:07 AM »
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Download All Links with IDM - E:\IDM_5_11_5_REA\IEGetAll.htm File not found
O8 - Extra context menu item: Download FLV video content with IDM - E:\IDM_5_11_5_REA\IEGetVL.htm File not found
O8 - Extra context menu item: Download with IDM - E:\IDM_5_11_5_REA\IEExt.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab (Java Plug-in 1.3.1_03)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (gphone.exe) - C:\windows\System32\gphone.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #9 on: August 15, 2009, 10:42:08 AM »
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2009/08/13 19:59:32 | 00,000,096 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{0c119736-860f-11dd-92ac-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{0c119736-860f-11dd-92ac-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{0c119736-860f-11dd-92ac-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{0c11973a-860f-11dd-92ac-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{0c11973a-860f-11dd-92ac-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c11973a-860f-11dd-92ac-0016d4db201c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{12aec0c2-bea1-11dd-947e-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{12aec0c2-bea1-11dd-947e-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{12aec0c2-bea1-11dd-947e-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{1f166964-3ebb-11de-a3c1-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{1f166964-3ebb-11de-a3c1-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f166964-3ebb-11de-a3c1-0016d4db201c}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe -- File not found
O33 - MountPoints2\{3a78f16c-308e-11de-a356-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{3a78f16c-308e-11de-a356-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{3a78f16c-308e-11de-a356-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{44d645c1-e141-11dd-953c-0016d4db201c}\Shell\AutoRun\command - "" = F:\gvsqikes.cmd -- File not found
O33 - MountPoints2\{44d645c1-e141-11dd-953c-0016d4db201c}\Shell\explore\Command - "" = F:\gvsqikes.cmd -- File not found
O33 - MountPoints2\{44d645c1-e141-11dd-953c-0016d4db201c}\Shell\open\Command - "" = F:\gvsqikes.cmd -- File not found
O33 - MountPoints2\{47318857-ffd3-11dd-95ea-0016d4db201c}\Shell\AutoRun\command - "" = 2u.com
O33 - MountPoints2\{47318857-ffd3-11dd-95ea-0016d4db201c}\Shell\explore\Command - "" = 2u.com
O33 - MountPoints2\{47318857-ffd3-11dd-95ea-0016d4db201c}\Shell\open\Command - "" = 2u.com
O33 - MountPoints2\{5436272e-c0cc-11dc-8f32-0016d4db201c}\Shell\AutoRun\command - "" = 3j2h0tf.bat
O33 - MountPoints2\{5436272e-c0cc-11dc-8f32-0016d4db201c}\Shell\open\Command - "" = 3j2h0tf.bat
O33 - MountPoints2\{580711d8-6625-11de-a4ad-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{580711d8-6625-11de-a4ad-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{590e3b4f-5191-11de-a42e-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{590e3b4f-5191-11de-a42e-0016d4db201c}\Shell\1\Command - "" = Recycle.exe
O33 - MountPoints2\{590e3b4f-5191-11de-a42e-0016d4db201c}\Shell\2\Command - "" = Recycle.exe
O33 - MountPoints2\{590e3b4f-5191-11de-a42e-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c5eee65-bf4e-11dd-9481-0016d4db201c}\Shell\AutoRun\command - "" = password_viewer.exe %1
O33 - MountPoints2\{5c5eee65-bf4e-11dd-9481-0016d4db201c}\Shell\Explore\command - "" = password_viewer.exe %1
O33 - MountPoints2\{5c5eee65-bf4e-11dd-9481-0016d4db201c}\Shell\Open\command - "" = password_viewer.exe %1
O33 - MountPoints2\{6db980ca-a496-11dd-936f-0016d4db201c}\Shell\AutoRun\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{6db980ca-a496-11dd-936f-0016d4db201c}\Shell\Explore\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{6db980ca-a496-11dd-936f-0016d4db201c}\Shell\Open\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{7957dc9e-312f-11de-a360-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{7957dc9e-312f-11de-a360-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{7957dc9e-312f-11de-a360-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{7957dca2-312f-11de-a360-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{7957dca2-312f-11de-a360-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{7957dca2-312f-11de-a360-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{7c64cc78-ee6b-11dd-957e-0016d4db201c}\Shell - "" = AutoRun
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #10 on: August 15, 2009, 10:43:02 AM »
O33 - MountPoints2\{7c64cc78-ee6b-11dd-957e-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c64cc78-ee6b-11dd-957e-0016d4db201c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7c64cc79-ee6b-11dd-957e-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{7c64cc79-ee6b-11dd-957e-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c64cc79-ee6b-11dd-957e-0016d4db201c}\Shell\Explore\command - "" = G:\MS-DOS.com -- File not found
O33 - MountPoints2\{7c64cc79-ee6b-11dd-957e-0016d4db201c}\Shell\Open\command - "" = G:\MS-DOS.com -- File not found
O33 - MountPoints2\{7cac4701-5be8-11de-a471-0016d4db201c}\Shell\AutoRun\command - "" = G:\PMB_P.exe -- File not found
O33 - MountPoints2\{82160f7b-6a02-11de-a4c6-0016d4db201c}\Shell\AutoRun\command - "" = F:\hl80c6b1.com -- File not found
O33 - MountPoints2\{82160f7b-6a02-11de-a4c6-0016d4db201c}\Shell\open\Command - "" = F:\hl80c6b1.com -- File not found
O33 - MountPoints2\{87da821a-997e-11dd-9325-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{87da821a-997e-11dd-9325-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87da821a-997e-11dd-9325-0016d4db201c}\Shell\Explore\command - "" = F:\MS-DOS.com -- File not found
O33 - MountPoints2\{87da821a-997e-11dd-9325-0016d4db201c}\Shell\Open\command - "" = F:\MS-DOS.com -- File not found
O33 - MountPoints2\{8a3021b5-3078-11de-a354-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{8a3021b5-3078-11de-a354-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{8a3021b5-3078-11de-a354-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{8a3021b6-3078-11de-a354-0016d4db201c}\Shell\AutoRun\command - "" = wscript.exe auto.vbs
O33 - MountPoints2\{8a3021b6-3078-11de-a354-0016d4db201c}\Shell\Open\Command - "" = wscript.exe auto.vbs
O33 - MountPoints2\{8a3021b9-3078-11de-a354-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{8a3021b9-3078-11de-a354-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a3021b9-3078-11de-a354-0016d4db201c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8ac2480c-8085-11de-a557-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{8ac2480c-8085-11de-a557-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ac2480c-8085-11de-a557-0016d4db201c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ac2480f-8085-11de-a557-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{8ac2480f-8085-11de-a557-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ac2480f-8085-11de-a557-0016d4db201c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8b291a2e-92a5-11dd-930a-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b291a2e-92a5-11dd-930a-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b291a2e-92a5-11dd-930a-0016d4db201c}\Shell\Explore\command - "" = F:\MS-DOS.com -- File not found
O33 - MountPoints2\{8b291a2e-92a5-11dd-930a-0016d4db201c}\Shell\Open\command - "" = F:\MS-DOS.com -- File not found
O33 - MountPoints2\{8b291a2f-92a5-11dd-930a-0016d4db201c}\Shell\AutoRun\command - "" = f.bat
O33 - MountPoints2\{8b291a2f-92a5-11dd-930a-0016d4db201c}\Shell\explore\Command - "" = f.bat
O33 - MountPoints2\{8b291a2f-92a5-11dd-930a-0016d4db201c}\Shell\open\Command - "" = f.bat
O33 - MountPoints2\{8d0e0715-5163-11de-a42d-0016d4db201c}\Shell\AutoRun\command - "" = wscript.exe auto.vbs
O33 - MountPoints2\{8d0e0715-5163-11de-a42d-0016d4db201c}\Shell\Open\Command - "" = wscript.exe auto.vbs
O33 - MountPoints2\{90b09116-12cc-11de-a286-0016d4db201c}\Shell\AutoRun\command - "" = F:\gvsqikes.cmd -- File not found
O33 - MountPoints2\{90b09116-12cc-11de-a286-0016d4db201c}\Shell\explore\Command - "" = F:\gvsqikes.cmd -- File not found
O33 - MountPoints2\{90b09116-12cc-11de-a286-0016d4db201c}\Shell\open\Command - "" = F:\gvsqikes.cmd -- File not found
O33 - MountPoints2\{93a30c0c-9a73-11dc-8e4d-0016d4db201c}\Shell\AutoRun\command - "" = F:\32agsg.exe -- File not found
O33 - MountPoints2\{93a30c0c-9a73-11dc-8e4d-0016d4db201c}\Shell\open\Command - "" = F:\32agsg.exe -- File not found
O33 - MountPoints2\{971b0af6-0fbc-11de-a274-0016d4db201c}\Shell\AutoRun\command - "" = G:\.exe -- File not found
O33 - MountPoints2\{974c31b4-1cc1-11de-a2d9-0016d4db201c}\Shell\AutoRun\command - "" = F:\2u.com -- File not found
O33 - MountPoints2\{974c31b4-1cc1-11de-a2d9-0016d4db201c}\Shell\explore\Command - "" = F:\2u.com -- File not found
O33 - MountPoints2\{974c31b4-1cc1-11de-a2d9-0016d4db201c}\Shell\open\Command - "" = F:\2u.com -- File not found
O33 - MountPoints2\{99f9354e-bdc4-11dd-93f3-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{99f9354e-bdc4-11dd-93f3-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{99f9354e-bdc4-11dd-93f3-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{9e43fe16-3064-11de-a352-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{9e43fe16-3064-11de-a352-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{9e43fe16-3064-11de-a352-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{9e43fe1b-3064-11de-a352-0016d4db201c}\Shell\AutoRun\command - "" = F:\br8ym2l.bat -- File not found
O33 - MountPoints2\{9e43fe1b-3064-11de-a352-0016d4db201c}\Shell\open\Command - "" = F:\br8ym2l.bat -- File not found
O33 - MountPoints2\{9e43fe1f-3064-11de-a352-0016d4db201c}\Shell\AutoRun\command - "" = bar311.exe %1
O33 - MountPoints2\{9e43fe1f-3064-11de-a352-0016d4db201c}\Shell\Explore\command - "" = bar311.exe %1
O33 - MountPoints2\{9e43fe1f-3064-11de-a352-0016d4db201c}\Shell\Open\command - "" = bar311.exe %1
O33 - MountPoints2\{aa44b6a2-4e5c-11de-a412-0016d4db201c}\Shell\AutoRun\command - "" = F:\hl80c6b1.com -- File not found
O33 - MountPoints2\{aa44b6a2-4e5c-11de-a412-0016d4db201c}\Shell\open\Command - "" = F:\hl80c6b1.com -- File not found
O33 - MountPoints2\{ab505c6c-ac5a-11dd-939d-0016d4db201c}\Shell\AutoRun\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{ab505c6c-ac5a-11dd-939d-0016d4db201c}\Shell\Explore\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{ab505c6c-ac5a-11dd-939d-0016d4db201c}\Shell\Open\command - "" = F:\bar311.exe -- File not found
O33 - MountPoints2\{b3f04944-2308-11dd-90ed-0016d4db201c}\Shell\AutoRun\command - "" = F:\bicsxk03.com -- File not found
O33 - MountPoints2\{b3f04944-2308-11dd-90ed-0016d4db201c}\Shell\explore\Command - "" = F:\bicsxk03.com -- File not found
O33 - MountPoints2\{b3f04944-2308-11dd-90ed-0016d4db201c}\Shell\open\Command - "" = F:\bicsxk03.com -- File not found
O33 - MountPoints2\{bcd655ce-8b97-11dd-92d9-0016d4db201c}\Shell\AutoRun\command - "" = F:\.exe -- File not found
O33 - MountPoints2\{c3801446-c1ed-11dd-9490-0016d4db201c}\Shell\AutoRun\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{c3801446-c1ed-11dd-9490-0016d4db201c}\Shell\Explore\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{c3801446-c1ed-11dd-9490-0016d4db201c}\Shell\Open\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{cb2b7f94-009b-11de-95ed-0016d4db201c}\Shell - "" = AutoRun
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #11 on: August 15, 2009, 10:43:31 AM »
O33 - MountPoints2\{cb2b7f94-009b-11de-95ed-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb2b7f94-009b-11de-95ed-0016d4db201c}\Shell\Explore\command - "" = F:\MS-DOS.com -- File not found
O33 - MountPoints2\{cb2b7f94-009b-11de-95ed-0016d4db201c}\Shell\Open\command - "" = F:\MS-DOS.com -- File not found
O33 - MountPoints2\{cb2b7f96-009b-11de-95ed-0016d4db201c}\Shell\AutoRun\command - "" = F:\f6cavn.bat -- File not found
O33 - MountPoints2\{cb2b7f96-009b-11de-95ed-0016d4db201c}\Shell\explore\Command - "" = F:\f6cavn.bat -- File not found
O33 - MountPoints2\{cb2b7f96-009b-11de-95ed-0016d4db201c}\Shell\open\Command - "" = F:\f6cavn.bat -- File not found
O33 - MountPoints2\{cb2b7f98-009b-11de-95ed-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{cb2b7f98-009b-11de-95ed-0016d4db201c}\Shell\1\Command - "" = F:\Recycled.exe -- File not found
O33 - MountPoints2\{cb2b7f98-009b-11de-95ed-0016d4db201c}\Shell\2\Command - "" = F:\Recycled.exe -- File not found
O33 - MountPoints2\{cb2b7f98-009b-11de-95ed-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb2b7f99-009b-11de-95ed-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{cb2b7f99-009b-11de-95ed-0016d4db201c}\Shell\1\Command - "" = G:\Recycled.exe -- File not found
O33 - MountPoints2\{cb2b7f99-009b-11de-95ed-0016d4db201c}\Shell\2\Command - "" = G:\Recycled.exe -- File not found
O33 - MountPoints2\{cb2b7f99-009b-11de-95ed-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb2b7f9a-009b-11de-95ed-0016d4db201c}\Shell\AutoRun\command - "" = bar311.exe %1
O33 - MountPoints2\{cb2b7f9a-009b-11de-95ed-0016d4db201c}\Shell\Explore\command - "" = bar311.exe %1
O33 - MountPoints2\{cb2b7f9a-009b-11de-95ed-0016d4db201c}\Shell\Open\command - "" = bar311.exe %1
O33 - MountPoints2\{e07a061a-2016-11de-a303-0016d4db201c}\Shell - "" = AutoRun
O33 - MountPoints2\{e07a061a-2016-11de-a303-0016d4db201c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e07a061a-2016-11de-a303-0016d4db201c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e07a061b-2016-11de-a303-0016d4db201c}\Shell\AutoRun\command - "" = G:\g068vy6.cmd -- File not found
O33 - MountPoints2\{e07a061b-2016-11de-a303-0016d4db201c}\Shell\open\Command - "" = G:\g068vy6.cmd -- File not found
O33 - MountPoints2\{e4a5ae81-6c52-11de-a4d5-0016d4db201c}\Shell\AutoRun\command - "" = F:\ysep1.exe -- File not found
O33 - MountPoints2\{e4a5ae81-6c52-11de-a4d5-0016d4db201c}\Shell\open\Command - "" = F:\ysep1.exe -- File not found
O33 - MountPoints2\{e7146870-3a07-11de-a3a5-0016d4db201c}\Shell\AutoRun\command - "" = F:\ku.bat -- File not found
O33 - MountPoints2\{e7146870-3a07-11de-a3a5-0016d4db201c}\Shell\open\Command - "" = F:\ku.bat -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
Logged

nailbite3

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #12 on: August 15, 2009, 10:43:54 AM »
========== Files/Folders - Created Within 30 Days ==========
 
[2 C:\Documents and Settings\End User\My Documents\*.tmp files]
[2009/08/13 19:59:31 | 00,000,346 | ---- | C] () -- C:\windows\tasks\At1.job
[2009/08/13 19:59:31 | 00,000,096 | RHS- | C] () -- C:\windows\System32\autorun.ini
[2009/08/13 19:59:30 | 00,267,264 | RHS- | C] () -- C:\windows\System32\gphone.exe
[2009/08/13 19:59:30 | 00,267,264 | ---- | C] () -- C:\windows\gphone.exe
[2009/08/11 20:21:16 | 00,025,741 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Doc1.docx
[2009/08/11 16:51:50 | 00,018,987 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\spider mancharac tct.docx
[2009/08/11 12:21:31 | 00,014,570 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Malakas at Maganda ni Chieney.docx
[2009/08/11 12:04:20 | 00,014,908 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\RESIBO.cdr
[2009/08/09 13:43:36 | 00,000,759 | ---- | C] () -- C:\Documents and Settings\End User\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
[2009/08/09 13:41:44 | 00,022,703 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\First Periodical Examination for Science III.docx
[2009/08/08 21:35:59 | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2009/08/08 21:35:59 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2009/08/08 21:35:59 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2009/08/08 21:35:59 | 00,069,632 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2009/08/08 21:31:16 | 00,147,456 | ---- | C] () -- C:\windows\System32\RFCyberCommNative.dll
[2009/08/08 21:31:10 | 00,000,000 | ---D | C] -- C:\RFCyber
[2009/08/08 21:31:10 | 00,000,000 | ---D | C] -- C:\Program Files\RFCyber
[2009/08/08 21:29:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\End User\My Documents\New Folder
[2009/08/08 19:36:38 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/08 19:36:36 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswRdr.sys
[2009/08/08 19:36:35 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswTdi.sys
[2009/08/08 19:36:34 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aavmker4.sys
[2009/08/08 19:36:31 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\windows\System32\AvastSS.scr
[2009/08/08 19:36:30 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2009/08/08 19:36:29 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswSP.sys
[2009/08/08 19:36:24 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswmon2.sys
[2009/08/08 19:36:24 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswmon.sys
[2009/08/08 19:35:40 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\windows\System32\aswBoot.exe
[2009/08/08 19:35:40 | 00,380,928 | ---- | C] () -- C:\windows\System32\actskin4.ocx
[2009/08/08 19:35:36 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/08 19:35:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\End User\My Documents\Avast
[2009/08/08 11:42:56 | 16,940,787 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\GSIS_RFID_Installer.rar
[2009/08/08 11:33:24 | 00,029,360 | ---- | C] () -- C:\windows\_SETUPD_.EXE
[2009/08/08 11:33:24 | 00,000,000 | ---D | C] -- C:\Protector Plus
[2009/08/08 10:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\End User\Local Settings\Application Data\Downloaded Installations
[2009/08/07 19:43:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\End User\My Documents\remittance GSIS12345
[2009/08/07 18:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\End User\Local Settings\Application Data\Sophos
[2009/08/07 18:38:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2009/08/07 18:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/08/07 18:38:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/08/07 18:37:17 | 00,000,000 | ---D | C] -- C:\stdtsa
[2009/08/07 18:26:58 | 00,002,231 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\sohpos antivirus.rtf
[2009/08/05 19:19:14 | 00,000,000 | ---D | C] -- C:\Program Files\Kawasaki Superbike Challenge
[2009/08/04 19:19:35 | 00,024,576 | RH-- | C] (Microsoft Corporation) -- C:\windows\wmplayer.exe
[2009/08/04 17:15:55 | 00,011,960 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\remove Hello Philippines.docx
[2009/08/04 07:33:22 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2009/08/04 07:32:40 | 00,621,056 | R--- | C] (DiBcom SA) -- C:\windows\System32\drivers\mod7700.sys
[2009/08/04 07:32:40 | 00,113,664 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2009/08/04 07:32:40 | 00,101,376 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2009/08/04 07:32:40 | 00,024,448 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2009/08/04 07:31:47 | 00,000,000 | ---D | C] -- C:\Program Files\Globe Broadband
[2009/08/03 20:42:49 | 00,014,181 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\gladen declaim GIFTS.docx
[2009/08/02 20:47:13 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/02 16:41:52 | 00,191,103 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Table skirting.docx
[2009/08/01 08:06:36 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\End User\My Documents\~$UC 18A.docx
[2009/08/01 08:06:35 | 00,015,322 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\EDUC 18A.docx
[2009/07/31 15:14:37 | 00,011,073 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\I'm a teacher.docx
[2009/07/25 22:37:35 | 00,107,515 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\Clea.pptx
[2009/07/25 14:06:14 | 00,021,962 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\clea.docx
[2009/07/23 19:09:09 | 00,049,298 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\PROYEKTO NI GLADEN.docx
[2009/07/21 12:01:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\End User\Local Settings\Application Data\Stardock
[2009/07/21 07:41:05 | 00,011,668 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Matrix on Assembly.docx
[2009/07/21 07:31:41 | 00,012,605 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Solid waste Management Schedule.docx
[2009/07/19 19:32:07 | 00,013,133 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Speed & Comprehension.docx
[2009/07/17 19:40:59 | 00,012,471 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Mai-mai navitas past brgy capts.docx
[2009/07/17 19:18:52 | 00,011,774 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\navitas NHS.docx
[2009/07/15 21:32:24 | 00,012,685 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lynwen.docx
[2009/06/30 18:04:18 | 00,065,536 | ---- | C] () -- C:\windows\System32\adistres.dll
[2008/11/23 12:17:15 | 00,000,074 | ---- | C] () -- C:\windows\entpack.ini
[2008/10/12 17:27:34 | 00,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2008/10/12 17:25:37 | 00,000,025 | ---- | C] () -- C:\windows\CDET10.ini
[2008/09/13 20:31:08 | 00,086,304 | ---- | C] () -- C:\windows\System32\rhvideo.dll
[2008/09/13 20:27:46 | 00,029,536 | ---- | C] () -- C:\windows\dib.drv
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #13 on: August 15, 2009, 04:32:55 PM »
Hi due to the size of this fix I will attach the commands in a text file, download this to your desktop then open the text file.  Copy and paste the entire contents into OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the contents of the attached text file
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )
Logged

darkcar

  • Guest
Re: can't find c://WINDOWS\system32\.exe problem after scan
« Reply #14 on: August 19, 2011, 08:25:02 AM »
Hi!
I have the similar problem as nailbite3 and here is mine OTL.txt and Extras.txt
Thank you for your help in advance.
Sorry for my English grammar  ;)

OTL.txt:

OTL logfile created on: 19.8.2011 8:05:24 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Documents and Settings\darko i natasa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
 
1023,48 Mb Total Physical Memory | 313,06 Mb Available Physical Memory | 30,59% Memory free
2,40 Gb Paging File | 1,71 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 35,09 Gb Free Space | 44,92% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 77,22 Gb Free Space | 49,90% Space Free | Partition Type: NTFS
 
Computer Name: DARKO | User Name: darko i natasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\darko i natasa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
PRC - C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe (Pinnacle Systems GmbH.)
PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\defs\11081801\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11081801\aswRep.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QxtCore.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QxtWeb.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\qjson.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\ssoengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\securestorage.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll ()
MOD - C:\Program Files\RALINK\Common\acAuth.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll ()
MOD - C:\WINDOWS\system32\OPDSL.DLL ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
 
Logged
Pages: [1] 2 3   Go Up
« previous next »