BleepingComputer.com: kazy.mekml.1 and/or Google redirect

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

kazy.mekml.1 and/or Google redirect Tried everything, probably too much!

#1 User is offline   Dayzed 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 26 April 2011 - 06:29 PM

I posted this in the "am I infected" but I think I need serious help. Recently Avira detected an infection with kazy.mekml. Per the descriptions I found online it hid the majority of my programs and personal files as well as making my E drive(backup)unreadable with i/o problems. I have been unable to recover it. It also hijacked my browser (Firefox)and I periodically get sound cutting in from an unknown site the infection likes to visit. What I've done so far:

-I checked "show hidden files" which repopulated my programs list but they appeared with a "ghost" image. Downloaded and ran Unhide which fixed the "ghost" problem.

-Downloaded rkill and updated Avira, Mbam, and adaware. Rebooted in safe mode, ran rkill, then ran everything! I found a couple of infections possibly unrelated and cleaned them but it didn't solve my problem.

-Uninstalled Avira and installed AVG which found no infections. Re-installed Spybot SD and ran it.

-re-ran everything in normal startup just for chuckles.

-Repeated the same process with combofix after disabling AVG.

-I did try to run tdsskiller but couldn't get it to run.

I'm a complete noob and any help is greatly appreciated.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Casey at 17:38:45.46 on Tue 04/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1123 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220832868703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\casey~1.ckp\applic~1\mozilla\firefox\profiles\xinsvbvz.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users.windows\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-24 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-9-8 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-9-8 394952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-18 2146496]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" --> c:\program files\avira\antivir personaledition classic\sched.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-25 947528]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-3-15 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
.
=============== Created Last 30 ================
.
2011-04-26 16:29:40 -------- d-----w- c:\program files\Western Digital Corporation
2011-04-26 13:47:36 1377112 ----a-w- c:\program files\googlebot.exe
2011-04-26 13:14:47 1377112 ----a-w- c:\program files\explorerbooty.exe
2011-04-26 12:20:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-26 10:47:22 388096 ----a-r- c:\docume~1\casey~1.ckp\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-25 22:17:26 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-04-25 14:18:31 -------- d-----w- c:\docume~1\casey~1.ckp\locals~1\applic~1\AVG Security Toolbar
2011-04-25 14:10:38 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG Security Toolbar
2011-04-25 14:08:53 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-25 14:08:53 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2011-04-25 14:07:58 -------- d-----w- c:\program files\AVG
2011-04-25 13:04:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-25 13:04:21 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2011-04-24 21:16:48 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-24 18:18:29 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-24 18:16:48 -------- dc----w- c:\docume~1\alluse~1.win\applic~1\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
2011-04-24 18:16:07 -------- d-----w- c:\program files\Lavasoft
2011-04-14 08:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 08:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-07 12:09:10 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-04-06 19:47:59 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\kEa14005nFgNh14005
2011-04-06 17:45:53 -------- d-----w- c:\docume~1\casey~1.ckp\applic~1\pegiexobfvttsdfx3cegeknwmgfvsq12
2011-03-30 22:17:22 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
==================== Find3M ====================
.
2011-04-24 11:17:32 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-24 11:17:32 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-24 10:17:38 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-07 21:46:05 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-07 21:01:23 22328 ----a-w- c:\docume~1\casey~1.ckp\applic~1\PnkBstrK.sys
2011-01-31 16:21:21 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-01-31 16:21:21 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-31 16:21:13 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
.
============= FINISH: 17:40:03.54 ===============

Attached File(s)


#2 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 03 May 2011 - 04:29 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.

  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!

  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!

  • Please do not PM me directly for help. If you have any questions, post them in this topic.

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.


____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



NEXT:


Please provide an update on how things are running in your next reply.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 User is offline   Dayzed 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 03 May 2011 - 06:19 PM

Hi ST. Thanks for your reply. I'll post the logs you requested. I do need to tell you that since my initial post I did at least temporarily stop the redirect but I seem to still be infected. Just this morning I had a fake A/V program try to run,rebooted in safe mode and ran Avira, MBAM, and superantispyware but didn't find anything. My default browser was also changed. I wouldn't have done this but before your post I thought I was going to be left to my own devices. My computer is running noticeably slow.

2011/05/03 17:39:55.0148 1716 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 17:39:55.0648 1716 ================================================================================
2011/05/03 17:39:55.0648 1716 SystemInfo:
2011/05/03 17:39:55.0648 1716
2011/05/03 17:39:55.0648 1716 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/03 17:39:55.0648 1716 Product type: Workstation
2011/05/03 17:39:55.0648 1716 ComputerName: HOME
2011/05/03 17:39:55.0648 1716 UserName: Casey
2011/05/03 17:39:55.0648 1716 Windows directory: C:\WINDOWS
2011/05/03 17:39:55.0648 1716 System windows directory: C:\WINDOWS
2011/05/03 17:39:55.0648 1716 Processor architecture: Intel x86
2011/05/03 17:39:55.0648 1716 Number of processors: 2
2011/05/03 17:39:55.0648 1716 Page size: 0x1000
2011/05/03 17:39:55.0648 1716 Boot type: Normal boot
2011/05/03 17:39:55.0648 1716 ================================================================================
2011/05/03 17:39:55.0929 1716 Initialize success
2011/05/03 17:40:01.0851 1576 ================================================================================
2011/05/03 17:40:01.0851 1576 Scan started
2011/05/03 17:40:01.0851 1576 Mode: Manual;
2011/05/03 17:40:01.0851 1576 ================================================================================
2011/05/03 17:40:02.0164 1576 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/03 17:40:02.0211 1576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/03 17:40:02.0257 1576 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/03 17:40:02.0382 1576 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/03 17:40:02.0476 1576 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/03 17:40:02.0617 1576 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/03 17:40:03.0007 1576 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/03 17:40:03.0179 1576 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/03 17:40:03.0257 1576 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/03 17:40:03.0320 1576 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/03 17:40:03.0398 1576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/03 17:40:03.0648 1576 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/03 17:40:03.0773 1576 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/03 17:40:03.0789 1576 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/03 17:40:03.0867 1576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/03 17:40:04.0195 1576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/03 17:40:04.0320 1576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/03 17:40:04.0382 1576 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/03 17:40:04.0461 1576 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/03 17:40:04.0648 1576 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/03 17:40:04.0711 1576 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/03 17:40:04.0836 1576 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/03 17:40:04.0851 1576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/03 17:40:04.0914 1576 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/03 17:40:05.0023 1576 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/03 17:40:05.0132 1576 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/03 17:40:05.0195 1576 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/03 17:40:05.0242 1576 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/03 17:40:05.0289 1576 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/03 17:40:05.0351 1576 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/03 17:40:05.0382 1576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/03 17:40:05.0429 1576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/03 17:40:05.0492 1576 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 17:40:05.0570 1576 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/03 17:40:05.0617 1576 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/03 17:40:05.0679 1576 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/03 17:40:05.0851 1576 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/03 17:40:06.0023 1576 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/03 17:40:06.0132 1576 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/03 17:40:06.0289 1576 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/03 17:40:06.0351 1576 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/03 17:40:06.0461 1576 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/03 17:40:06.0539 1576 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/03 17:40:06.0601 1576 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/03 17:40:06.0695 1576 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/03 17:40:06.0742 1576 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/03 17:40:06.0773 1576 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/03 17:40:06.0851 1576 KLIF (2cf7c3dd0102a32a680ef97f3b1c861a) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/05/03 17:40:06.0898 1576 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/03 17:40:06.0976 1576 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/03 17:40:07.0086 1576 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/05/03 17:40:07.0211 1576 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/05/03 17:40:07.0304 1576 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/05/03 17:40:07.0367 1576 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/03 17:40:07.0445 1576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/03 17:40:07.0523 1576 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/03 17:40:07.0617 1576 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/03 17:40:07.0679 1576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/03 17:40:07.0726 1576 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/03 17:40:07.0836 1576 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/05/03 17:40:07.0898 1576 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/05/03 17:40:08.0023 1576 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/03 17:40:08.0117 1576 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/03 17:40:08.0179 1576 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/03 17:40:08.0257 1576 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/03 17:40:08.0336 1576 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/03 17:40:08.0429 1576 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/03 17:40:08.0492 1576 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/05/03 17:40:08.0554 1576 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/03 17:40:08.0586 1576 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/03 17:40:08.0632 1576 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/03 17:40:08.0711 1576 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/03 17:40:08.0757 1576 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/03 17:40:08.0820 1576 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/03 17:40:08.0882 1576 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/03 17:40:08.0976 1576 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/03 17:40:09.0070 1576 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/03 17:40:09.0117 1576 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/03 17:40:09.0211 1576 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/05/03 17:40:09.0273 1576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/03 17:40:09.0664 1576 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/03 17:40:10.0195 1576 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/05/03 17:40:10.0211 1576 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/05/03 17:40:10.0273 1576 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/05/03 17:40:10.0320 1576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/03 17:40:10.0367 1576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/03 17:40:10.0429 1576 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/03 17:40:10.0507 1576 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/03 17:40:10.0586 1576 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/03 17:40:10.0601 1576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/03 17:40:10.0617 1576 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/03 17:40:10.0711 1576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/03 17:40:10.0789 1576 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/03 17:40:11.0039 1576 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/03 17:40:11.0148 1576 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/03 17:40:11.0195 1576 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/03 17:40:11.0273 1576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/03 17:40:11.0414 1576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/03 17:40:11.0507 1576 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/03 17:40:11.0570 1576 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/03 17:40:11.0617 1576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/03 17:40:11.0648 1576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/03 17:40:11.0742 1576 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/03 17:40:11.0804 1576 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/03 17:40:11.0898 1576 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/03 17:40:11.0961 1576 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/03 17:40:12.0086 1576 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/03 17:40:12.0101 1576 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/03 17:40:12.0226 1576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/03 17:40:12.0320 1576 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/05/03 17:40:12.0461 1576 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/03 17:40:12.0523 1576 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/03 17:40:12.0601 1576 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/03 17:40:12.0726 1576 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2011/05/03 17:40:12.0867 1576 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/03 17:40:12.0945 1576 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/03 17:40:13.0023 1576 srescan (bda0ecc7cba1d3b9fd7ff2881bf9b463) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/05/03 17:40:13.0117 1576 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/03 17:40:13.0179 1576 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/03 17:40:13.0226 1576 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/03 17:40:13.0414 1576 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/03 17:40:13.0492 1576 Tcpip (3adce4790f591bf160a94f6f08039577) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/03 17:40:13.0570 1576 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/03 17:40:13.0632 1576 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/03 17:40:13.0711 1576 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/03 17:40:13.0804 1576 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/03 17:40:13.0914 1576 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/03 17:40:13.0992 1576 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/03 17:40:14.0054 1576 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/03 17:40:14.0101 1576 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/03 17:40:14.0164 1576 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/03 17:40:14.0211 1576 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/03 17:40:14.0289 1576 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/03 17:40:14.0351 1576 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/03 17:40:14.0429 1576 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/03 17:40:14.0476 1576 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/03 17:40:14.0570 1576 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/03 17:40:14.0632 1576 vsdatant (279761ad6562c0d4309cb1bbb260233f) C:\WINDOWS\system32\vsdatant.sys
2011/05/03 17:40:14.0711 1576 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/03 17:40:14.0773 1576 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/03 17:40:14.0882 1576 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/03 17:40:14.0929 1576 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/05/03 17:40:15.0070 1576 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/03 17:40:15.0195 1576 ================================================================================
2011/05/03 17:40:15.0195 1576 Scan finished
2011/05/03 17:40:15.0195 1576 ================================================================================


rer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 104.85 Gb Free Space | 45.02% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 392.14 Gb Free Space | 84.19% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Casey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 17:51:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\OTL.exe
PRC - [2011/04/27 03:11:30 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/26 10:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/12 16:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/03 17:51:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AntiVirScheduler)
SRV - [2011/04/26 10:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/06/07 05:53:00 | 002,837,852 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 19:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/18 19:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/15 16:24:22 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/01/26 17:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/09/11 06:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/13 21:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/08/29 17:21:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://foxnews.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/04 06:44:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 05:08:58 | 000,000,000 | ---D | M]

OTL Extras logfile created on: 5/3/2011 5:52:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 104.85 Gb Free Space | 45.02% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 392.14 Gb Free Space | 84.19% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Casey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1700:TCP" = 1700:TCP:*:Disabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Disabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Disabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Disabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Disabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Disabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Disabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Disabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Disabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Disabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Disabled:MioNet Storage Device Discovery
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe:*:Disabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6F00F343-7562-4F03-B3C3-F9360E2DA333}" = DiMAGE Scan Dual4 ver.1.0
"{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = EOS Capture 1.2
"{750CF8D7-4B04-404F-AFA2-14C129C42373}" = EOS Viewer Utility 1.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7698C49-18E2-458F-87A0-65570B8E02DA}" = Call of Duty® - World at War™ Beta
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D2A420-1AA5-4DF5-99F7-E49DBC801D7E}" = Auto Dust Brush Plug-in
"{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}" = Canon Camera WIA Driver
"{CC23FF9A-989C-4DEB-8970-50E6E4862315}" = EOSInfo
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB889911-A09D-422A-81A2-D3ABDD87E400}" = ExpressDigital Darkroom Web Edition V8.9
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATT-PRT22" = ATT-PRT22
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"DPP" = Canon Utilities Digital Photo Professional 2.1
"EOS Utility" = Canon Utilities EOS Utility
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = Canon Utilities EOS Capture 1.2
"InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}" = Canon Utilities EOS Viewer Utility 1.2
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}" = Canon EOS-1D Mark II WIA Driver
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
"PhotoStitch" = Canon Utilities PhotoStitch
"Protected Music Converter_is1" = Protected Music Converter 1.0.0.19
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Recuva" = Recuva
"RegScrubXP_is1" = RegScrubXP 5.1
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Smart Defrag_is1" = Smart Defrag
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PROS" = PROS

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2011 12:32:26 PM | Computer Name = HOME | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 4/30/2011 12:32:26 PM | Computer Name = HOME | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 5/2/2011 3:47:48 PM | Computer Name = HOME | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 5/2/2011 3:47:48 PM | Computer Name = HOME | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 5/2/2011 3:47:48 PM | Computer Name = HOME | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 5/2/2011 3:47:48 PM | Computer Name = HOME | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 5/2/2011 9:01:42 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 5/3/2011 9:51:08 AM | Computer Name = HOME | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 5/3/2011 9:51:08 AM | Computer Name = HOME | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 5/3/2011 9:51:08 AM | Computer Name = HOME | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

[ System Events ]
Error - 5/3/2011 7:38:59 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Personal - Free Antivirus Scheduler service failed
to start due to the following error: %%3

Error - 5/3/2011 7:38:59 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/3/2011 7:44:10 AM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/3/2011 7:45:16 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips KLIF Processor SASDIFSV SASKUTIL ssmdrv

Error - 5/3/2011 7:55:55 AM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/3/2011 9:47:39 AM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/3/2011 9:48:59 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Personal - Free Antivirus Scheduler service failed
to start due to the following error: %%3

Error - 5/3/2011 9:48:59 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/3/2011 9:51:09 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 5/3/2011 11:41:27 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#4 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 03 May 2011 - 06:21 PM

Hi Dayzed!

Thanks for informing me of such!

Could you try to post the OTL.txt contents for me again? It seems like part of the log got cut off.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#5 User is offline   Dayzed 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 03 May 2011 - 06:38 PM

Whoops, sorry

OTL logfile created on: 5/3/2011 5:52:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 104.85 Gb Free Space | 45.02% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 392.14 Gb Free Space | 84.19% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Casey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 17:51:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\OTL.exe
PRC - [2011/04/27 03:11:30 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/26 10:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/12 16:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/03 17:51:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AntiVirScheduler)
SRV - [2011/04/26 10:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/06/07 05:53:00 | 002,837,852 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 19:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/18 19:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/15 16:24:22 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/01/26 17:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/09/11 06:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/13 21:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/08/29 17:21:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://foxnews.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/04 06:44:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 05:08:58 | 000,000,000 | ---D | M]

[2008/09/07 18:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\Mozilla\Extensions
[2011/05/03 10:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\Mozilla\Firefox\Profiles\xinsvbvz.default\extensions
[2010/07/24 16:20:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\Mozilla\Firefox\Profiles\xinsvbvz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/26 21:00:25 | 000,000,000 | ---D | M] (Next Tab) -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\Mozilla\Firefox\Profiles\xinsvbvz.default\extensions\nexttab@prodizy.livejournal.com
[2011/05/03 10:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/28 16:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 12:07:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/27 10:39:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/11/20 09:31:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/05/03 05:46:00 | 000,432,497 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14911 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220832868703 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/01 05:14:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 17:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\new logs
[2011/05/03 17:37:56 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\TDSSKiller.exe
[2011/05/03 08:56:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/03 06:55:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/27 18:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\Logs
[2011/04/27 10:39:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/27 10:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/27 10:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/27 10:23:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/27 08:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\Avira
[2011/04/27 08:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira
[2011/04/27 08:49:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/27 08:49:18 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/27 08:49:18 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/27 08:49:18 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/27 08:49:18 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/27 07:36:11 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\tdsskiller.exe
[2011/04/26 12:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Recuva
[2011/04/26 12:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/04/26 11:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2011/04/26 11:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Western Digital Corporation
[2011/04/26 08:47:36 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\googlebot.exe
[2011/04/26 08:14:47 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\explorerbooty.exe
[2011/04/26 07:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2011/04/26 07:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/26 05:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casey.CKP-659A3D10510\Start Menu\Programs\HiJackThis
[2011/04/25 12:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/25 12:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Lavasoft
[2011/04/25 09:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casey.CKP-659A3D10510\Local Settings\Application Data\AVG Security Toolbar
[2011/04/25 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/04/25 08:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/25 08:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/04/24 13:18:29 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/04/24 13:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
[2011/04/24 13:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/24 13:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2011/04/24 12:03:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Casey.CKP-659A3D10510\Recent
[2011/04/07 07:09:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2011/04/06 14:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kEa14005nFgNh14005
[2009/06/17 17:26:43 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2007/06/25 18:12:35 | 000,118,867 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK175.dll
[2004/04/05 08:44:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/03 17:38:30 | 165,804,064 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/05/03 17:31:59 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/03 11:00:22 | 000,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/05/03 10:25:01 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\PROS.lnk
[2011/05/03 08:48:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 08:47:36 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2011/05/03 06:42:52 | 001,946,024 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/05/03 06:41:46 | 004,335,631 | R--- | M] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\ComboFix.exe
[2011/05/03 05:46:00 | 000,432,497 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/02 20:06:55 | 000,138,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/05/02 20:06:47 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/05/02 20:02:35 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\TDSSKiller.exe
[2011/04/30 18:43:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 18:43:05 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/30 18:41:44 | 000,432,497 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110503-054600.backup
[2011/04/27 10:30:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110430-184144.backup
[2011/04/27 08:55:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 08:55:25 | 000,000,291 | ---- | M] () -- C:\Boot.bak
[2011/04/27 08:49:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2011/04/27 07:27:49 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\tdsskiller.exe
[2011/04/27 07:09:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/26 07:20:51 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/25 15:27:09 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 08:14:01 | 000,432,702 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-052355.backup
[2011/04/25 08:04:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\Spybot - Search & Destroy.lnk
[2011/04/24 13:16:48 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/24 13:16:48 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2011/04/18 19:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/04/18 05:23:39 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/08 06:28:58 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/04/07 07:09:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/04/07 07:09:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/04/07 06:36:46 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/04/06 21:18:31 | 000,432,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/06 21:18:31 | 000,067,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/06 16:32:12 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\rkill.com
[2011/04/06 15:25:13 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 06:42:12 | 004,335,631 | R--- | C] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\ComboFix.exe
[2011/04/27 08:49:29 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2011/04/26 07:20:51 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/25 08:04:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Desktop\Spybot - Search & Destroy.lnk
[2011/04/24 21:40:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/24 21:40:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/24 16:16:48 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/24 13:20:48 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/24 13:16:48 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/24 13:16:48 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/04/07 07:09:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/04/07 07:09:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/04/06 16:32:11 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\rkill.com
[2011/04/06 15:25:13 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/01/27 08:54:09 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/01/27 08:54:05 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/01/27 08:53:58 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/01/01 10:33:50 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/01 10:33:48 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/01 10:33:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/29 17:42:15 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/04/25 23:44:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Local Settings\Application Data\prvlcl.dat
[2010/03/24 11:11:27 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\usb.inf
[2010/03/08 15:40:04 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2009/11/20 10:45:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/20 10:45:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/20 10:45:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/20 10:45:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/20 10:45:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/19 17:49:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/06/17 17:26:51 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2009/06/17 17:26:43 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/06/17 17:26:43 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2009/06/17 17:26:43 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2009/05/07 10:46:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009/04/30 22:02:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/02/07 18:35:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/09 08:54:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/12/04 20:50:34 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/29 12:03:33 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/10/16 13:06:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Inst2891.dll
[2008/09/09 11:43:56 | 000,079,021 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2008/09/09 11:43:55 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2008/09/08 11:56:45 | 165,804,064 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/09/08 10:58:19 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/08 10:58:03 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/07 20:26:35 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/09/07 20:26:12 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/09/07 20:26:12 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/09/07 20:09:14 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/09/07 20:09:11 | 000,025,582 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/09/07 20:08:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/09/07 20:03:39 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Casey.CKP-659A3D10510\Application Data\PnkBstrK.sys
[2008/09/07 19:22:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/07 18:47:19 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/09/07 18:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/07 17:42:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/07 17:34:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/07 10:25:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/07 10:23:21 | 000,326,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/13 00:58:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/03/13 00:58:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/15 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 07:00:00 | 000,432,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/15 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 07:00:00 | 000,067,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/15 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/03/15 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/28 15:33:00 | 000,343,040 | R--- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/02/28 15:33:00 | 000,116,736 | R--- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/02/28 14:08:30 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C39E55C5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4

< End of report >

#6 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 03 May 2011 - 06:44 PM

Hi!

No worries.

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2011/04/06 14:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\kEa14005nFgNh14005
[1 C:\*.tmp files -> C:\*.tmp -> ]
[2011/04/30 18:41:44 | 000,432,497 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110503-054600.backup
[2011/04/27 10:30:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110430-184144.backup
[2011/04/25 08:14:01 | 000,432,702 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110426-052355.backup
[2011/04/06 15:25:13 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[1 C:\*.tmp files -> C:\*.tmp -> ]

:Reg

:Files
type "C:/ComboFix.txt" /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#7 User is offline   Dayzed 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 03 May 2011 - 07:07 PM

Thanks. Here's my log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\kEa14005nFgNh14005\ not found.
C:\32788R22FWJFW.1.tmp\N_\24671 deleted successfully.
C:\32788R22FWJFW.1.tmp\N_\28499 deleted successfully.
C:\32788R22FWJFW.1.tmp\N_ folder deleted successfully.
C:\32788R22FWJFW.1.tmp\License\Curl - license.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License\dumphive-license.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License\EXTRACT.TXT deleted successfully.
C:\32788R22FWJFW.1.tmp\License\FI - license.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License\firefox.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\License\iexplore.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\License\mtee.txt.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License\ncmd.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\License\pv_5_2_2.zip deleted successfully.
C:\32788R22FWJFW.1.tmp\License\streamtools.zip deleted successfully.
C:\32788R22FWJFW.1.tmp\License\UnxUtilsDist.com deleted successfully.
C:\32788R22FWJFW.1.tmp\License\UnxUtilsDist.html deleted successfully.
C:\32788R22FWJFW.1.tmp\License\UnxUtilsDist.pif deleted successfully.
C:\32788R22FWJFW.1.tmp\License\Zip - license.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License folder deleted successfully.
C:\32788R22FWJFW.1.tmp\EN-US folder deleted successfully.
C:\32788R22FWJFW.1.tmp\firefox.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\FIXLSP.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\FKMGen.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\GetHive.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\grep.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\gsar.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\handle.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\HDPEInfo.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\hidec.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\history.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\hwid.pif deleted successfully.
C:\32788R22FWJFW.1.tmp\iexplore.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\image001.gif deleted successfully.
C:\32788R22FWJFW.1.tmp\Imefile.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\Install-RC.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\katch.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\Kill-All.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\Lang.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\List-B.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\List-C.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\List-D.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\List.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\lnkread.vbs deleted successfully.
C:\32788R22FWJFW.1.tmp\LocalAppDataFile.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\LocalAppDataFolder.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\LocalService.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\LocalServiceNetworkRestricted.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\LocalSettingsFile.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\LocalSystemNetworkRestricted.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\mbr.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\mbr.chk deleted successfully.
C:\32788R22FWJFW.1.tmp\md5sum.pif deleted successfully.
C:\32788R22FWJFW.1.tmp\MoveIt.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\mtee.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\MtPt00 deleted successfully.
C:\32788R22FWJFW.1.tmp\mynul.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\ncmd.com deleted successfully.
C:\32788R22FWJFW.1.tmp\ndis_combofix.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\ND_.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\ND_64.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\netsvc.bad.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\netsvc.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\netsvc.vista.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\netsvc.xp.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\NetworkService.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\NirCmd.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\NircmdB.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\NirCmdC.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\NIRKMD.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\NlsLanguageDefault deleted successfully.
C:\32788R22FWJFW.1.tmp\NT-OS.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\OSid.vbs deleted successfully.
C:\32788R22FWJFW.1.tmp\OsVer deleted successfully.
C:\32788R22FWJFW.1.tmp\P.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\pausep.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\PersonalFile.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\PersonalFolder.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\PEV.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\pev.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\pevb.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\PING.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\Policies.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\powp.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\prep.done deleted successfully.
C:\32788R22FWJFW.1.tmp\Prep.inf deleted successfully.
C:\32788R22FWJFW.1.tmp\ProfilesFile.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\ProfilesFolder.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\ProgramsFile.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\ProgramsFolder.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\Purity.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\PV.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\pv.com deleted successfully.
C:\32788R22FWJFW.1.tmp\RCLink.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\REGDACL.sed deleted successfully.
C:\32788R22FWJFW.1.tmp\RegDo.sed deleted successfully.
C:\32788R22FWJFW.1.tmp\region.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\RegScan.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\RegScan64.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\Resident.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\restore_pt.vbs deleted successfully.
C:\32788R22FWJFW.1.tmp\Rkey.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\rmbr.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\rogues.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\ROUTE.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\run2.sed deleted successfully.
C:\32788R22FWJFW.1.tmp\Rust.str deleted successfully.
C:\32788R22FWJFW.1.tmp\s0rt.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\safeboot.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\safeboot.def.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\safeboot.def.vista.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\Safeboot.def.w7.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\sed.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\SetEnvmt.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\setpath.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\sfx.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\SnapShot.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\SRestore.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\srizbi.md5 deleted successfully.
C:\32788R22FWJFW.1.tmp\StartMenuFile.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\StartMenuFolder.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\StartUpFile.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\SuppScan.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\SvcDrv.vbs deleted successfully.
C:\32788R22FWJFW.1.tmp\svchost.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\svchost.vista.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\svchost.vista.x64.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\svchost.w7.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\svchost.w7.x64.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\svc_wht.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\SWREG.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\swreg.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\swsc.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\swxcacls.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\system_ini.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\tail.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\TemplatesFile.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\TemplatesFolder.cfx deleted successfully.
C:\32788R22FWJFW.1.tmp\toolbar.sed deleted successfully.
C:\32788R22FWJFW.1.tmp\Update-CF.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\VerCF.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\VikPev00 deleted successfully.
C:\32788R22FWJFW.1.tmp\VInfo deleted successfully.
C:\32788R22FWJFW.1.tmp\VInfo2 deleted successfully.
C:\32788R22FWJFW.1.tmp\Vipev.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\vistaMcode.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\vistareg.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\vun.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\VwinTemp.dacl deleted successfully.
C:\32788R22FWJFW.1.tmp\w2kreg.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\w2k_sock.dll deleted successfully.
C:\32788R22FWJFW.1.tmp\w7Mcode.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\w7reg.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\Wmi_rem.vbs deleted successfully.
C:\32788R22FWJFW.1.tmp\w_sock.dll deleted successfully.
C:\32788R22FWJFW.1.tmp\XP.mac deleted successfully.
C:\32788R22FWJFW.1.tmp\xpmcode.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\xpreg.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\XPSBoot.reg deleted successfully.
C:\32788R22FWJFW.1.tmp\zDomain.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\zhsvc.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\zip.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110503-054600.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110430-184144.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110426-052355.backup moved successfully.
C:\fsqwr.bmp moved successfully.
========== REGISTRY ==========
========== FILES ==========
< type "C:/ComboFix.txt" /c >
C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Alexa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 15968133 bytes
->Flash cache emptied: 1387 bytes

User: Alexa.HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100860742 bytes
->Flash cache emptied: 169702 bytes

User: All Users

User: All Users.WINDOWS

User: Casey
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 31406 bytes
->FireFox cache emptied: 113862476 bytes
->Flash cache emptied: 3903 bytes

User: Casey.CKP-659A3D10510
->Temp folder emptied: 360679 bytes
->Temporary Internet Files folder emptied: 8804759 bytes
->Java cache emptied: 4145465 bytes
->FireFox cache emptied: 152574174 bytes
->Flash cache emptied: 83948 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3457352 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

User: Traci
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1307417 bytes
->FireFox cache emptied: 164672254 bytes
->Flash cache emptied: 188738 bytes

User: Traci.HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1866765 bytes
->FireFox cache emptied: 177419157 bytes
->Flash cache emptied: 117525 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 711.00 mb


[EMPTYFLASH]

User: Administrator

User: Alexa
->Flash cache emptied: 0 bytes

User: Alexa.HOME
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Casey
->Flash cache emptied: 0 bytes

User: Casey.CKP-659A3D10510
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000
->Flash cache emptied: 0 bytes

User: Traci
->Flash cache emptied: 0 bytes

User: Traci.HOME
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05032011_185627

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#8 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 03 May 2011 - 07:20 PM

Okay.

Run this scan:


Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#9 User is offline   Dayzed 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 03 May 2011 - 08:38 PM

I ran combofix and it froze up after completion of step 50. I had disabled Avira as well as Adaware before running a scan.

#10 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 04 May 2011 - 07:24 AM

Okay. Can you try to run ComboFix in Safe Mode?

Entering Safe Mode

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Safe Mode
  • Then press the Enter Key on your Keyboard
  • Go into your usual account

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#11 User is offline   Dayzed 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 04 May 2011 - 08:41 AM

Ran fine in safe mode.

ComboFix 11-05-03.02 - Casey 05/04/2011 8:21.12.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1765 [GMT -5:00]
Running from: c:\documents and settings\Casey.CKP-659A3D10510\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-03 23:56 . 2011-05-03 23:56 -------- d-----w- C:\_OTL
2011-04-27 13:53 . 2011-04-27 13:53 -------- d-----w- c:\documents and settings\Casey.CKP-659A3D10510\Application Data\Avira
2011-04-27 13:49 . 2011-04-01 22:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-27 13:49 . 2011-04-01 22:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-27 13:49 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-27 13:49 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-27 12:36 . 2011-04-27 12:27 1377112 ----a-w- C:\tdsskiller.exe
2011-04-26 17:58 . 2011-04-26 17:58 -------- d-----w- c:\program files\Recuva
2011-04-26 16:29 . 2011-04-26 16:29 -------- d-----w- c:\program files\Western Digital Corporation
2011-04-26 13:47 . 2011-03-10 17:27 1377112 ----a-w- c:\program files\googlebot.exe
2011-04-26 13:14 . 2011-03-10 17:27 1377112 ----a-w- c:\program files\explorerbooty.exe
2011-04-26 12:20 . 2011-04-26 13:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-26 10:47 . 2011-04-26 10:47 388096 ----a-r- c:\documents and settings\Casey.CKP-659A3D10510\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 14:18 . 2011-04-25 14:18 -------- d-----w- c:\documents and settings\Casey.CKP-659A3D10510\Local Settings\Application Data\AVG Security Toolbar
2011-04-25 14:08 . 2011-04-27 13:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-04-25 13:04 . 2011-04-25 17:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2011-04-25 13:04 . 2011-04-25 17:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-24 21:16 . 2011-04-18 10:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-24 18:18 . 2011-04-19 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-24 18:16 . 2011-04-25 17:14 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
2011-04-24 18:16 . 2011-04-24 18:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2011-04-24 18:16 . 2011-04-24 18:16 -------- d-----w- c:\program files\Lavasoft
2011-04-14 08:39 . 2011-04-14 08:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 08:39 . 2011-04-14 08:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-07 12:09 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-04-07 11:36 . 2006-03-15 12:00 25600 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-04-06 19:47 . 2011-04-06 22:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\kEa14005nFgNh14005
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 12:23 . 2011-01-27 13:54 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-04 12:23 . 2011-01-27 13:54 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-04 12:23 . 2009-02-18 21:48 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-04 11:45 . 2011-01-27 13:54 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-07 21:46 . 2011-01-27 13:53 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-07 21:01 . 2008-09-08 01:03 22328 ----a-w- c:\documents and settings\Casey.CKP-659A3D10510\Application Data\PnkBstrK.sys
.
.
------- Sigcheck -------
.
[-] 2009-01-29 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-01-29 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2011-04-27_15.30.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-12-13 20:05 . 2011-04-25 22:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-04 00:57 . 2011-05-04 01:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-07 22:45 . 2011-04-25 22:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-07 22:45 . 2011-05-04 01:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-12-13 20:05 . 2011-04-25 22:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-05-03 11:59 . 2011-05-04 01:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-04-27 15:39 . 2011-02-03 02:40 157472 c:\windows\system32\javaws.exe
- 2010-12-18 17:07 . 2010-11-13 00:53 157472 c:\windows\system32\javaws.exe
- 2010-12-18 17:07 . 2010-11-13 00:53 145184 c:\windows\system32\javaw.exe
+ 2011-04-27 15:39 . 2011-02-03 02:40 145184 c:\windows\system32\javaw.exe
+ 2011-04-27 15:39 . 2011-02-03 02:40 145184 c:\windows\system32\java.exe
- 2010-12-18 17:07 . 2010-11-13 00:53 145184 c:\windows\system32\java.exe
+ 2010-11-28 21:51 . 2011-02-03 02:40 472808 c:\windows\system32\deployJava1.dll
- 2010-11-28 21:51 . 2010-11-13 00:53 472808 c:\windows\system32\deployJava1.dll
+ 2011-04-27 15:39 . 2011-04-27 15:39 180224 c:\windows\Installer\174a6f.msi
+ 2008-09-13 17:43 . 2011-04-18 20:46 42181064 c:\windows\system32\MRT.exe
+ 2008-09-08 16:56 . 2011-05-04 13:18 166062112 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\documents and settings\Casey\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2011-4-8 3510160]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-8 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"WD Drive Manager"=c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:*:Disabled:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:*:Disabled:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:*:Disabled:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:*:Disabled:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:*:Disabled:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:*:Disabled:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:*:Disabled:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:*:Disabled:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:*:Disabled:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:*:Disabled:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:*:Disabled:MioNet Storage Device Discovery
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/24/2011 1:18 PM 64512]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/27/2011 8:49 AM 136360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/18/2011 7:00 PM 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/18/2011 7:00 PM 15232]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3/15/2006 7:00 AM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-19 17:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://foxnews.com/
FF - ProfilePath - c:\documents and settings\Casey.CKP-659A3D10510\Application Data\Mozilla\Firefox\Profiles\xinsvbvz.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-04 08:27
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-813497703-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7c,3f,14,33,8d,c6,56,0f,b7,fd,61,b9,cd,22,c5,9d,1d,19,01,1a,5c,
6e,28,02,07,68,40,4e,a2,ed,65,3a,a7,38,53,e9,cc,b5,c9,97,40,ee,25,46,cf,fd,\
"rkeysecu"=hex:46,64,ee,11,17,ab,2c,5e,55,ba,df,e8,12,ae,bf,52
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(260)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-04 08:29:07
ComboFix-quarantined-files.txt 2011-05-04 13:29
ComboFix2.txt 2011-05-03 11:55
ComboFix3.txt 2011-04-27 15:32
ComboFix4.txt 2010-11-29 16:22
ComboFix5.txt 2011-05-04 00:27
.
Pre-Run: 113,327,845,376 bytes free
Post-Run: 113,306,718,208 bytes free
.
- - End Of File - - 70A6B75592743155831659DD86D0BD7E

#12 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 04 May 2011 - 08:52 AM

Hi!

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:OTL

:Reg

:Files
c:\documents and settings\All Users.WINDOWS\Application Data\kEa14005nFgNh14005
ipconfig /flushdns /c
:Commands
[CreateRestorePoint]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.



NEXT:




Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#13 User is offline   Dayzed 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 04 May 2011 - 10:50 AM

Thanks. Here are the logs you requested. Eset locked up on a scan of SystemVolumeInformation/tracking.log. This happened in an earlier scan of Avira. I'm not seeing any detections. I hope I'm not wasting your time but I don't know how the source of my infection could be gone without showing up in a scan and trying to run fake a/v in internet explorer. One question. I had show hidden files checked but it is currently unchecked. Also, hide protected operating files is checked. Do these have any bearing on your instructions?


========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
c:\documents and settings\All Users.WINDOWS\Application Data\kEa14005nFgNh14005 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Casey.CKP-659A3D10510\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05042011_090743



Malwarebytes' Anti-Malware 1.37
Database version: 2284
Windows 5.1.2600 Service Pack 2

6/15/2009 12:37:08 PM
mbam-log-2009-06-15 (12-37-08).txt

Scan type: Quick Scan
Objects scanned: 142665
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.


Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
ZoneAlarm
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 24
Adobe Flash Player 10.2.152.26
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.11) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#14 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 04 May 2011 - 10:53 AM

Hi!

No they do not have any bearing on the instructions right now.

Malwarebytes' Anti-Malware 1.37
Database version: 2284
Windows 5.1.2600 Service Pack 2

You are running an EXTREMELY outdated version of MalwareBytes' Anti-Malware.

The latest version of MBAM is 1.500.1.1100

Lets update it to the latest version:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Update Adobe Reader
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

An alternate to the Adobe Reader, you could try the free (for personal use) Foxit PDF Reader. The download file is smaller and when installed,
uses less resources than Adobe Reader. Note: Do not install anything dealing with AskBar... presented as an installation option.



NEXT:



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 3.6.16.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting Posted Image.

Please make sure that you Posted Image again after updating to the latest version to make sure that you have in fact received the latest version.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#15 User is offline   Dayzed 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 04 May 2011 - 11:40 AM

Alright, everything is updated. Here is the log from the current mbam version:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6504

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/4/2011 11:11:48 AM
mbam-log-2011-05-04 (11-11-48).txt

Scan type: Quick scan
Objects scanned: 255801
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users