BleepingComputer.com: Trojan Hiloti

On the external harddrive.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6487

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/2/2011 11:59:01 PM
mbam-log-2011-05-02 (23-59-01).txt

Scan type: Quick scan
Objects scanned: 5154
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\system volume information\_restore{af5993ff-2e8e-45cb-93d3-822e3ac9910a}\RP10\A0012263.exe (JokeApp.NotFunny) -> Quarantined and deleted successfully.
f:\system volume information\_restore{af5993ff-2e8e-45cb-93d3-822e3ac9910a}\RP10\A0012273.exe (Application.Joke) -> Quarantined and deleted successfully.
f:\system volume information\_restore{af5993ff-2e8e-45cb-93d3-822e3ac9910a}\RP10\A0012277.exe (PUP.Joke.Buttons) -> Quarantined and deleted successfully.
f:\system volume information\_restore{af5993ff-2e8e-45cb-93d3-822e3ac9910a}\RP45\A0009813.exe (JokeApp.NotFunny) -> Quarantined and deleted successfully.
f:\system volume information\_restore{af5993ff-2e8e-45cb-93d3-822e3ac9910a}\RP45\A0009823.exe (Application.Joke) -> Quarantined and deleted successfully.
f:\system volume information\_restore{af5993ff-2e8e-45cb-93d3-822e3ac9910a}\RP45\A0009827.exe (PUP.Joke.Buttons) -> Quarantined and deleted successfully.

I wasnt able to select the Save Log option once I ran the fix and selected yes to restart. But I am still getting redirects =/

The redirect I got was perhaps a popup? I Don't see any other redirects happening trying to test it out on google by searching things. This log is different from previous logs with this scanner, before there were 3 red highlighted lines, now all is white, the virus *may* be gone, not sure yet though.


aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-03 01:45:56
-----------------------------
01:45:56.250 OS Version: Windows 5.1.2600 Service Pack 3
01:45:56.250 Number of processors: 2 586 0x304
01:45:56.250 ComputerName: WINDOWS-215B4D1 UserName: Owner
01:45:56.968 Initialize success
01:45:57.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:45:57.765 Disk 0 Vendor: WDC_WD32 03.0 Size: 305245MB BusType: 3
01:45:57.796 Disk 0 MBR read successfully
01:45:57.796 Disk 0 MBR scan
01:45:57.796 Disk 0 Windows XP default MBR code
01:45:57.796 Disk 0 scanning sectors +625121280
01:45:57.828 Disk 0 malicious Win32:MBRoot code @ sector 625121283 !
01:45:57.828 Disk 0 PE file @ sector 625121305 !
01:45:57.828 Disk 0 scanning C:\WINDOWS\system32\drivers
01:46:05.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
01:46:05.140 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
01:46:12.328 Service scanning
01:46:13.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
01:46:13.390 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

XanatosNemos, on 02 May 2011 - 10:47 PM, said:

Hi XanatosNemos,



These are legit folders, so please leave them alone.


System Volume Information Folder - It's actually a part of System Restore which allows you to set points in time to roll back your computer if needed.



The Recycler folder - When you delete a file it moves to the Recycle Bin. The file remains in the Recycle Bin until you empty the Recycle Bin or restore the file.
Windows changes a special byte and marks the occupied space as free space.
When you empty the Recycle Bin the files aren't permanently erased.
They are stored in the recycler folder and still can be restored using a recovery software like Recuva etc.
It is safe to delete files inside the Recycler folder. Even if you delete the Recycler folder, it will be re-created once you delete a file.
However sometimes USB devices spreading viruses copy themself to C:\Recycler as well. Your MBAM log indicates that only a few unwanted and joke programs were found and nothing dangerous.



However it's always a good idea to immunize ALL USB devices you have (just in case).



Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  
• Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  
• Wait until it has finished scanning and then exit the program.
  
• Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



Now, about the ASWMBR log:

Quote

What ASWMBR is showing is a backup but inactive copy of the rootkit.
The rootkit, when first installed, installs a copy of itself on a sector on your hard drive. It cannot be removed without deleting your hard drive partition and creating a new one, which would make it necessary to reinstall everything. However this is not necessary since the rootkit is now no longer active and do not present any danger to your computer.



Ok....I want to see a few logs to be sure all is done.



STEP 1



Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
  
• Extract its contents to your desktop.
  
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an malicious object is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• Select Skip to the sptd.sys.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

STEP 2

• Download DDS by sUBs from the link below. Save it to your desktop.
  • DDS.scr
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



STEP 3



I need to see all OTL fix logs so far to see if the scripts worked correctly.

Please do this: ... navigate to the C:\_OTL\MovedFiles folder, and open all logs one by one..

Copy/paste the contents of each document back here in your next post.



STEP 4



Update Malwarebytes and run a FULL system scan.
Post back the results here.



In your next reply, please include the following:

• TDSSKiller log
  
• DDS log
  
• ALL OTL fix logs
  
• Malwarebytes log

How are the things now ? Are there any problems left ?



Regards,
Georgi

the Flash disinfector has a virus attached to it, AVG stopped it from downloading.

2011/05/03 12:29:12.0390 2600 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 12:29:12.0750 2600 ================================================================================
2011/05/03 12:29:12.0750 2600 SystemInfo:
2011/05/03 12:29:12.0750 2600
2011/05/03 12:29:12.0750 2600 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/03 12:29:12.0750 2600 Product type: Workstation
2011/05/03 12:29:12.0750 2600 ComputerName: WINDOWS-215B4D1
2011/05/03 12:29:12.0750 2600 UserName: Owner
2011/05/03 12:29:12.0765 2600 Windows directory: C:\WINDOWS
2011/05/03 12:29:12.0765 2600 System windows directory: C:\WINDOWS
2011/05/03 12:29:12.0765 2600 Processor architecture: Intel x86
2011/05/03 12:29:12.0765 2600 Number of processors: 2
2011/05/03 12:29:12.0765 2600 Page size: 0x1000
2011/05/03 12:29:12.0765 2600 Boot type: Normal boot
2011/05/03 12:29:12.0765 2600 ================================================================================
2011/05/03 12:29:16.0375 2600 Initialize success
2011/05/03 12:29:45.0484 3040 ================================================================================
2011/05/03 12:29:45.0484 3040 Scan started
2011/05/03 12:29:45.0484 3040 Mode: Manual;
2011/05/03 12:29:45.0484 3040 ================================================================================
2011/05/03 12:29:46.0640 3040 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/03 12:29:46.0703 3040 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/03 12:29:46.0796 3040 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/03 12:29:46.0875 3040 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/03 12:29:47.0031 3040 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/03 12:29:47.0109 3040 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/03 12:29:47.0156 3040 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/03 12:29:47.0250 3040 ati2mtag (205a9e5c6d3b60659f0dc40542a8b29f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/03 12:29:47.0312 3040 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/03 12:29:47.0375 3040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/03 12:29:47.0437 3040 AVGIDSDriver (646cccd12886facb8676bdd9b7d54e29) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/03 12:29:47.0500 3040 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/03 12:29:47.0531 3040 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/03 12:29:47.0578 3040 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/03 12:29:47.0656 3040 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/03 12:29:47.0703 3040 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/03 12:29:47.0734 3040 Avgrkx86 (ffbe8adeb1fd8640540bf6e4a137b3ef) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/03 12:29:47.0781 3040 Avgtdix (69e6adf5cbbdeb5f2b727c93937a5823) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/03 12:29:47.0859 3040 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/03 12:29:47.0937 3040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/03 12:29:48.0140 3040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/03 12:29:48.0218 3040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/03 12:29:48.0281 3040 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/03 12:29:48.0359 3040 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/03 12:29:48.0406 3040 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/03 12:29:48.0500 3040 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2011/05/03 12:29:48.0531 3040 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
2011/05/03 12:29:48.0609 3040 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2011/05/03 12:29:48.0703 3040 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/05/03 12:29:48.0750 3040 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/05/03 12:29:48.0781 3040 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2011/05/03 12:29:48.0843 3040 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
2011/05/03 12:29:48.0906 3040 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/05/03 12:29:48.0953 3040 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2011/05/03 12:29:49.0000 3040 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2011/05/03 12:29:49.0078 3040 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2011/05/03 12:29:49.0109 3040 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2011/05/03 12:29:49.0187 3040 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2011/05/03 12:29:49.0218 3040 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
2011/05/03 12:29:49.0265 3040 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2011/05/03 12:29:49.0421 3040 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2011/05/03 12:29:49.0500 3040 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/05/03 12:29:49.0531 3040 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2011/05/03 12:29:49.0578 3040 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
2011/05/03 12:29:49.0625 3040 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/05/03 12:29:49.0718 3040 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/03 12:29:49.0812 3040 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/03 12:29:49.0859 3040 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/03 12:29:49.0875 3040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/03 12:29:49.0937 3040 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/03 12:29:49.0984 3040 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/03 12:29:50.0062 3040 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/05/03 12:29:50.0140 3040 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/03 12:29:50.0218 3040 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/03 12:29:50.0234 3040 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/03 12:29:50.0250 3040 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/03 12:29:50.0281 3040 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/03 12:29:50.0328 3040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/03 12:29:50.0375 3040 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/03 12:29:50.0437 3040 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/03 12:29:50.0484 3040 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 12:29:50.0531 3040 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/03 12:29:50.0609 3040 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/05/03 12:29:50.0671 3040 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/05/03 12:29:50.0734 3040 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/05/03 12:29:50.0812 3040 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/05/03 12:29:50.0843 3040 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/03 12:29:50.0921 3040 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/03 12:29:51.0015 3040 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/03 12:29:51.0109 3040 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/03 12:29:51.0140 3040 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/03 12:29:51.0156 3040 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/03 12:29:51.0203 3040 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/03 12:29:51.0234 3040 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/03 12:29:51.0265 3040 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/03 12:29:51.0312 3040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/03 12:29:51.0343 3040 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/03 12:29:51.0390 3040 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/03 12:29:51.0421 3040 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/03 12:29:51.0468 3040 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/03 12:29:51.0515 3040 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/03 12:29:51.0531 3040 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/03 12:29:51.0578 3040 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/03 12:29:51.0625 3040 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/03 12:29:51.0687 3040 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/03 12:29:51.0750 3040 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/03 12:29:51.0812 3040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/03 12:29:51.0875 3040 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/03 12:29:51.0937 3040 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/05/03 12:29:51.0953 3040 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/05/03 12:29:52.0000 3040 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/05/03 12:29:52.0015 3040 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
2011/05/03 12:29:52.0062 3040 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/03 12:29:52.0140 3040 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/03 12:29:52.0156 3040 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/03 12:29:52.0218 3040 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/03 12:29:52.0281 3040 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/03 12:29:52.0312 3040 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/03 12:29:52.0390 3040 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/03 12:29:52.0453 3040 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/03 12:29:52.0468 3040 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/03 12:29:52.0484 3040 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/03 12:29:52.0531 3040 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/03 12:29:52.0546 3040 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/03 12:29:52.0593 3040 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/03 12:29:52.0625 3040 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/03 12:29:52.0656 3040 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/03 12:29:52.0703 3040 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/03 12:29:52.0718 3040 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/03 12:29:52.0765 3040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/03 12:29:52.0843 3040 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/03 12:29:52.0875 3040 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/03 12:29:52.0937 3040 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/03 12:29:53.0000 3040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/03 12:29:53.0343 3040 nv (bccced4253057e51782eee166d2ced3c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/03 12:29:53.0656 3040 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys
2011/05/03 12:29:53.0703 3040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/03 12:29:53.0718 3040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/03 12:29:53.0781 3040 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/03 12:29:53.0843 3040 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
2011/05/03 12:29:53.0921 3040 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/05/03 12:29:53.0968 3040 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/03 12:29:53.0984 3040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/03 12:29:54.0046 3040 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/03 12:29:54.0078 3040 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/03 12:29:54.0140 3040 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/05/03 12:29:54.0171 3040 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/03 12:29:54.0343 3040 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/03 12:29:54.0375 3040 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/03 12:29:54.0421 3040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/03 12:29:54.0468 3040 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/03 12:29:54.0609 3040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/03 12:29:54.0640 3040 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/03 12:29:54.0671 3040 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/03 12:29:54.0687 3040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/03 12:29:54.0718 3040 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/03 12:29:54.0750 3040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/03 12:29:54.0781 3040 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/03 12:29:54.0843 3040 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/03 12:29:54.0906 3040 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/03 12:29:55.0093 3040 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/03 12:29:55.0109 3040 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/03 12:29:55.0156 3040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/03 12:29:55.0234 3040 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/03 12:29:55.0250 3040 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/03 12:29:55.0296 3040 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/03 12:29:55.0421 3040 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/03 12:29:55.0484 3040 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/03 12:29:55.0531 3040 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/03 12:29:55.0578 3040 SSMO3v2Filter (0c4fffa5653683da37d463c5507ca41d) C:\WINDOWS\system32\drivers\MO3v2Driver.sys
2011/05/03 12:29:55.0625 3040 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/03 12:29:55.0671 3040 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/03 12:29:55.0796 3040 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/03 12:29:55.0843 3040 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/03 12:29:55.0906 3040 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/03 12:29:55.0953 3040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/03 12:29:56.0000 3040 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/03 12:29:56.0078 3040 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/03 12:29:56.0109 3040 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/03 12:29:56.0171 3040 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/03 12:29:56.0234 3040 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/03 12:29:56.0250 3040 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/03 12:29:56.0281 3040 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/03 12:29:56.0328 3040 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/03 12:29:56.0375 3040 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/03 12:29:56.0437 3040 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/03 12:29:56.0531 3040 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/03 12:29:56.0609 3040 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/03 12:29:56.0687 3040 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/03 12:29:56.0781 3040 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/03 12:29:56.0890 3040 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/03 12:29:56.0921 3040 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/03 12:29:56.0968 3040 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/03 12:29:57.0187 3040 ================================================================================
2011/05/03 12:29:57.0187 3040 Scan finished
2011/05/03 12:29:57.0187 3040 ================================================================================

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 12:31:14.71 on Tue 05/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2320 [GMT -4:00]
.
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "c:\program files\steelseries\world of warcraft cataclysm mmo gaming mouse\WoWMHID2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\f3j2v9u6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.infowars.com/|http://www.facebook.com/profile.php?id=667655236&ref=profile|http://wbe03.mibbit.com/?server=irc.gamesurge.net&channel=%23dominions&noServerTab=false&noticesToActiveTab=false
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dbb871f&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-12-15 33824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-2-10 91496]
R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [2010-12-15 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-29 947528]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-21 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-02 04:27:02 1053184 ----a-w- c:\windows\system32\SierraNW.dll
2011-05-02 04:27:01 231936 ----a-w- c:\windows\system32\SNWValid.dll
2011-05-02 04:26:58 -------- d-----w- c:\windows\solcache
2011-05-02 04:24:59 -------- d-----w- C:\SIERRA
2011-05-02 04:24:59 -------- d-----w- c:\program files\Sierra On-Line
2011-05-02 04:24:29 304128 ----a-w- c:\windows\IsUninst.exe
2011-05-02 04:22:40 -------- d-----w- c:\documents and settings\owner\WINDOWS
2011-04-30 22:08:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-30 22:08:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-30 22:08:15 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-30 22:08:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-30 22:08:15 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-30 22:08:15 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-30 22:08:15 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-30 22:08:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-30 20:40:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-30 03:50:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-04-30 03:49:21 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-29 05:14:37 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-04-29 05:14:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 05:14:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-29 05:14:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 05:14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-29 04:48:26 -------- d-----w- C:\_OTL
2011-04-27 02:29:21 -------- d-----w- C:\ComFix
2011-04-26 20:41:33 98816 ----a-w- c:\windows\sed.exe
2011-04-26 20:41:33 89088 ----a-w- c:\windows\MBR.exe
2011-04-26 20:41:33 256512 ----a-w- c:\windows\PEV.exe
2011-04-26 20:41:33 161792 ----a-w- c:\windows\SWREG.exe
.
==================== Find3M ====================
.
2011-04-30 20:40:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 23:22:15 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-10 23:22:15 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-02-10 23:22:14 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
.
============= FINISH: 12:37:18.21 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/20/2010 12:41:04 PM
System Uptime: 5/3/2011 10:02:25 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0U7077
Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 136.097 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 386.597 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 4/27/2011 11:34:00 PM - OTL Restore Point
RP4: 4/28/2011 11:35:16 PM - System Checkpoint
RP5: 4/29/2011 11:48:36 PM - Installed AVG 2011
RP6: 4/29/2011 11:49:02 PM - Installed AVG 2011
RP7: 4/30/2011 4:35:46 PM - Removed Adobe Reader 9.4.4.
RP8: 4/30/2011 4:40:25 PM - Removed Java™ 6 Update 18
RP9: 4/30/2011 4:40:41 PM - Installed Java™ 6 Update 24
RP10: 5/2/2011 1:13:50 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 7
AoW...
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVG 2011
BattleForge™
Bonjour
Comical 0.8
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
Diablo II
DivX Setup
Dominions 3 (remove only)
EverQuest
EverQuest: Secrets of Faydwer
GameRanger
Google Talk (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InfraRecorder
iTunes
Java Auto Updater
Java™ 6 Update 24
K@W maps pack
League of Legends
LimeWire 5.6.2
LogMeIn Hamachi
Lords of Magic Special Edition
Magic Set Editor 2 - 0.3.8 beta
Magic Workstation 0.94f
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Reader
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mount&Blade Warband
Mozilla Firefox 4.0.1 (x86 en-US)
MP 1.8
MSVCRT
MTG Cropped Card Pics (up to Eventide)
MTG GamePack for Magic Workstation
Neverwinter Nights 2
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
OpenOffice.org 3.2
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sierra Utilities
StarCraft II
SUPERAntiSpyware
Taskbar Shuffle version 2.5
TeamSpeak 3 Client
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VLC media player 1.1.8
Warcraft III: All Products
WebFldrs XP
Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/19/2010 1.2.4.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
World of Warcraft Cataclysm MMO Gaming Mouse
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
5/3/2011 12:53:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm oreans32 SASDIFSV SASKUTIL
5/3/2011 12:51:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/2/2011 1:21:45 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/2/2011 1:14:51 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/1/2011 8:19:24 AM, error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).
5/1/2011 8:19:24 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/1/2011 8:19:24 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
5/1/2011 8:19:23 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/1/2011 8:19:22 AM, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 6:46:11 AM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
4/27/2011 3:34:57 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
4/27/2011 3:34:53 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/27/2011 3:34:47 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/27/2011 11:34:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'bartIDs_devformat_01' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/27/2011 11:09:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'plugin-crossdomain-1.xml' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/27/2011 10:37:27 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
4/26/2011 6:43:19 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{2D3D8F48-6329-4894-A4C2-D0523C012394} because another computer on the network has the same name. The server could not start.
4/26/2011 4:39:59 PM, error: System Error [1003] - Error code 00000096, parameter1 f78e2d24, parameter2 8056a5c0, parameter3 8056a5c0, parameter4 8a4046da.
4/26/2011 4:39:57 PM, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 b3146925, parameter3 a5517860, parameter4 00000000.
4/26/2011 4:39:53 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd0b7bd2, parameter3 a7304a9c, parameter4 00000000.
4/26/2011 4:29:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
4/26/2011 4:29:05 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
4/26/2011 4:29:05 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
4/26/2011 4:28:58 PM, error: SRService [104] - The System Restore initialization process failed.
4/26/2011 4:03:55 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6487

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/3/2011 1:49:25 PM
mbam-log-2011-05-03 (13-49-25).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 282308
Time elapsed: 1 hour(s), 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

the only OTL log I saw was the super long one i posted a few posts ago that wouldnt post due to size and I had to split it up

Hi,


I'll be able to reply later today as I must go to work now.
Stay tuned and sorry for the inconvenience.


Regards,
Georgi

This post has been edited by B-boy/StyLe/: 04 May 2011 - 02:34 AM
Reason for edit: typo.

XanatosNemos, on 03 May 2011 - 11:27 AM, said:

Hi XanatosNemos,



It's a false positive by AVG...

If you want to run the Flash_Disinfector, then disable AVG first.

You can enable it back after the immunization process is completed.

Your logs looks good.

Are there any problems left ? Do you still experience redirects ?

I have some final words for you.



All Clean



Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean





STEP 1 UPDATING TASKS





Upgrading Java again:


Java released a new version a few days ago...

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25 .
  
• Click the JDK 6 Update 25 (JDK or JRE) "Download JRE" button to the right.
  
• Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  
• Click on Continue.
  
• Click on the link to download Windows Offline Installation ( jre-6u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. (Java™ 6 Update 24)
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u25-windows-i586.exe and select "Run as an Administrator.")

STEP 2 CLEANUP





1. Uninstall Combofix

• The following will implement some cleanup procedures as well as reset System Restore points:
  
  
• Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
  
  
• ComboFix /Uninstall

2. To remove all of the tools we used and the files and folders they created, please do the following:



Please reopen on your desktop.

In the upper right click CleanUp



This will delete OTL and will clean up after it.


Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


You can uninstall now - ESET Online Scanner v3.





STEP 3 SECURITY ADVICES





Change all your passwords !



Since your computer was infected with a MBR rootkit for peace of mind, I would however advise you that all your passwords be changed immediately !! (just in case).





Keep your antivirus software turned on and up-to-date

• Make sure your antivirus software is turned on and up-to-date.
  
• New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  Note:
  
• You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  
• You should scan your computer with an AntiSpyware program too on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan.

Visit Microsoft's Windows Update Site Frequently



It is important that you visit Windows Update regularly.

This will ensure your computer has always the latest security updates available installed on your computer.

If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.





Practice Safe Internet



One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

• If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  
  
  
• If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  
  
  
• If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  
  
  
• If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
  
  Foistware, And how to avoid it.
  
  There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  
  
  
• Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  
  
  
• Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  
  
  
• When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  
  
  
• Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  
  
  
• Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  
  
  
• DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Don't use pirated software !!!



Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.

So my advice is - stay away from them!





Create an image of your system



It is always a good idea to do a backup of all important files just in case something happens it.

Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.

The download link is here => http://www.macrium.com/reflectfree.asp

The tutorials can be found here => http://www.macrium.com/tutorial.asp

Be sure to read the tutorial first.



Follow this list and your potential for being infected again will reduce dramatically.





STEP 4 IMPROVE YOUR PC PERFORMANCE





Use Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.



Open Disk Cleanup by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.

When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.





You can use Disk Defragmenter to rearrange files and unused space on your hard disk so that programs run faster



Please Open Disk Defragmenter by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter

Select the drive you want to Defragment (the drive where Windows is installed).

Click Defragment Now.





Use MSConfig to disable any processes that you do not want running in the background of the computer.



Please type msconfig in the start menu, then hit enter.

Go to the startup tab and then uncheck any programs that you don't need to load with Windows.

Click the "Apply" button and click "OK" to close the MSCONFIG window.

Restart your computer to save the changes you made to the Startup.

You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.

The programs you removed will no longer automatically launch once Windows starts up.



Safe Surfing ! ;)



Regards,
Georgi

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.