Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links hijacked (Partially fixed) need help with remaining stubborn rootkits.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Talah Rama

Talah Rama

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 29 June 2009 - 04:44 PM

My google search results were hijacked the other day so I looked around here for possible cures. Tried some of the basic ones and manged to get my browser working fine again but I still find 1 to 4 rootkits now and then. I just want to finish up with the removal of the few remaining ones. All help is very much appreciated. (The files are named: A0000176.exe and djjthyycqd[1].htm in my avast scan log.)

Here is my HJT Log

DDS (Ver_09-06-26.01) - NTFSx86
Run by Michael J. Audet at 17:34:04.04 on Mon 06/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.333 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090629-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ZoneTick\timesync.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\TuneUp Utilities\MemOptimizer.exe
C:\Program Files\ZoneTick\zonetick.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\Michael J. Audet\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CursorXP] c:\program files\cursorxp\CursorXP.exe
uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities\MemOptimizer.exe" autostart
uRun: [ZoneTick] c:\program files\zonetick\zonetick.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\avast\ashDisp.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1.aud\applic~1\mozilla\firefox\profiles\jxmms7bf.default\
FF - plugin: c:\program files\firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-23 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-8 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-8 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\ashServ.exe [2009-1-8 138680]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-8 47640]
R2 ZTime;ZoneTick Time;c:\program files\zonetick\timesync.exe [2008-5-5 61440]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast\ashMaiSv.exe [2009-1-8 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast\ashWebSv.exe [2009-1-8 352920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1003344]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-29 16:59 <DIR> --dsh--- c:\documents and settings\michael j. audet\IECompatCache
2009-06-29 01:39 161,792 a------- c:\windows\SWREG.exe
2009-06-29 01:39 155,136 a------- c:\windows\PEV.exe
2009-06-29 01:39 98,816 a------- c:\windows\sed.exe
2009-06-28 17:40 <DIR> --dsh--- c:\documents and settings\michael j. audet\PrivacIE
2009-06-28 17:05 <DIR> --d----- c:\docume~1\michae~1.aud\applic~1\Malwarebytes
2009-06-28 17:05 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 17:05 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-28 17:05 <DIR> --d----- c:\program files\Malwarebytes
2009-06-28 17:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-28 16:52 <DIR> a-dshr-- C:\cmdcons
2009-06-28 16:48 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-28 08:01 <DIR> --dsh--- c:\windows\System Volume Information
2009-06-28 07:56 267,112 a------- c:\windows\system32\xactengine2_9.dll
2009-06-28 07:56 18,280 a------- c:\windows\system32\x3daudio1_2.dll
2009-06-28 07:56 <DIR> --d----- c:\windows\Brain Challenge
2009-06-28 07:41 3,734,536 a------- c:\windows\system\d3dx9_36.dll
2009-06-28 07:39 27 a------- c:\windows\popcinfo.dat
2009-06-28 07:34 <DIR> --d----- c:\windows\Heavy Weapon Deluxe
2009-06-28 07:11 <DIR> --d----- c:\docume~1\michae~1.aud\applic~1\Braid
2009-06-28 07:10 3,851,784 a------- c:\windows\system\d3dx9_39.dll
2009-06-28 06:40 <DIR> --d----- c:\documents and settings\michael j. audet\Saved Games
2009-06-28 06:28 <DIR> --d----- c:\windows\Diner Dash 3-in-1
2009-06-25 15:28 <DIR> --dsh--- c:\documents and settings\michael j. audet\IETldCache
2009-06-25 14:53 <DIR> --d-h--- C:\fe09de1395dee466f356e301b6efa5
2009-06-25 14:44 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-25 14:44 <DIR> --d----- c:\windows\ie8updates
2009-06-25 14:44 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 14:44 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-25 14:42 <DIR> -cd-h--- c:\windows\ie8
2009-06-25 14:40 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-25 14:34 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-06-25 14:34 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-25 14:34 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-06-25 14:34 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-06-25 14:34 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-06-25 14:34 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-06-25 14:34 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-06-25 14:34 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-06-25 14:34 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-06-25 14:34 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-24 02:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-06-21 23:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-06-21 01:15 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

==================== Find3M ====================

2009-06-24 00:30 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-21 02:11 1,734 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 00:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 11:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-01-09 00:14 88 ---shr-- c:\docume~1\alluse~1\applic~1\984AA09628.sys

============= FINISH: 17:34:20.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:07 PM

Posted 02 July 2009 - 08:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Talah Rama

Talah Rama
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 02 July 2009 - 11:53 PM

Well about a week ago I got that google hijack thin on my machine and looked around for ways to fix it. I found this site and learned about Malware Bytes and a few other scanners that could help me. I used them and got my results working again in my browser but I think I still have some left over problems and 1 or 2 stubborn rootkits. I just want to make sure my computer is completely clean of my previous infection so any info you guys can give would be great. Here is my new DDS scan and attach file. : )

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_09-06-26.01) - NTFSx86
Run by Michael J. Audet at 0:47:22.27 on Fri 07/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.281 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090702-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\TuneUp Utilities\MemOptimizer.exe
C:\Program Files\ZoneTick\zonetick.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ZoneTick\timesync.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Michael J. Audet\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CursorXP] c:\program files\cursorxp\CursorXP.exe
uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities\MemOptimizer.exe" autostart
uRun: [ZoneTick] c:\program files\zonetick\zonetick.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\avast\ashDisp.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1.aud\applic~1\mozilla\firefox\profiles\jxmms7bf.default\
FF - plugin: c:\program files\firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-23 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-8 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-8 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\ashServ.exe [2009-1-8 138680]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-8 47640]
R2 ZTime;ZoneTick Time;c:\program files\zonetick\timesync.exe [2008-5-5 61440]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast\ashMaiSv.exe [2009-1-8 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast\ashWebSv.exe [2009-1-8 352920]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-29 17:52 1,089,601 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-29 16:59 <DIR> --dsh--- c:\documents and settings\michael j. audet\IECompatCache
2009-06-29 01:39 161,792 a------- c:\windows\SWREG.exe
2009-06-29 01:39 155,136 a------- c:\windows\PEV.exe
2009-06-29 01:39 98,816 a------- c:\windows\sed.exe
2009-06-28 17:40 <DIR> --dsh--- c:\documents and settings\michael j. audet\PrivacIE
2009-06-28 17:05 <DIR> --d----- c:\docume~1\michae~1.aud\applic~1\Malwarebytes
2009-06-28 17:05 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 17:05 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-28 17:05 <DIR> --d----- c:\program files\Malwarebytes
2009-06-28 17:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-28 16:52 <DIR> a-dshr-- C:\cmdcons
2009-06-28 16:48 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-28 08:01 <DIR> --dsh--- c:\windows\System Volume Information
2009-06-28 07:56 267,112 a------- c:\windows\system32\xactengine2_9.dll
2009-06-28 07:56 18,280 a------- c:\windows\system32\x3daudio1_2.dll
2009-06-28 07:56 <DIR> --d----- c:\windows\Brain Challenge
2009-06-28 07:41 3,734,536 a------- c:\windows\system\d3dx9_36.dll
2009-06-28 07:39 27 a------- c:\windows\popcinfo.dat
2009-06-28 07:34 <DIR> --d----- c:\windows\Heavy Weapon Deluxe
2009-06-28 07:11 <DIR> --d----- c:\docume~1\michae~1.aud\applic~1\Braid
2009-06-28 07:10 3,851,784 a------- c:\windows\system\d3dx9_39.dll
2009-06-28 06:40 <DIR> --d----- c:\documents and settings\michael j. audet\Saved Games
2009-06-28 06:28 <DIR> --d----- c:\windows\Diner Dash 3-in-1
2009-06-25 15:28 <DIR> --dsh--- c:\documents and settings\michael j. audet\IETldCache
2009-06-25 14:53 <DIR> --d-h--- C:\fe09de1395dee466f356e301b6efa5
2009-06-25 14:44 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-25 14:44 <DIR> --d----- c:\windows\ie8updates
2009-06-25 14:44 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 14:44 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-25 14:42 <DIR> -cd-h--- c:\windows\ie8
2009-06-25 14:40 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-25 14:34 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-06-25 14:34 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-25 14:34 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-06-25 14:34 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-06-25 14:34 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-06-25 14:34 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-06-25 14:34 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-06-25 14:34 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-06-25 14:34 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-06-25 14:34 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-24 02:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-06-21 23:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-06-21 01:15 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

==================== Find3M ====================

2009-06-24 00:30 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-21 02:11 1,734 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 00:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 11:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-01-09 00:14 88 ---shr-- c:\docume~1\alluse~1\applic~1\984AA09628.sys

============= FINISH: 0:47:34.72 ===============

Attached Files



#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:07 PM

Posted 05 July 2009 - 07:15 PM

Hang on. A team member should be with you shortly.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:07 PM

Posted 05 July 2009 - 07:32 PM

Hi Talah Rama,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

---------------------------------------------------------------------

The rootkit may still be there.

Please run this scanner to check if it is still present.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If you can provide MBAM logs which show the infections that it caught that would be helpful too.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 Talah Rama

Talah Rama
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 06 July 2009 - 04:26 AM

Thanks for the response, here are my GMER scan results

: )

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-06 05:24:50
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF513A6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF513A574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF513AA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF513A14C]
SSDT sply.sys ZwEnumerateKey [0xF75D5CA2]
SSDT sply.sys ZwEnumerateValueKey [0xF75D6030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF513A64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF513A08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF513A0F0]
SSDT sply.sys ZwQueryKey [0xF75D6108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF513A76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF513A72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF513A8AE]

INT 0x62 ? 82F6FBF8
INT 0x63 ? 82E26BF8
INT 0x82 ? 82F6FBF8
INT 0x83 ? 82E26BF8
INT 0xA4 ? 82E26BF8
INT 0xB4 ? 82E26BF8

---- Kernel code sections - GMER 1.0.15 ----

? sply.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6B6D62C 5 Bytes JMP 82E261D8
.text a6ghs5cf.SYS F6651386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a6ghs5cf.SYS F66513AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a6ghs5cf.SYS F66513C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a6ghs5cf.SYS F66513C9 1 Byte [2E]
.text a6ghs5cf.SYS F66513C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Michael J. Audet\Desktop\gmer.exe[732] USER32.dll!GetCursor 7E41D749 5 Bytes JMP 10001080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Michael J. Audet\Desktop\gmer.exe[732] USER32.dll!DrawIconEx 7E41EB4E 5 Bytes JMP 10001120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Michael J. Audet\Desktop\gmer.exe[732] USER32.dll!GetIconInfo 7E41F052 5 Bytes JMP 10001030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Firefox\firefox.exe[1424] USER32.dll!GetCursor 7E41D749 5 Bytes JMP 02E11080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Firefox\firefox.exe[1424] USER32.dll!DrawIconEx 7E41EB4E 5 Bytes JMP 02E11120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Firefox\firefox.exe[1424] USER32.dll!GetIconInfo 7E41F052 5 Bytes JMP 02E11030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[3644] USER32.dll!GetCursor 7E41D749 5 Bytes JMP 10001080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[3644] USER32.dll!DrawIconEx 7E41EB4E 5 Bytes JMP 10001120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[3644] USER32.dll!GetIconInfo 7E41F052 5 Bytes JMP 10001030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82FDE2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75E8C4C] sply.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75E8CA0] sply.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F75B8040] sply.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F75B813C] sply.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75B80BE] sply.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75B87FC] sply.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75B86D2] sply.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82E262D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75C8048] sply.sys
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlInitUnicodeString] 0975013E
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!swprintf] 1B42E853
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeSetEvent] C4830000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoCreateSymbolicLink] B05E5F04
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E58B5B01
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] CCCCC35D
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmFreeMappingAddress] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 53EC8B55
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 08758B56
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmUnmapIoSpace] 0214BE83
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 57000000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IofCompleteRequest] 45C60674
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1EEB010B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IofCallDriver] 020C868B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmAllocateMappingAddress] C0850000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 808A1074
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000804
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoDetachDevice] A03CF024
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0B45950F
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeInitializeEvent] 45C604EB
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 458A000B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlInitAnsiString] 88C0840B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 840F0946
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoQueueWorkItem] 000000C1
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmMapIoSpace] 14B30E8B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 1C8286C6
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoReportDetectedDevice] 88010000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoReportResourceForDetection] 001C859E
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] A19E8800
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!NlsMbCodePageTag] C600001C
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!PoRequestPowerIrp] 001C8686
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 86C60100
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 00001CA2
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!sprintf] 70518B01
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 8D52006A
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ObfDereferenceObject] 001C8886
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 55E85000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 8B000023
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ZwClose] 70518B0E
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 8D52016A
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 001CA486
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 41E85000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 8B000023
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!PoCallDriver] 18C4830E
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoCreateDevice] 1C8D9E88
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 9E880000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 00001CA9
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ZwOpenKey] 0E798366
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 74AAB000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoStartTimer] 8186C636
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeInitializeTimer] 1A00001C
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoInitializeTimer] 1C8386C6
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeInitializeDpc] C6020000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001C8E86
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoInitializeIrp] 86C60200
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ZwCreateKey] 00001CAA
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 959E8802
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB19E
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeInsertQueueDpc] 96868800
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8800001C
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoStartPacket] 001CB286
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C61AEB00
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C8186
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoFreeMdl] 86C61200
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmUnlockPages] 00001C83
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8E868801
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 8800001C
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 001CAA86
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 80968B00
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8900001C
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoStartNextPacket] 001C9C96
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeBugCheckEx] C6168B00
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CB986
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeSetTimer] 428A0A00
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeCancelTimer] BA86880C
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!_allmul] 8B00001C
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmProbeAndLockPages] 24A48DFA
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!_except_handler3] 00000000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!PoSetPowerState] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 8D3F0304
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlWriteRegistryValue] CB033043
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!_aulldiv] 0673C13B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!strstr] C13B0003
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!_strupr] 8366FA72
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeQuerySystemTime] 75000E7B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!KeTickCount] 307B8D00
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00AA840F
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoDeleteDevice] 83660000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoAllocateWorkItem] C6647400
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoAllocateIrp] 001CBB86
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoAllocateMdl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 968D5140
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmLockPagableDataSection] 00001C90
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 2266E852
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 478B0000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!ExFreePoolWithTag] 50016A40
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoFreeIrp] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!IoFreeWorkItem] E8510000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!InitSafeBootMode] 00002254
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlCompareMemory] 6A18538B
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 868D5200
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!memmove] 00001C98
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[ntoskrnl.exe!MmHighestUserAddress] 2242E850
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!KfAcquireSpinLock] 8A000002
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!READ_PORT_UCHAR] 83880846
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!KeGetCurrentIrql] 000001C0
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!KfLowerIrql] 8303C183
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!HalGetInterruptVector] D103FCE1
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!KfReleaseSpinLock] 83893204
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[WMILIB.SYS!WmiSystemControl] 03D00304
IAT \SystemRoot\System32\Drivers\a6ghs5cf.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F6E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 82E231F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82FDC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 82FDC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 82FDC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 82FDC1F8
Device \Driver\usbuhci \Device\USBPDO-1 82E231F8
Device \Driver\sptd \Device\854593420 sply.sys
Device \Driver\usbuhci \Device\USBPDO-2 82E231F8
Device \Driver\usbehci \Device\USBPDO-3 82E011F8
Device \Driver\PCI_PNP0920 \Device\00000047 sply.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{2412197F-1846-48B0-B1DF-330A8F6A7F16} 82D354D8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82F701F8
Device \Driver\Cdrom \Device\CdRom0 82DBE1F8
Device \Driver\Cdrom \Device\CdRom1 82DBE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82F6F1F8
Device \Driver\atapi \Device\Ide\IdePort0 82F6F1F8
Device \Driver\atapi \Device\Ide\IdePort1 82F6F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 82F6F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{146FA59E-47F6-4B6A-B31D-741A00A55DF4} 82D354D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82D354D8
Device \Driver\NetBT \Device\NetbiosSmb 82D354D8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 82E231F8
Device \Driver\usbuhci \Device\USBFDO-1 82E231F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82B5A500
Device \Driver\usbuhci \Device\USBFDO-2 82E231F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82B5A500
Device \Driver\usbehci \Device\USBFDO-3 82E011F8
Device \Driver\Ftdisk \Device\FtControl 82F701F8
Device \Driver\a6ghs5cf \Device\Scsi\a6ghs5cf1Port2Path0Target0Lun0 82B0F1F8
Device \Driver\a6ghs5cf \Device\Scsi\a6ghs5cf1 82B0F1F8
Device \FileSystem\Cdfs \Cdfs 82C85500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x7A 0xBD 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0xA8 0xC7 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x12 0xEB 0x0A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x7A 0xBD 0xF7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0xA8 0xC7 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x12 0xEB 0x0A 0xC3 ...

---- EOF - GMER 1.0.15 ----

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:07 PM

Posted 06 July 2009 - 02:25 PM

Hi Talah Rama,

No rootkits so that's good. :)

Let's try this

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Then

We need to create an OTL Report
  • Please download OTL from the mirror:
    [http://oldtimer.geekstogo.com/OTL.exe]This is THE Mirror[/url]
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 Talah Rama

Talah Rama
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 06 July 2009 - 06:54 PM

Heres all three logs you asked for. If this happens to be the last step and I'm all clean is there any programs you recomend I install other than what I already have? For security I use Avast and Ad-aware (and thanks to this happening I now will use Malware Bytes). I also wanted to thank you guys and this site for quick responses and clear directions, its been a great experience. : )

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.38
Database version: 2383
Windows 5.1.2600 Service Pack 2

7/6/2009 7:47:09 PM
mbam-log-2009-07-06 (19-47-09).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 181539
Time elapsed: 29 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 7/6/2009 7:49:10 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Michael J. Audet\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 181.30 Mb Available Physical Memory | 23.89% Memory free
1.81 Gb Paging File | 1.34 Gb Available in Paging File | 73.68% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 100.36 Gb Free Space | 67.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL2400
Current User Name: Michael J. Audet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\aswUpdSv.exe
PRC - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\ashServ.exe
PRC - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/16 21:35:26 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2007/09/12 11:20:58 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/10/16 21:35:22 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/10/20 22:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/07 23:45:10 | 00,241,734 | R--- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe
PRC - [2008/06/09 11:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/05/05 02:58:08 | 00,061,440 | ---- | M] (WR Consulting) -- C:\Program Files\ZoneTick\timesync.exe
PRC - [2008/11/10 12:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\ashMaiSv.exe
PRC - [2009/02/05 17:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\ashWebSv.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/05 17:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\ashDisp.exe
PRC - [2007/09/26 18:05:58 | 00,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
PRC - [2005/01/19 17:34:16 | 00,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2008/06/20 10:09:04 | 00,153,856 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities\MemOptimizer.exe
PRC - [2008/05/05 15:55:04 | 00,319,488 | ---- | M] (WR Consulting) -- C:\Program Files\ZoneTick\zonetick.exe
PRC - [2009/07/06 19:09:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael J. Audet\Desktop\OTL.exe
PRC - [2009/06/02 22:50:39 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 17:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/01/08 21:59:03 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/29 19:46:30 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2008/10/16 21:35:26 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2007/09/12 11:20:58 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/10/20 22:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/07 23:45:10 | 00,241,734 | R--- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/01/08 20:42:56 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2008/06/09 11:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2008/05/29 10:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2008/05/05 02:58:08 | 00,061,440 | ---- | M] (WR Consulting) -- C:\Program Files\ZoneTick\timesync.exe -- (ZTime [Auto | Running])
SRV - [2008/11/10 12:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 12:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 12:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 17:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2009/02/05 17:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 17:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 17:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 17:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 17:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2003/06/30 19:11:52 | 00,043,136 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2009/01/14 02:19:43 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2009/01/23 20:45:02 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/07/24 19:46:10 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo [Auto | Running])
DRV - [2007/09/12 11:20:28 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Running])
DRV - [2008/10/16 21:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/07/24 19:46:08 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2007/04/19 14:26:00 | 03,988,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001/08/22 09:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2003/07/16 12:36:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/02 04:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/11/18 12:38:32 | 00,591,808 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/02/06 15:09:33 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2007/02/26 18:15:22 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\xusb21.sys -- (xusb21 [On_Demand | Stopped])
DRV - [2008/11/10 12:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-484763869-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-484763869-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-484763869-162531612-725345543-1003\S-1-5-21-484763869-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-484763869-162531612-725345543-1003\S-1-5-21-484763869-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.65

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Firefox\components [2009/06/28 16:16:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Firefox\plugins [2009/06/28 16:16:35 | 00,000,000 | ---D | M]

[2009/06/28 16:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael J. Audet\Application Data\mozilla\Extensions
[2009/06/28 16:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael J. Audet\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/06 04:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael J. Audet\Application Data\mozilla\Firefox\Profiles\jxmms7bf.default\extensions
[2009/07/06 04:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael J. Audet\Application Data\mozilla\Firefox\Profiles\jxmms7bf.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-162531612-725345543-1003..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-484763869-162531612-725345543-1003..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKU\S-1-5-21-484763869-162531612-725345543-1003..\Run: [TuneUp MemOptimizer] C:\Program Files\TuneUp Utilities\MemOptimizer.exe (TuneUp Software GmbH)
O4 - HKU\S-1-5-21-484763869-162531612-725345543-1003..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe (WR Consulting)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-162531612-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-484763869-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-484763869-162531612-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 17:32:07 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/07/06 19:09:35 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael J. Audet\Desktop\OTL.exe
[2009/06/29 17:52:05 | 01,089,601 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/29 01:45:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/29 01:39:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/06/29 01:39:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/06/29 01:39:32 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/29 01:39:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/06/29 01:39:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/29 01:39:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/29 01:39:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/29 01:39:32 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/06/28 17:41:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/06/28 17:05:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael J. Audet\Application Data\Malwarebytes
[2009/06/28 17:05:44 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/28 17:05:42 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/28 17:05:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2009/06/28 17:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/28 16:52:08 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/06/28 16:48:06 | 02,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/06/28 16:48:06 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/06/28 16:48:06 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/06/28 16:48:06 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/06/28 16:48:06 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/06/28 16:48:06 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/06/28 16:48:06 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/06/28 16:48:06 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/06/28 16:48:06 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/06/28 16:48:06 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/06/28 16:48:06 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/06/28 16:48:06 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/06/28 16:48:06 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/06/28 16:48:06 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/06/28 16:48:06 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/06/28 16:48:06 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/06/28 16:48:06 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/06/28 16:48:06 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/06/28 16:48:06 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/06/28 16:48:06 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/06/28 16:48:06 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/06/28 16:48:06 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/06/28 16:48:06 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/06/28 16:48:06 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/06/28 16:48:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/06/28 16:43:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/28 16:16:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael J. Audet\Application Data\Mozilla
[2009/06/28 08:01:36 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System Volume Information
[2009/06/28 07:56:24 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/06/28 07:56:24 | 00,018,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_2.dll
[2009/06/28 07:56:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\Brain Challenge
[2009/06/28 07:41:30 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\d3dx9_36.dll
[2009/06/28 07:39:18 | 00,000,027 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/06/28 07:34:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\Heavy Weapon Deluxe
[2009/06/28 07:29:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael J. Audet\Local Settings\Application Data\Bizarre Creations
[2009/06/28 07:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael J. Audet\Application Data\Braid
[2009/06/28 07:10:40 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\d3dx9_39.dll
[2009/06/28 06:40:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael J. Audet\Local Settings\Application Data\Oberon Games
[2009/06/28 06:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael J. Audet\Application Data\PlayFirst
[2009/06/28 06:28:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Diner Dash 3-in-1
[2009/06/27 22:27:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/06/25 14:53:32 | 00,000,000 | -H-D | C] -- C:\fe09de1395dee466f356e301b6efa5
[2009/06/25 14:44:45 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/25 14:44:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/25 14:44:15 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/25 14:44:15 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/25 14:42:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/25 14:40:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/06/25 14:34:51 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/06/25 14:34:51 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/06/25 14:34:51 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/06/25 14:34:51 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/06/25 14:34:51 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/06/25 14:34:51 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/06/25 14:34:51 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/06/25 14:34:50 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/06/25 14:34:50 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/06/25 14:34:31 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/06/24 02:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/06/21 23:19:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/06/21 01:15:35 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/02/16 19:16:08 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/02/06 15:09:32 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/13 23:36:07 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/13 21:54:31 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/13 21:54:31 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/13 21:54:31 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/13 21:54:31 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/13 21:54:31 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/13 21:54:31 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/01/12 18:48:36 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/12 18:48:33 | 02,330,643 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/01/12 18:48:33 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/12 18:48:33 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/12 18:48:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/01/12 18:48:31 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/12 18:48:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/08 23:22:17 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
[2009/01/08 17:58:11 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/08 17:58:11 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/08 17:58:11 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/08 17:58:11 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/01/08 17:58:11 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/08 17:58:11 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/01/08 17:58:10 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/28 13:13:33 | 00,000,290 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/04/30 01:34:04 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/14 00:18:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/14 00:18:24 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/14 00:18:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2003/07/16 12:45:02 | 00,000,553 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 12:41:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/07/06 19:46:38 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/06 19:09:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael J. Audet\Desktop\OTL.exe
[2009/07/06 19:00:01 | 00,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/07/06 08:50:59 | 00,108,032 | ---- | M] () -- C:\Documents and Settings\Michael J. Audet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 02:40:43 | 00,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/06 02:40:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/06 02:37:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/06 02:37:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/05 15:53:37 | 03,714,686 | -H-- | M] () -- C:\Documents and Settings\Michael J. Audet\Local Settings\Application Data\IconCache.db
[2009/07/04 19:28:25 | 00,001,734 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/07/03 19:33:18 | 00,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/06/29 01:43:38 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/28 16:52:13 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/06/28 07:52:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/06/27 22:28:29 | 00,001,285 | -H-- | M] () -- C:\IPH.PH
[2009/06/25 15:29:09 | 00,054,496 | ---- | M] () -- C:\Documents and Settings\Michael J. Audet\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/25 15:24:00 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/25 15:24:00 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/25 15:24:00 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/25 15:19:39 | 01,474,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/25 14:45:27 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/25 13:28:57 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/24 00:30:27 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/21 01:15:35 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA8AD2BF
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 7/6/2009 7:49:10 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Michael J. Audet\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 181.30 Mb Available Physical Memory | 23.89% Memory free
1.81 Gb Paging File | 1.34 Gb Available in Paging File | 73.68% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 100.36 Gb Free Space | 67.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL2400
Current User Name: Michael J. Audet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/02/10 11:18:33 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/04/28 19:49:06 | 05,948,712 | ---- | M] (CyberLink Corp.) -- C:\Program Files\PowerDirector\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector
[2008/10/22 04:46:21 | 02,226,464 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0
[2005/01/19 19:35:44 | 00,513,024 | ---- | M] () -- C:\My Games\Emulation\Snes\zsnesw.exe:*:Enabled:zsnesw
[2004/04/01 20:02:50 | 00,520,235 | ---- | M] (Big Huge Games, Inc.) -- C:\My Games\Real-time Strategy\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations
[2008/06/12 13:50:49 | 10,007,552 | ---- | M] (Big Huge Games, Inc.) -- C:\My Games\Real-time Strategy\Rise of Nations\patriots.exe:*:Enabled:Rise of Nations
[2009/05/19 01:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2003/09/24 15:35:52 | 05,664,768 | R--- | M] () -- C:\My Games\Real-time Strategy\Command & Conquer Generals\game.dat:*:Enabled:game
[2009/06/02 22:50:39 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe:*:Disabled:Firefox
[2005/05/02 21:20:23 | 06,483,968 | ---- | M] () -- C:\My Games\Real-time Strategy\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game
[2009/02/04 13:27:34 | 23,975,720 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/05/24 16:24:10 | 00,275,456 | ---- | M] () -- C:\My Games\Emulation\Playstation\ePSXe.exe:*:Enabled:ePSXe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83C6C34-3007-422A-9E56-A74996BCCDBD}" = LogMeIn
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"CursorXP" = CursorXP
"Desktop Currency Converter" = Desktop Currency Converter
"DNA-Force Files Uninstall" = DNA-Force Files Uninstall
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free Sound Recorder" = Free Sound Recorder
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Hamachi" = Hamachi 1.0.3.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.5
"Luxor" = Luxor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle" = Peggle (remove only)
"PowerISO" = PowerISO
"PrimoPDF4.1.0.9" = PrimoPDF
"RiseOfNationsExpansion 1.0" = Rise of Nations
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneTick" = ZoneTick World Time Zone Clock 4.1.0 (remove only)
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/6/2009 3:55:07 PM | Computer Name = DELL2400 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://66.118.142.24/downloads/download.cg...TVOVEEwTURZPQo=
failed, 0000001E.

[ Application Events ]
Error - 2/15/2009 11:38:14 PM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/15/2009 11:38:14 PM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/15/2009 11:38:14 PM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/16/2009 1:32:43 AM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/16/2009 1:32:43 AM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/16/2009 1:32:43 AM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/16/2009 3:41:17 PM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/16/2009 3:41:17 PM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/16/2009 3:41:17 PM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

Error - 2/16/2009 4:03:06 PM | Computer Name = DELL2400 | Source = MySQL | ID = 100
Description =

[ System Events ]
Error - 6/30/2009 5:35:53 PM | Computer Name = DELL2400 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 000F1F5009FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/1/2009 4:04:58 PM | Computer Name = DELL2400 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 5.12.103.146 on
the Network Card with network address 7A79050C6792.

Error - 7/1/2009 5:35:55 PM | Computer Name = DELL2400 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.101 on
the Network Card with network address 000F1F5009FD.

Error - 7/1/2009 9:46:20 PM | Computer Name = DELL2400 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 000F1F5009FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/2/2009 4:53:32 PM | Computer Name = DELL2400 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 000F1F5009FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/2/2009 10:42:35 PM | Computer Name = DELL2400 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 5.12.103.146 on
the Network Card with network address 7A79050C6792.

Error - 7/3/2009 6:56:02 PM | Computer Name = DELL2400 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 000F1F5009FD.

Error - 7/4/2009 6:02:32 PM | Computer Name = DELL2400 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 000F1F5009FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/5/2009 5:28:35 AM | Computer Name = DELL2400 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 000F1F5009FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/6/2009 2:37:36 AM | Computer Name = DELL2400 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 000F1F5009FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:07 PM

Posted 06 July 2009 - 07:24 PM

Thanks for the kind words, Talah Rama. There is a great team at BC and I'm proud to be part of it.

We still have to do a quick clean up - though the worst has gone.

Use Windows Explorer to find and delete this file:

C:\WINDOWS\popcinfo.dat

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Please then run an online scan for me.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 Talah Rama

Talah Rama
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 07 July 2009 - 10:55 PM

Deleted popcinfo.dat and ran the online scan. I got a little confused when exporting the results so I settled on saving it as a txt file and copy and pasting it here, hope you can make sense of it. Thanks again for the help. : )

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
Scan report generated at: Tue, Jul 07, 2009 - 23:46:32

Scan path: C:\;D:\;E:\;

Statistics
Time00:20:21
Files108203
Folders8027
Boot Sectors0
Archives819
Packed Files19489

Results
Identified Viruses 0
Infected Files 0
Suspect Files 0
Warnings0
Disinfected0
Deleted Files0

Engines Info
Virus Definitions3654945
Engine buildAVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008
17:19:14)
Scan plugins17
Archive plugins45
Unpack plugins7
E-mail plugins6
System plugins4

Scan Settings
First ActionDisinfect
Second ActionDelete
HeuristicsYes
Enable WarningsYes
Scanned
Extensionsexe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan EmailsYes
Scan ArchivesYes
Scan PackedYes
Scan FilesYes
Scan BootYes

Scanned File Status
No virus found.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:07 PM

Posted 08 July 2009 - 03:51 PM

Good news Talah Rama :thumbup2:

The logs are clean.

Good stuff! :)

Let's firstly do some housekeeping

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it Talah Rama, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#12 Talah Rama

Talah Rama
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 08 July 2009 - 11:34 PM

I can't thank you enough m0le, this has been an incredibly helpful webiste and a great experience overall. If I ever come across anyone having issues with malware/viruses I will recommend bleepingcomputer.com to them without a second thought. You guys are truly in a league of your own! : )

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:07 PM

Posted 09 July 2009 - 06:51 AM

Thanks for the compliment and recommendation. :thumbup2:

Cheers

m0le
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:07 PM

Posted 14 July 2009 - 04:24 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users