Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirecting problem


  • This topic is locked This topic is locked
10 replies to this topic

#1 airscape216

airscape216

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 13 December 2009 - 05:59 PM

When i use my search engine and click on a link, I usually get redirected to another site. I tried to follow your guideline before posting, but I cannot seem to run the rootrepeal without getting a error, where my computer reboots. Please help me. Thank you.


DDS (Ver_09-12-01.01) - NTFSx86
Run by user at 14:36:09.99 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2942.1214 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.81\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Users\user\Program Files\DNA\btdna.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\users\user\appdata\locallow\cyberdefender\cdmyidd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\users\user\appdata\locallow\cyberdefender\cdmyidd.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [BitTorrent DNA] "c:\users\user\program files\dna\btdna.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\vh32r8fn.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-30 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-13 207792]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-19 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-19 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-19 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-19 56816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-13 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-4-29 598856]
R3 wrssweep;Webroots Volume Access Driver;c:\program files\webroot\washer\wrSSweep.sys [2009-7-14 21832]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-4-30 12672]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-17 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-13 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-13 1141712]

=============== Created Last 30 ================

2009-12-13 21:59:49 0 d-----w- c:\program files\Trend Micro
2009-12-13 21:57:16 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-13 21:57:16 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-13 21:57:16 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-13 21:57:16 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-13 21:57:16 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-13 21:57:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-13 21:57:16 131 ----a-w- c:\windows\IDB.zip
2009-12-13 21:57:16 1152444 ----a-w- c:\windows\UDB.zip
2009-12-13 21:56:17 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-13 21:56:17 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-13 21:56:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-13 21:56:14 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-13 21:56:14 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-13 21:56:14 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-13 21:56:14 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-13 21:56:06 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-13 21:56:06 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-13 21:55:56 0 d-----w- c:\program files\common files\PC Tools
2009-12-13 21:55:55 0 d-----w- c:\users\user\appdata\roaming\PC Tools
2009-12-13 21:55:55 0 d-----w- c:\programdata\PC Tools
2009-12-13 21:55:55 0 d-----w- c:\program files\Spyware Doctor
2009-12-13 21:55:43 0 d---a-w- c:\programdata\TEMP
2009-12-12 11:01:16 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 11:01:15 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 11:01:15 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 04:05:55 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 11:00:28 0 d-----w- c:\program files\eMule
2009-12-08 06:43:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-07 21:33:28 0 d-----w- c:\programdata\AVS4YOU
2009-12-07 21:33:24 0 d-----w- c:\users\user\appdata\roaming\AVS4YOU
2009-12-07 21:32:56 0 d-----w- c:\program files\common files\AVSMedia
2009-12-07 21:32:55 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-12-07 21:32:55 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-12-07 21:32:54 0 d-----w- c:\program files\AVS4YOU
2009-12-02 22:50:25 0 d-----w- c:\program files\MediaCoder
2009-12-02 20:49:37 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-12-02 20:49:37 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-12-02 20:28:02 0 d-----w- c:\program files\Xilisoft
2009-12-02 20:17:45 81920 ----a-w- c:\windows\system32\mbmouse.ocx
2009-12-02 20:17:45 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2009-12-02 20:17:45 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2009-12-02 20:17:44 212240 ----a-w- c:\windows\system32\richtx32.ocx
2009-11-30 10:53:32 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-30 10:48:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-30 10:47:25 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-26 04:42:20 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 19:59:45 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 19:59:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 19:59:43 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-21 23:31:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-21 23:31:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-18 10:33:27 0 d-----w- c:\program files\Windows Portable Devices
2009-11-18 10:32:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-18 00:49:46 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 00:49:46 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 00:49:46 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 00:47:53 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-18 00:46:36 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 00:46:36 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-18 00:46:36 234496 ----a-w- c:\windows\system32\oleacc.dll

==================== Find3M ====================

2009-12-08 01:17:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-30 10:53:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 10:33:20 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-18 10:33:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 10:33:20 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-18 10:33:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 02:22:30 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-16 02:59:11 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-04-30 06:35:42 36196 ----a-w- c:\windows\inf\perflib\041f\perfd.dat
2009-04-30 06:35:42 36196 ----a-w- c:\windows\inf\perflib\041f\perfc.dat
2009-04-30 06:35:42 281380 ----a-w- c:\windows\inf\perflib\041f\perfi.dat
2009-04-30 06:35:42 281380 ----a-w- c:\windows\inf\perflib\041f\perfh.dat
2009-04-30 06:24:48 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2009-04-30 06:24:48 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2009-04-30 06:24:48 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2009-04-30 06:24:48 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2009-04-30 06:12:26 30674 ----a-w- c:\windows\inf\perflib\0404\perfd.dat
2009-04-30 06:12:26 30674 ----a-w- c:\windows\inf\perflib\0404\perfc.dat
2009-04-30 06:12:26 116540 ----a-w- c:\windows\inf\perflib\0404\perfi.dat
2009-04-30 06:12:26 116540 ----a-w- c:\windows\inf\perflib\0404\perfh.dat
2009-04-30 05:59:57 30674 ----a-w- c:\windows\inf\perflib\0804\perfd.dat
2009-04-30 05:59:57 30674 ----a-w- c:\windows\inf\perflib\0804\perfc.dat
2009-04-30 05:59:57 109926 ----a-w- c:\windows\inf\perflib\0804\perfi.dat
2009-04-30 05:59:57 109926 ----a-w- c:\windows\inf\perflib\0804\perfh.dat
2009-04-30 05:49:42 41018 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2009-04-30 05:49:42 41018 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2009-04-30 05:49:42 285290 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2009-04-30 05:49:42 285290 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2009-04-30 05:37:59 30674 ----a-w- c:\windows\inf\perflib\0411\perfd.dat
2009-04-30 05:37:59 30674 ----a-w- c:\windows\inf\perflib\0411\perfc.dat
2009-04-30 05:37:59 139030 ----a-w- c:\windows\inf\perflib\0411\perfi.dat
2009-04-30 05:37:58 139030 ----a-w- c:\windows\inf\perflib\0411\perfh.dat
2009-04-30 05:26:38 30674 ----a-w- c:\windows\inf\perflib\0412\perfd.dat
2009-04-30 05:26:38 30674 ----a-w- c:\windows\inf\perflib\0412\perfc.dat
2009-04-30 05:26:38 155890 ----a-w- c:\windows\inf\perflib\0412\perfi.dat
2009-04-30 05:26:38 155890 ----a-w- c:\windows\inf\perflib\0412\perfh.dat
2008-02-05 17:16:44 38684 ----a-w- c:\windows\inf\perflib\0419\perfd.dat
2008-02-05 17:16:43 38684 ----a-w- c:\windows\inf\perflib\0419\perfc.dat
2008-02-05 17:16:43 332666 ----a-w- c:\windows\inf\perflib\0419\perfi.dat
2008-02-05 17:16:43 332666 ----a-w- c:\windows\inf\perflib\0419\perfh.dat
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:38:11.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:14 AM

Posted 14 December 2009 - 08:53 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 airscape216

airscape216
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 15 December 2009 - 12:13 AM

Hi Sam,
I got both OTL reports, but I cannot seem to get the GMER Rootkit report. The first time I try, the program shuts down due to a problem. The second attempt, my computer reboots with an error on a blue screen. Thank you for all your help.

OTL logfile created on: 12/14/2009 8:43:42 PM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\user\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.38% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 359.07 Gb Free Space | 77.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 948.63 Mb Total Space | 83.84 Mb Free Space | 8.84% Space Free | Partition Type: FAT32
Drive H: | 232.83 Gb Total Space | 59.98 Gb Free Space | 25.76% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: BRYANRIM
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/14 01:30:43 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2009/12/10 22:01:46 | 00,321,320 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2009/11/30 02:48:49 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/30 02:48:39 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/21 15:31:20 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/07 11:54:46 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\user\Program Files\DNA\btdna.exe
PRC - [2009/11/07 11:46:47 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/24 09:52:10 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/03 19:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/01 08:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/10 22:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/25 13:32:54 | 00,733,184 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2009/02/22 11:15:14 | 05,668,864 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe
PRC - [2009/01/21 08:08:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/11/25 04:41:32 | 06,691,360 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/11/24 01:45:04 | 00,621,056 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.81\aaCenter.exe
PRC - [2008/01/20 18:23:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 18:21:41 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 13:47:30 | 01,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe


========== Modules (SafeList) ==========

MOD - [2009/12/14 01:30:43 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2009/04/10 22:28:20 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrtip.dll
MOD - [2009/04/10 22:28:20 | 00,364,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMETIP.DLL
MOD - [2009/04/10 22:28:20 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMJKAPI.DLL
MOD - [2009/04/10 22:28:20 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrapi.dll
MOD - [2009/04/10 22:21:38 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/10 22:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 22:01:46 | 00,321,320 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/11/30 02:48:39 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/25 13:32:54 | 00,733,184 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2009/01/21 08:08:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/20 18:21:41 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 04:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9
FF - prefs.js..extensions.enabledItems: {bff829b6-b433-42ce-9a19-e459d3e4e483}:3.6.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14907
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.0.7
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/21 15:31:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/21 15:31:45 | 00,000,000 | ---D | M]

[2009/07/13 06:21:36 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/04/29 18:13:02 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions
[2009/04/29 18:13:02 | 00,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/14 20:10:58 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions
[2009/09/20 20:58:05 | 00,000,000 | ---D | M] (ImTranslator) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/10/24 17:57:39 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\anycolor.pavlos256@gmail.com
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com
[2009/07/13 13:43:49 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions
[2009/07/13 13:39:47 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\chatzilla
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\Console2
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\downthemall
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\emusic
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\fullerscreen
[2009/07/13 13:39:47 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\sage
[2009/07/13 13:39:47 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\toolkit
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\webdeveloper
[2009/07/13 13:39:47 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\mozapps\extensions
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\chatzilla
[2009/07/13 13:43:49 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\Console2
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\downthemall
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\emusic
[2009/07/13 13:43:49 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\fullerscreen
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\sage
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\toolkit
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\webdeveloper
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\mozapps\extensions
[2009/07/13 06:54:00 | 00,002,845 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\vh32r8fn.default\searchplugins\bing.xml
[2009/08/14 16:09:02 | 00,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\vh32r8fn.default\searchplugins\daemon-search.xml
[2009/12/13 14:45:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/02 12:17:03 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{bff829b6-b433-42ce-9a19-e459d3e4e483}
[2009/12/14 16:01:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\user\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\user\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\user\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\user\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} http://dl.bugsm.co.kr/install/BugsInstaller.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/05/18 10:54:20 | 00,061,440 | R--- | M] () - E:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2003/02/11 23:01:48 | 00,000,050 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/12/21 14:56:46 | 00,000,069 | -H-- | M] () - H:\autorun.in_2.org -- [ FAT32 ]
O33 - MountPoints2\{fa4da05f-3584-11de-8286-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa4da05f-3584-11de-8286-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe -- [2003/05/18 10:54:20 | 00,061,440 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/14 01:30:40 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2009/12/13 13:59:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/13 13:55:43 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/12/09 03:00:28 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2009/12/07 13:33:28 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2009/12/07 13:33:24 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVS4YOU
[2009/12/07 13:32:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/12/07 13:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/12/07 13:21:18 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Music Recognition
[2009/12/02 14:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/12/02 12:49:37 | 00,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\WNASPI32.DLL
[2009/12/02 12:49:37 | 00,016,877 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\ASPI32.SYS
[2009/12/02 12:28:02 | 00,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2009/12/02 12:17:45 | 00,081,920 | ---- | C] (Marco Bellinaso) -- C:\Windows\System32\mbmouse.ocx
[2009/12/02 12:17:45 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/14 20:43:46 | 09,437,184 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2009/12/14 19:03:28 | 00,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 19:03:28 | 00,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 16:02:32 | 00,292,864 | ---- | M] () -- C:\Users\user\Desktop\jb6fj0pr.exe
[2009/12/14 15:04:04 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/14 15:03:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/14 15:03:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/14 15:03:12 | 30,861,39392 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/14 01:36:02 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/12/14 01:36:02 | 00,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/12/14 01:35:25 | 03,948,699 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2009/12/14 01:31:22 | 00,117,293 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller.zip
[2009/12/14 01:30:43 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2009/12/13 14:49:13 | 28,670,2007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/13 12:22:22 | 00,060,928 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 03:00:33 | 00,000,796 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
[2009/12/07 23:39:24 | 05,308,102 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/07 23:39:24 | 00,664,700 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2009/12/07 23:39:24 | 00,653,058 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2009/12/07 23:39:24 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/07 23:39:24 | 00,589,904 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2009/12/07 23:39:24 | 00,439,008 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2009/12/07 23:39:24 | 00,395,034 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2009/12/07 23:39:24 | 00,381,834 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2009/12/07 23:39:24 | 00,367,936 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2009/12/07 23:39:24 | 00,359,370 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2009/12/07 23:39:24 | 00,128,968 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2009/12/07 23:39:24 | 00,125,564 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2009/12/07 23:39:24 | 00,115,124 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2009/12/07 23:39:24 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2009/12/07 23:39:24 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/07 23:39:24 | 00,100,982 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2009/12/07 23:39:24 | 00,100,976 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2009/12/07 23:39:24 | 00,100,912 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2009/12/07 23:39:24 | 00,078,292 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2009/12/07 22:43:34 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/07 17:17:17 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/12/03 12:47:14 | 00,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/14 16:02:32 | 00,292,864 | ---- | C] () -- C:\Users\user\Desktop\jb6fj0pr.exe
[2009/12/14 01:31:20 | 00,117,293 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller.zip
[2009/12/13 14:43:55 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/09 03:00:33 | 00,000,796 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2009/12/07 22:43:34 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/09/15 18:59:11 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/14 16:12:51 | 00,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/04 21:53:37 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/21 12:09:16 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/13 14:29:11 | 00,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009/05/01 10:48:16 | 00,000,074 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2009/05/01 10:14:57 | 00,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/05/01 10:14:57 | 00,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/04/30 19:17:44 | 00,024,365 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/04/30 07:11:39 | 00,060,928 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 07:02:17 | 00,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2009/04/30 07:02:17 | 00,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/04/30 04:26:09 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/04/30 04:25:15 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/04/30 04:25:10 | 00,020,657 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/04/30 04:19:34 | 00,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/04/29 18:27:27 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/25 13:34:55 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/20 18:23:41 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/12/27 23:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006/11/02 04:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 11:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/06/22 19:08:26 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AviDvdBurner
[2009/12/08 13:36:12 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
[2009/04/29 17:37:31 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/14 16:12:11 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2009/12/14 20:44:12 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DNA
[2009/05/26 19:20:14 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FinalBurner Video DVD
[2009/10/18 21:43:32 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2009/12/07 13:21:18 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Music Recognition
[2009/10/08 17:18:11 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Titanium Gears
[2009/05/01 10:20:05 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems
[2009/05/26 19:16:02 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Video DVD Maker FREE
[2009/07/13 14:03:18 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Sidebar Styler
[2009/12/14 15:04:04 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/12/14 01:35:44 | 00,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 18:21:09 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 18:21:09 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 18:22:13 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:22:59 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

2nd Notepad


OTL logfile created on: 12/14/2009 8:43:42 PM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\user\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.38% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 359.07 Gb Free Space | 77.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 948.63 Mb Total Space | 83.84 Mb Free Space | 8.84% Space Free | Partition Type: FAT32
Drive H: | 232.83 Gb Total Space | 59.98 Gb Free Space | 25.76% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: BRYANRIM
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/14 01:30:43 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2009/12/10 22:01:46 | 00,321,320 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2009/11/30 02:48:49 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/30 02:48:39 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/21 15:31:20 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/07 11:54:46 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\user\Program Files\DNA\btdna.exe
PRC - [2009/11/07 11:46:47 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/24 09:52:10 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/03 19:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/01 08:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/10 22:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/25 13:32:54 | 00,733,184 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2009/02/22 11:15:14 | 05,668,864 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe
PRC - [2009/01/21 08:08:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/11/25 04:41:32 | 06,691,360 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/11/24 01:45:04 | 00,621,056 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.81\aaCenter.exe
PRC - [2008/01/20 18:23:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 18:21:41 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 13:47:30 | 01,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe


========== Modules (SafeList) ==========

MOD - [2009/12/14 01:30:43 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2009/04/10 22:28:20 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrtip.dll
MOD - [2009/04/10 22:28:20 | 00,364,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMETIP.DLL
MOD - [2009/04/10 22:28:20 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMJKAPI.DLL
MOD - [2009/04/10 22:28:20 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrapi.dll
MOD - [2009/04/10 22:21:38 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/10 22:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 22:01:46 | 00,321,320 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/11/30 02:48:39 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/25 13:32:54 | 00,733,184 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2009/01/21 08:08:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/20 18:21:41 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 13:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 04:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9
FF - prefs.js..extensions.enabledItems: {bff829b6-b433-42ce-9a19-e459d3e4e483}:3.6.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14907
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.0.7
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/21 15:31:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/21 15:31:45 | 00,000,000 | ---D | M]

[2009/07/13 06:21:36 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/04/29 18:13:02 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions
[2009/04/29 18:13:02 | 00,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/14 20:10:58 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions
[2009/09/20 20:58:05 | 00,000,000 | ---D | M] (ImTranslator) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/10/24 17:57:39 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\anycolor.pavlos256@gmail.com
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com
[2009/07/13 13:43:49 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions
[2009/07/13 13:39:47 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\chatzilla
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\Console2
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\downthemall
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\emusic
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\fullerscreen
[2009/07/13 13:39:47 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\sage
[2009/07/13 13:39:47 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\toolkit
[2009/07/13 13:39:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\global\extensions\webdeveloper
[2009/07/13 13:39:47 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\djziggy@gmail.com\chrome\mozapps\extensions
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\chatzilla
[2009/07/13 13:43:49 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\Console2
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\downthemall
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\emusic
[2009/07/13 13:43:49 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\fullerscreen
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\sage
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\toolkit
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\global\extensions\webdeveloper
[2009/07/13 13:43:50 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vh32r8fn.default\extensions\info@djzig.com\chrome\mozapps\extensions
[2009/07/13 06:54:00 | 00,002,845 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\vh32r8fn.default\searchplugins\bing.xml
[2009/08/14 16:09:02 | 00,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\vh32r8fn.default\searchplugins\daemon-search.xml
[2009/12/13 14:45:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/02 12:17:03 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{bff829b6-b433-42ce-9a19-e459d3e4e483}
[2009/12/14 16:01:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\user\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\user\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\user\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\user\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} http://dl.bugsm.co.kr/install/BugsInstaller.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/05/18 10:54:20 | 00,061,440 | R--- | M] () - E:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2003/02/11 23:01:48 | 00,000,050 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/12/21 14:56:46 | 00,000,069 | -H-- | M] () - H:\autorun.in_2.org -- [ FAT32 ]
O33 - MountPoints2\{fa4da05f-3584-11de-8286-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa4da05f-3584-11de-8286-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe -- [2003/05/18 10:54:20 | 00,061,440 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/14 01:30:40 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2009/12/13 13:59:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/13 13:55:43 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/12/09 03:00:28 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2009/12/07 13:33:28 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2009/12/07 13:33:24 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVS4YOU
[2009/12/07 13:32:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/12/07 13:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/12/07 13:21:18 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Music Recognition
[2009/12/02 14:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/12/02 12:49:37 | 00,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\WNASPI32.DLL
[2009/12/02 12:49:37 | 00,016,877 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\ASPI32.SYS
[2009/12/02 12:28:02 | 00,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2009/12/02 12:17:45 | 00,081,920 | ---- | C] (Marco Bellinaso) -- C:\Windows\System32\mbmouse.ocx
[2009/12/02 12:17:45 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/14 20:43:46 | 09,437,184 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2009/12/14 19:03:28 | 00,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 19:03:28 | 00,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 16:02:32 | 00,292,864 | ---- | M] () -- C:\Users\user\Desktop\jb6fj0pr.exe
[2009/12/14 15:04:04 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/14 15:03:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/14 15:03:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/14 15:03:12 | 30,861,39392 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/14 01:36:02 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/12/14 01:36:02 | 00,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/12/14 01:35:25 | 03,948,699 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2009/12/14 01:31:22 | 00,117,293 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller.zip
[2009/12/14 01:30:43 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2009/12/13 14:49:13 | 28,670,2007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/13 12:22:22 | 00,060,928 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 03:00:33 | 00,000,796 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
[2009/12/07 23:39:24 | 05,308,102 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/07 23:39:24 | 00,664,700 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2009/12/07 23:39:24 | 00,653,058 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2009/12/07 23:39:24 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/07 23:39:24 | 00,589,904 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2009/12/07 23:39:24 | 00,439,008 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2009/12/07 23:39:24 | 00,395,034 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2009/12/07 23:39:24 | 00,381,834 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2009/12/07 23:39:24 | 00,367,936 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2009/12/07 23:39:24 | 00,359,370 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2009/12/07 23:39:24 | 00,128,968 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2009/12/07 23:39:24 | 00,125,564 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2009/12/07 23:39:24 | 00,115,124 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2009/12/07 23:39:24 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2009/12/07 23:39:24 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/07 23:39:24 | 00,100,982 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2009/12/07 23:39:24 | 00,100,976 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2009/12/07 23:39:24 | 00,100,912 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2009/12/07 23:39:24 | 00,078,292 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2009/12/07 22:43:34 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/07 17:17:17 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/12/03 12:47:14 | 00,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/14 16:02:32 | 00,292,864 | ---- | C] () -- C:\Users\user\Desktop\jb6fj0pr.exe
[2009/12/14 01:31:20 | 00,117,293 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller.zip
[2009/12/13 14:43:55 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/09 03:00:33 | 00,000,796 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2009/12/07 22:43:34 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/09/15 18:59:11 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/14 16:12:51 | 00,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/04 21:53:37 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/21 12:09:16 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/13 14:29:11 | 00,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009/05/01 10:48:16 | 00,000,074 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2009/05/01 10:14:57 | 00,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/05/01 10:14:57 | 00,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/04/30 19:17:44 | 00,024,365 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/04/30 07:11:39 | 00,060,928 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 07:02:17 | 00,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2009/04/30 07:02:17 | 00,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/04/30 04:26:09 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/04/30 04:25:15 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/04/30 04:25:10 | 00,020,657 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/04/30 04:19:34 | 00,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/04/29 18:27:27 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/25 13:34:55 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/20 18:23:41 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/12/27 23:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006/11/02 04:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 11:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/06/22 19:08:26 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AviDvdBurner
[2009/12/08 13:36:12 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
[2009/04/29 17:37:31 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/14 16:12:11 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2009/12/14 20:44:12 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DNA
[2009/05/26 19:20:14 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FinalBurner Video DVD
[2009/10/18 21:43:32 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2009/12/07 13:21:18 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Music Recognition
[2009/10/08 17:18:11 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Titanium Gears
[2009/05/01 10:20:05 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems
[2009/05/26 19:16:02 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Video DVD Maker FREE
[2009/07/13 14:03:18 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Sidebar Styler
[2009/12/14 15:04:04 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/12/14 01:35:44 | 00,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 18:21:09 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 18:21:09 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 18:22:13 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:22:59 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
[2009/12/14 20:43:46 | 09,437,184 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2009/12/14 16:02:32 | 00,292,864 | ---- | M] () -- C:\Users\user\Desktop\jb6fj0pr.exe
[2009/12/14 15:04:04 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/14 15:03:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/14 15:03:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/14 01:36:02 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/12/14 01:36:02 | 00,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/12/14 01:35:25 | 03,948,699 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2009/12/14 01:31:22 | 00,117,293 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller.zip
[2009/12/14 01:30:43 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2009/12/13 14:49:13 | 28,670,2007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/13 12:22:22 | 00,060,928 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 03:00:33 | 00,000,796 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
[2009/12/03 12:47:14 | 00,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/11/30 02:47:23 | 00,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/29 22:48:55 | 00,000,107 | ---- | M] () -- C:\Users\user\webct_upload_applet.properties
[2009/11/21 15:31:42 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2009/11/20 17:05:42 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== LOP Check ==========

[2009/12/14 15:04:04 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/12/14 01:35:44 | 00,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 18:21:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 18:21:09 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 18:21:09 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 18:21:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 18:22:13 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 18:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:22:59 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:14 AM

Posted 15 December 2009 - 08:34 AM

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 airscape216

airscape216
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 15 December 2009 - 12:08 PM

There was no problem running this program.


Host Name: BRYANRIM
OS Name: Microsoftr Windows VistaT Ultimate
OS Version: 6.0.6002 Service Pack 2 Build 6002
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: user
Registered Organization:
Product ID: 89580-OEM-7332132-00031
Original Install Date: 4/30/2009, 5:14:38 AM
System Boot Time: 12/15/2009, 8:59:37 AM
System Manufacturer: System manufacturer
System Model: System Product Name
System Type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x64 Family 15 Model 107 Stepping 2 AuthenticAMD ~3100 Mhz
BIOS Version: American Megatrends Inc. 0405 , 3/11/2009
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-08:00) Pacific Time (US & Canada)
Total Physical Memory: 2,942 MB
Available Physical Memory: 1,658 MB
Page File: Max Size: 6,115 MB
Page File: Available: 4,925 MB
Page File: In Use: 1,190 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\BRYANRIM
Hotfix(s): 121 Hotfix(s) Installed.
[01]: {8B2F38F1-6D3C-4D87-AD2F-954AF6942800}
[02]: KB937286
[03]: KB971513
[04]: KB971512
[05]: KB944036
[06]: KB944036
[07]: KB944036
[08]: KB944036
[09]: KB944036
[10]: KB944036
[11]: KB944036
[12]: KB944036
[13]: 944036
[14]: 928439
[15]: 932925
[16]: KB960362
[17]: KB971514
[18]: KB905866
[19]: KB935509
[20]: KB937287
[21]: KB938371
[22]: KB938464
[23]: KB948609
[24]: KB948610
[25]: KB950124
[26]: KB950125
[27]: KB950760
[28]: KB950762
[29]: KB950974
[30]: KB951066
[31]: KB951376
[32]: KB951698
[33]: KB951978
[34]: KB952004
[35]: KB952069
[36]: KB952287
[37]: KB952709
[38]: KB953155
[39]: KB953733
[40]: KB954154
[41]: KB954155
[42]: KB954459
[43]: KB954708
[44]: KB955020
[45]: KB955069
[46]: KB955302
[47]: KB955430
[48]: KB955839
[49]: KB956572
[50]: KB956744
[51]: KB956802
[52]: KB957097
[53]: KB957200
[54]: KB957321
[55]: KB957388
[56]: KB958481
[57]: KB958483
[58]: KB958623
[59]: KB958624
[60]: KB958644
[61]: KB958687
[62]: KB958690
[63]: KB959108
[64]: KB959130
[65]: KB959426
[66]: KB959772
[67]: KB960225
[68]: KB960544
[69]: KB960715
[70]: KB960803
[71]: KB961371
[72]: KB961501
[73]: KB963027
[74]: KB967632
[75]: KB967723
[76]: KB968220
[77]: KB968389
[78]: KB968537
[79]: KB968816
[80]: KB969497
[81]: KB969897
[82]: KB969898
[83]: KB969947
[84]: KB970238
[85]: KB970430
[86]: KB970653
[87]: KB970710
[88]: KB971180
[89]: KB971486
[90]: KB971557
[91]: KB971657
[92]: KB971737
[93]: KB971930
[94]: KB971961
[95]: KB972036
[96]: KB972145
[97]: KB972260
[98]: KB972636
[99]: KB973346
[100]: KB973507
[101]: KB973525
[102]: KB973540
[103]: KB973565
[104]: KB973687
[105]: KB973768
[106]: KB973874
[107]: KB973917
[108]: KB974306
[109]: KB974318
[110]: KB974455
[111]: KB974470
[112]: KB974571
[113]: KB975364
[114]: KB975467
[115]: KB975517
[116]: KB976098
[117]: KB976325
[118]: KB976470
[119]: KB976749
[120]: KB948465
[121]: 940157
Network Card(s): 1 NIC(s) Installed.
[01]: NVIDIA nForce 10/100 Mbps Ethernet
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.152
[02]: fe80::fc27:81e5:f109:37d9
9:5:20:854 1716 ForceUnloadDriver: NtUnloadDriver error 2
9:5:20:855 1716 ForceUnloadDriver: NtUnloadDriver error 2
9:5:20:855 1716 ForceUnloadDriver: NtUnloadDriver error 2
9:5:20:859 1716 main: Driver KLMD successfully dropped
9:5:20:874 1716 main: Driver KLMD successfully loaded
9:5:20:874 1716
Scanning Registry ...
9:5:20:874 1716 ScanServices: Searching service UACd.sys
9:5:20:874 1716 ScanServices: Open/Create key error 2
9:5:20:874 1716 ScanServices: Searching service TDSSserv.sys
9:5:20:874 1716 ScanServices: Open/Create key error 2
9:5:20:874 1716 ScanServices: Searching service gaopdxserv.sys
9:5:20:874 1716 ScanServices: Open/Create key error 2
9:5:20:874 1716 ScanServices: Searching service gxvxcserv.sys
9:5:20:874 1716 ScanServices: Open/Create key error 2
9:5:20:874 1716 ScanServices: Searching service MSIVXserv.sys
9:5:20:874 1716 ScanServices: Open/Create key error 2
9:5:20:877 1716 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 8244F000
9:5:20:878 1716 UnhookRegistry: Kernel local addr: 1C40000
9:5:20:878 1716 UnhookRegistry: KeServiceDescriptorTable addr: 1D77B00
9:5:20:879 1716 UnhookRegistry: KiServiceTable addr: 1CEC82C
9:5:20:879 1716 UnhookRegistry: NtEnumerateKey service number (local): 85
9:5:20:879 1716 UnhookRegistry: NtEnumerateKey local addr: 1E3D0BA
9:5:20:883 1716 KLMD_OpenDevice: Trying to open KLMD device
9:5:20:883 1716 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
9:5:20:883 1716 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
9:5:20:883 1716 KLMD_ReadMem: Trying to ReadMemory 0x82497D19[0x4]
9:5:20:883 1716 UnhookRegistry: NtEnumerateKey service number (kernel): 85
9:5:20:883 1716 KLMD_ReadMem: Trying to ReadMemory 0x824FBA40[0x4]
9:5:20:883 1716 UnhookRegistry: NtEnumerateKey real addr: 8264C0BA
9:5:20:883 1716 UnhookRegistry: NtEnumerateKey calc addr: 8264C0BA
9:5:20:883 1716 UnhookRegistry: No SDT hooks found on NtEnumerateKey
9:5:20:883 1716 KLMD_ReadMem: Trying to ReadMemory 0x8264C0BA[0xA]
9:5:20:883 1716 UnhookRegistry: No splicing found on NtEnumerateKey
9:5:20:886 1716
Scanning Kernel memory ...
9:5:20:886 1716 KLMD_OpenDevice: Trying to open KLMD device
9:5:20:886 1716 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
9:5:20:886 1716 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
9:5:20:886 1716 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86C65688
9:5:20:886 1716 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
9:5:20:886 1716 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 878A9AC8
9:5:20:886 1716 KLMD_GetLowerDeviceObject: Trying to get lower device object for 878A9AC8
9:5:20:886 1716 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 895B9328
9:5:20:886 1716 KLMD_GetLowerDeviceObject: Trying to get lower device object for 895B9328
9:5:20:886 1716 KLMD_ReadMem: Trying to ReadMemory 0x895B9328[0x38]
9:5:20:886 1716 DetectCureTDL3: DRIVER_OBJECT addr: 88BEC188
9:5:20:886 1716 KLMD_ReadMem: Trying to ReadMemory 0x88BEC188[0xA8]
9:5:20:886 1716 KLMD_ReadMem: Trying to ReadMemory 0x87847818[0x208]
9:5:20:886 1716 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
9:5:20:886 1716 DetectCureTDL3: IrpHandler (0) addr: 88B0A500
9:5:20:887 1716 DetectCureTDL3: IrpHandler (1) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (2) addr: 88B0A500
9:5:20:887 1716 DetectCureTDL3: IrpHandler (3) addr: 88B0A500
9:5:20:887 1716 DetectCureTDL3: IrpHandler (4) addr: 88B0A500
9:5:20:887 1716 DetectCureTDL3: IrpHandler (5) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (6) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (7) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (8) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (9) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (10) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (11) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (12) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (13) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (14) addr: 88B0A500
9:5:20:887 1716 DetectCureTDL3: IrpHandler (15) addr: 88B0A500
9:5:20:887 1716 DetectCureTDL3: IrpHandler (16) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (17) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (18) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (19) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (20) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (21) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (22) addr: 88B0A500
9:5:20:887 1716 DetectCureTDL3: IrpHandler (23) addr: 88B0A500
9:5:20:887 1716 DetectCureTDL3: IrpHandler (24) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (25) addr: 824779D2
9:5:20:887 1716 DetectCureTDL3: IrpHandler (26) addr: 824779D2
9:5:20:887 1716 KLMD_ReadMem: Trying to ReadMemory 0x82BDFF26[0x400]
9:5:20:887 1716 TDL3_StartIoHookDetect: CheckParameters: 5, 82BE4000, 0, 0
9:5:20:887 1716 TDL3_FileDetect: Processing driver: USBSTOR
9:5:20:887 1716 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
9:5:20:887 1716 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys
9:5:20:887 1716 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys
9:5:20:916 1716 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 86D68AC8
9:5:20:916 1716 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D68AC8
9:5:20:916 1716 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85CB4F08
9:5:20:916 1716 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85CB4F08
9:5:20:916 1716 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85C97478
9:5:20:916 1716 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85C97478
9:5:20:916 1716 KLMD_ReadMem: Trying to ReadMemory 0x85C97478[0x38]
9:5:20:916 1716 DetectCureTDL3: DRIVER_OBJECT addr: 873F4610
9:5:20:916 1716 KLMD_ReadMem: Trying to ReadMemory 0x873F4610[0xA8]
9:5:20:916 1716 KLMD_ReadMem: Trying to ReadMemory 0x85C97920[0x38]
9:5:20:916 1716 KLMD_ReadMem: Trying to ReadMemory 0x84E58968[0xA8]
9:5:20:916 1716 KLMD_ReadMem: Trying to ReadMemory 0x85CB8FD8[0x208]
9:5:20:916 1716 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvstor32, Driver Name: nvstor32
9:5:20:916 1716 DetectCureTDL3: IrpHandler (0) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (1) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (2) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (3) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (4) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (5) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (6) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (7) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (8) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (9) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (10) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (11) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (12) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (13) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (14) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (15) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (16) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (17) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (18) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (19) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (20) addr: 85D03369
9:5:20:916 1716 DetectCureTDL3: IrpHandler (21) addr: 85D03369
9:5:20:917 1716 DetectCureTDL3: IrpHandler (22) addr: 85D03369
9:5:20:917 1716 DetectCureTDL3: IrpHandler (23) addr: 85D03369
9:5:20:917 1716 DetectCureTDL3: IrpHandler (24) addr: 85D03369
9:5:20:917 1716 DetectCureTDL3: IrpHandler (25) addr: 85D03369
9:5:20:917 1716 DetectCureTDL3: IrpHandler (26) addr: 85D03369
9:5:20:917 1716 DetectCureTDL3: All IRP handlers pointed to one addr: 85D03369
9:5:20:917 1716 KLMD_ReadMem: Trying to ReadMemory 0x85D03369[0x400]
9:5:20:917 1716 TDL3_IrpHookDetect: TDL3 is already cured
9:5:20:917 1716 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
9:5:20:917 1716 KLMD_ReadMem: DeviceIoControl error 1
9:5:20:917 1716 TDL3_StartIoHookDetect: Unable to get StartIo handler code
9:5:20:917 1716 TDL3_FileDetect: Processing driver: nvstor32
9:5:20:917 1716 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\tsk_nvstor32.sys, C:\Windows\system32\Drivers\tsk_tsk_nvstor32.sys, SYSTEM\CurrentControlSet\Services\nvstor32, system32\Drivers\tsk_tsk_nvstor32.sys
9:5:20:917 1716 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\tsk_nvstor32.sys
9:5:20:917 1716 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\tsk_nvstor32.sys
9:5:20:940 1716
Completed

Results:
9:5:20:940 1716 Infected objects in memory: 0
9:5:20:940 1716 Cured objects in memory: 0
9:5:20:940 1716 Infected objects on disk: 0
9:5:20:941 1716 Objects on disk cured on reboot: 0
9:5:20:941 1716 Objects on disk deleted on reboot: 0
9:5:20:941 1716 Registry nodes deleted on reboot: 0
9:5:20:941 1716

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:14 AM

Posted 15 December 2009 - 05:09 PM

Follow the steps here to troubleshoot your Firefox extensions.
http://support.mozilla.com/en-US/kb/Troubl...p;s=safe%20mode

Let me know if you are still redirected when starting Firefox in safe mode.
If so, that indicates that one of your extensions or plugins is causing the issue.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 airscape216

airscape216
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 15 December 2009 - 09:33 PM

Wow that was simple. The problem was caused by an extension. All I had to do was disable the add on. Thanks for all your help Sam. I truly appreciate it.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:14 AM

Posted 16 December 2009 - 09:18 AM

Was it XUL Cache 1.0?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 airscape216

airscape216
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 16 December 2009 - 09:58 PM

All it was, was an add on called my.freeze.com netassistant 3.6.0. I just disabled it and the redirecting stopped.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:14 AM

Posted 17 December 2009 - 08:40 AM

I'll make note of that one. Thank you!

Here some final steps and recommendations for you.


Now we'll remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:14 AM

Posted 26 December 2009 - 08:17 PM

Now that your problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users