Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mbam keeps blocking ips


  • This topic is locked This topic is locked
43 replies to this topic

#1 madman666

madman666

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Selah, WA
  • Local time:12:08 AM

Posted 04 April 2010 - 06:47 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/306837/security-tool/ ~ OB

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 15:43:13.21 on Sun 04/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.478 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike.HOME-8B9CC4D22D\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mozilla.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
TB: Digsby Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [hsf87efjhdsf87f3jfsdi7fhsujfd] c:\windows\temp\spoolsv.exe
dRun: [hf8wefhuaihf8ewfydiujhfdsfdf] c:\windows\temp\isbkugx.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\update
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: kuzefawi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: viriyelik - {b2c47a91-9f72-4181-a626-1388f7446708} - c:\windows\system32\jiyazami.dll
STS: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - No File
STS: gahurihor: {b2c47a91-9f72-4181-a626-1388f7446708} - c:\windows\system32\jiyazami.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli kuzefawi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mike~1.hom\applic~1\mozilla\firefox\profiles\j3axqaou.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\mike.home-8b9cc4d22d\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\mike.home-8b9cc4d22d\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-3 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-3 303952]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-9-4 45056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-3 20824]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-25 39296]
S1 akgoaxug;akgoaxug;\??\c:\windows\system32\drivers\akgoaxug.sys --> c:\windows\system32\drivers\akgoaxug.sys [?]
S1 fuymivge;fuymivge;\??\c:\windows\system32\drivers\fuymivge.sys --> c:\windows\system32\drivers\fuymivge.sys [?]
S1 MpKsl3e3c338a;MpKsl3e3c338a;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{4a64177a-7e9c-44ec-b7bc-3ff1881e0add}\mpksl3e3c338a.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{4a64177a-7e9c-44ec-b7bc-3ff1881e0add}\MpKsl3e3c338a.sys [?]
S1 MpKslb5bb8eb2;MpKslb5bb8eb2;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3cd4e577-bb27-42ce-aa23-72fc71dedc87}\mpkslb5bb8eb2.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3cd4e577-bb27-42ce-aa23-72fc71dedc87}\MpKslb5bb8eb2.sys [?]
S1 muegrqvp;muegrqvp;\??\c:\windows\system32\drivers\muegrqvp.sys --> c:\windows\system32\drivers\muegrqvp.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-29 1684736]

=============== Created Last 30 ================

2010-04-04 22:41:46 0 ----a-w- c:\documents and settings\mike.home-8b9cc4d22d\defogger_reenable
2010-04-04 20:17:18 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-04-04 20:17:04 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 20:17:04 0 d-----w- c:\docume~1\mike~1.hom\applic~1\SUPERAntiSpyware.com
2010-04-04 20:16:32 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-04 03:46:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-04 03:08:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-04 03:08:44 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-04 03:05:16 0 dc-h--w- c:\docume~1\alluse~1.win\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-04 03:04:24 0 d-----w- c:\program files\Lavasoft
2010-04-03 20:07:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-03 20:06:57 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 19:37:10 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-03 05:32:06 194 ----a-w- c:\windows\system32\_voidsrcr.dat
2010-04-03 03:36:49 1173 ----a-w- c:\docume~1\alluse~1.win\applic~1\_VOIDmfeklnmal.dll
2010-04-03 03:33:19 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-01 01:11:58 1112 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-01 01:05:23 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SITEguard
2010-04-01 01:04:13 0 d-----w- c:\program files\common files\iS3
2010-04-01 01:04:11 0 d-----w- c:\docume~1\alluse~1.win\applic~1\STOPzilla!

==================== Find3M ====================

2010-04-02 22:04:22 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-03-31 23:12:11 290816 ----a-w- c:\windows\vncutil.exe
2010-03-31 23:11:53 356352 ----a-w- c:\windows\system32\wpdsp.dll
2010-03-31 23:11:50 4096 ----a-w- c:\windows\system32\wmvadve.dll
2010-03-31 23:11:50 4096 ----a-w- c:\windows\system32\wmvadvd.dll
2010-03-31 23:11:43 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2010-03-31 23:11:41 4096 ----a-w- c:\windows\system32\wdfapi.dll
2010-03-31 23:11:27 28672 ----a-w- c:\windows\system32\verclsid.exe
2010-03-31 23:11:25 131072 ----a-w- c:\windows\system32\UncPH.dll
2010-03-31 23:11:24 57344 ----a-w- c:\windows\system32\uexfat.dll
2010-03-31 23:11:23 1589248 ----a-w- c:\windows\system32\tquery.dll
2010-03-31 23:11:20 446464 ----a-w- c:\windows\system32\sqlsrv32.dll
2010-03-31 23:09:59 61440 ----a-w- c:\windows\system32\dnssd.dll
2010-03-31 23:09:58 28672 ----a-w- c:\windows\system32\dbnmpntw.dll
2010-03-31 23:09:58 24576 ----a-w- c:\windows\system32\dbmsrpcn.dll
2010-03-31 23:09:40 77824 ----a-w- c:\windows\system32\cliconfg.dll
2010-03-31 23:09:40 20480 ----a-w- c:\windows\system32\cliconfg.exe
2010-03-31 23:09:35 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-31 23:09:18 1826816 ----a-w- c:\windows\SkyTel.exe
2010-03-31 23:09:15 540672 ----a-w- c:\windows\RtlExUpd.dll
2010-03-31 23:09:12 122880 ----a-w- c:\windows\RtkAudioService.exe
2010-03-31 23:04:27 12288 ---ha-w- c:\windows\fonts\8514oem.fon
2010-03-31 23:03:01 57344 ----a-w- c:\windows\ALCMTR.EXE
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-08 04:24:09 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-05 22:40:02 12736 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-29 05:40:42 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009092820090929\index.dat

============= FINISH: 15:45:24.15 ===============



i am new at this so hopefully i did it right

Attached Files


Edited by Orange Blossom, 04 April 2010 - 10:37 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:08 AM

Posted 08 April 2010 - 11:40 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 madman666

madman666
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Selah, WA
  • Local time:12:08 AM

Posted 08 April 2010 - 01:46 PM

OTL Extras logfile created on: 4/8/2010 11:17:25 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Mike.HOME-8B9CC4D22D\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 126.09 Gb Free Space | 87.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8B9CC4D22D
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-789336058-1770027372-299502267-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Digsby" = Digsby
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver

< End of report >

OTL logfile created on: 4/8/2010 11:17:25 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Mike.HOME-8B9CC4D22D\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 126.09 Gb Free Space | 87.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8B9CC4D22D
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 11:14:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\My Documents\Downloads\OTL.exe
PRC - [2010/04/03 20:07:54 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/03 20:07:52 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/02 04:04:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/30 00:46:12 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/07/03 10:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 11:00:00 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 11:14:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\My Documents\Downloads\OTL.exe
MOD - [2008/11/05 05:21:57 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/03 20:07:52 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/31 16:10:01 | 000,045,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/07 21:24:09 | 000,329,752 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/25 02:34:04 | 000,039,296 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2009/03/30 17:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/13 23:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 11:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789336058-1770027372-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla.com
IE - HKU\S-1-5-21-789336058-1770027372-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-789336058-1770027372-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-789336058-1770027372-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 34 83 27 60 65 CA 01 [binary data]
IE - HKU\S-1-5-21-789336058-1770027372-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1770027372-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 10:32:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 04:04:41 | 000,000,000 | ---D | M]

[2009/09/29 20:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Application Data\Mozilla\Extensions
[2010/04/07 23:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Application Data\Mozilla\Firefox\Profiles\j3axqaou.default\extensions
[2009/09/29 21:58:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Application Data\Mozilla\Firefox\Profiles\j3axqaou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/27 11:26:09 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Application Data\Mozilla\Firefox\Profiles\j3axqaou.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/02/20 19:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Application Data\Mozilla\Firefox\Profiles\j3axqaou.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/04/08 02:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/03 19:49:02 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-1770027372-299502267-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\WINDOWS\TEMP\isbkugx.exe File not found
O4 - HKU\.DEFAULT..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\spoolsv.exe File not found
O4 - HKU\S-1-5-18..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\WINDOWS\TEMP\isbkugx.exe File not found
O4 - HKU\S-1-5-18..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\spoolsv.exe File not found
O4 - HKU\S-1-5-19..\Run: [lohenufewa] File not found
O4 - HKU\S-1-5-20..\Run: [lohenufewa] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1770027372-299502267-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-789336058-1770027372-299502267-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-789336058-1770027372-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-789336058-1770027372-299502267-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 71.9.127.107
O20 - AppInit_DLLs: (kuzefawi.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: viriyelik - {b2c47a91-9f72-4181-a626-1388f7446708} - C:\WINDOWS\System32\jiyazami.dll File not found
O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {b2c47a91-9f72-4181-a626-1388f7446708} - gahurihor - C:\WINDOWS\System32\jiyazami.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009/04/27 22:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 23:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/04 13:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/04/04 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Application Data\SUPERAntiSpyware.com
[2010/04/04 13:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/04 13:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/04 12:50:29 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Desktop\ATF-Cleaner.exe
[2010/04/04 12:26:20 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Desktop\TDSSKiller.exe
[2010/04/03 20:08:53 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/03 20:08:44 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/03 20:05:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/03 20:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/03 20:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/04/03 13:07:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/03 13:06:57 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/31 18:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
[2010/03/31 18:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/03/31 18:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
[2010/03/17 12:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Application Data\vlc
[2009/09/09 20:07:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/09 20:07:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/09 20:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/09 20:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/08 11:08:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1770027372-299502267-1004UA.job
[2010/04/08 03:12:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/08 02:08:03 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1770027372-299502267-1004Core.job
[2010/04/07 15:56:05 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/07 15:55:18 | 000,523,944 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/07 15:55:18 | 000,442,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/07 15:55:18 | 000,071,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/07 15:52:49 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/07 15:50:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/07 15:50:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/07 15:50:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/07 11:36:50 | 003,117,056 | ---- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\ntuser.dat
[2010/04/07 11:36:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\ntuser.ini
[2010/04/07 11:29:11 | 004,299,530 | -H-- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\IconCache.db
[2010/04/07 11:22:18 | 000,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pci.sys
[2010/04/06 23:22:48 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/04/04 15:41:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\defogger_reenable
[2010/04/04 13:17:09 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/04 12:51:27 | 007,899,168 | ---- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Desktop\SUPERAntiSpyware.exe
[2010/04/04 12:50:31 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Desktop\ATF-Cleaner.exe
[2010/04/03 20:08:42 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/03 20:08:35 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/03 20:05:14 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/04/03 19:49:02 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/03 19:44:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/04/03 13:07:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 13:00:37 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 12:20:31 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\jowehase
[2010/04/03 11:17:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 23:19:33 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/02 23:19:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/02 23:19:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/02 22:32:06 | 000,000,194 | ---- | M] () -- C:\WINDOWS\System32\_voidsrcr.dat
[2010/04/02 21:11:53 | 000,009,514 | -HS- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\Wv7V1mEL4UH
[2010/04/02 21:11:53 | 000,009,514 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Wv7V1mEL4UH
[2010/04/02 20:36:51 | 000,001,173 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\_VOIDmfeklnmal.dll
[2010/03/31 18:16:37 | 000,001,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/03/31 16:12:11 | 000,290,816 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/03/31 16:11:53 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdsp.dll
[2010/03/31 16:11:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvadve.dll
[2010/03/31 16:11:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvadvd.dll
[2010/03/31 16:11:43 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/03/31 16:11:42 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm
[2010/03/31 16:11:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfapi.dll
[2010/03/31 16:11:29 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve
[2010/03/31 16:11:27 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2010/03/31 16:11:25 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\UncPH.dll
[2010/03/31 16:11:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uexfat.dll
[2010/03/31 16:11:24 | 000,008,192 | ---- | M] (DSP GROUP, INC.) -- C:\WINDOWS\System32\tssoft32.acm
[2010/03/31 16:11:23 | 001,589,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tquery.dll
[2010/03/31 16:11:23 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tquery.dll.mui
[2010/03/31 16:11:21 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srchadmin.dll.mui
[2010/03/31 16:11:20 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.dll
[2010/03/31 16:11:20 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.rll
[2010/03/31 16:11:05 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\sl_anet.acm
[2010/03/31 16:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\searchindexer.exe.mui
[2010/03/31 16:10:57 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/03/31 16:10:48 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/31 16:10:48 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/31 16:10:48 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qfecheck.exe
[2010/03/31 16:10:47 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\propsys.dll.mui
[2010/03/31 16:10:38 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2010/03/31 16:10:38 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nlsdl.dll
[2010/03/31 16:10:34 | 001,355,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvbvm50.dll
[2010/03/31 16:10:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mssprxy.dll
[2010/03/31 16:10:33 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mssph.dll.mui
[2010/03/31 16:10:32 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2010/03/31 16:10:22 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfplat.dll
[2010/03/31 16:10:17 | 000,065,536 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgsh400.dll
[2010/03/31 16:10:16 | 000,163,840 | ---- | M] (America Online) -- C:\WINDOWS\System32\jgdw400.dll
[2010/03/31 16:10:16 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/31 16:10:13 | 001,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2010/03/31 16:10:13 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ifxcardm.dll
[2010/03/31 16:10:13 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/03/31 16:10:12 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2010/03/31 16:10:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2010/03/31 16:10:10 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/03/31 16:10:04 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmupgds.exe
[2010/03/31 16:10:01 | 000,045,056 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\l1c51x86.sys
[2010/03/31 16:09:59 | 000,061,440 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/03/31 16:09:58 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnmpntw.dll
[2010/03/31 16:09:58 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsrpcn.dll
[2010/03/31 16:09:40 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.dll
[2010/03/31 16:09:40 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.rll
[2010/03/31 16:09:40 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2010/03/31 16:09:35 | 000,278,528 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/03/31 16:09:35 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/03/31 16:09:18 | 001,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/03/31 16:09:15 | 000,540,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/03/31 16:09:12 | 000,122,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/03/31 16:09:10 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/03/31 16:03:01 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/03/31 15:52:19 | 734,932,992 | ---- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Desktop\Ninja Assassin.avi
[2010/03/31 15:51:29 | 729,190,400 | ---- | M] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Desktop\500 Days Of Summer.avi
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Desktop\TDSSKiller.exe
[2010/03/17 12:04:47 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2010/04/06 23:28:04 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/06 23:22:47 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/04/04 15:41:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\defogger_reenable
[2010/04/04 13:17:09 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/04 12:51:00 | 007,899,168 | ---- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Desktop\SUPERAntiSpyware.exe
[2010/04/03 20:46:46 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/03 20:13:12 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/03 20:05:14 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/04/03 13:07:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/02 22:32:06 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\_voidsrcr.dat
[2010/04/02 21:10:47 | 000,009,514 | -HS- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\Wv7V1mEL4UH
[2010/04/02 20:36:49 | 000,001,173 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\_VOIDmfeklnmal.dll
[2010/04/02 20:32:35 | 000,009,514 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Wv7V1mEL4UH
[2010/03/31 18:11:58 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/03/17 12:04:47 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2010/01/13 13:55:42 | 003,117,056 | ---- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\ntuser.dat
[2009/10/03 16:34:58 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/29 19:24:46 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/09/29 18:41:19 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\FASTWiz.log
[2009/09/28 22:42:05 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\ntuser.ini
[2009/09/28 22:42:04 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\ntuser.dat.LOG
[2009/09/28 22:22:22 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2009/09/28 22:22:22 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2009/09/28 22:22:22 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2009/09/28 22:07:40 | 000,329,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 11:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 11:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/04/18 19:52:05 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2010/02/07 21:24:09 | 000,329,752 | ---- | M] () MD5=E3AE6E6BBADB90FCC751E70D10352C1B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/02/06 17:37:59 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 17:37:59 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 11:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 11:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:08 AM

Posted 09 April 2010 - 06:53 AM

Hi madman666,

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-789336058-1770027372-299502267-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\WINDOWS\TEMP\isbkugx.exe File not found
    O4 - HKU\.DEFAULT..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\spoolsv.exe File not found
    O4 - HKU\S-1-5-18..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\WINDOWS\TEMP\isbkugx.exe File not found
    O4 - HKU\S-1-5-18..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\spoolsv.exe File not found
    O4 - HKU\S-1-5-19..\Run: [lohenufewa] File not found
    O4 - HKU\S-1-5-20..\Run: [lohenufewa] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-789336058-1770027372-299502267-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-789336058-1770027372-299502267-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O20 - AppInit_DLLs: (kuzefawi.dll) - File not found
    O21 - SSODL: viriyelik - {b2c47a91-9f72-4181-a626-1388f7446708} - C:\WINDOWS\System32\jiyazami.dll File not found
    O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {b2c47a91-9f72-4181-a626-1388f7446708} - gahurihor - C:\WINDOWS\System32\jiyazami.dll File not found
    O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
    O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
    [2010/04/03 12:20:31 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\jowehase
    [2010/04/02 22:32:06 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\_voidsrcr.dat
    [2010/04/02 21:10:47 | 000,009,514 | -HS- | C] () -- C:\Documents and Settings\Mike.HOME-8B9CC4D22D\Local Settings\Application Data\Wv7V1mEL4UH
    [2010/04/02 20:36:49 | 000,001,173 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\_VOIDmfeklnmal.dll
    [2010/04/02 20:32:35 | 000,009,514 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Wv7V1mEL4UH
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Please download Hitman Pro 3.5 and save it to your Desktop.
  • Double click HitmanPro35.exe and select run.
  • Click Next then accept the licence agreement and click Next again.
  • Hitman Pro will now scan your computer.
  • If it finds anything in the scan results click Next.
  • You will then be asked for product activation, select Activate free licence then ok.
  • Click Next and if asked to delete on reboot, click Next again then Reboot.
Note: This scanner won't produce a log so if it finds anything please note it down and post in in your reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • Hitman Pro results

Thanks

unite.jpg


#5 madman666

madman666
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Selah, WA
  • Local time:12:08 AM

Posted 09 April 2010 - 04:15 PM

big problem......downloaded otc alls good then as i pasted the bold writing and pushed run fix then microsoft security essentials detected a threat and before i could do anything the screen went black and otc went to not responding at the bottom says killing processes do not interupt.......i tried to close out of it and it would not let me so i had to go to task manager and close it that way then i tried it all one more time the same thing happens as i closed and restarted my laptop a black screen came up and says WINDOWS COULD NOT START BECAUSE FILE IS MISSING OR CORRUPT...SYSTEM32\DRIVERS\PCI.SYS...... SELECT 'r' AT THE FIRST SCREEN TO START REPAIR.also late last night malwarebytes anti-malware did its normal scan and detected two threats MSE detected one i removed them and saved the logs cause i was going to post them to you but no longer can do to the fact my laptop doesnt work anymore oh i ran Flash_Disinfector.exe as told to that went fine. i dont know what the problem is anything to help would be greatly appreciated thanks.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:08 AM

Posted 09 April 2010 - 05:11 PM

Have you tried booting using Last Known Good Configuration, if not try that, if it doesn't work then you will need to do the following steps.

In these instruction you will need to burn an iso file, I have give instructions on how to do it but if you already have a program for burning iso's and know how, you can use that instead.

We need to create an OTL Report1. Download the apropriate version of ISO Recorder according to your version of Windows.
2. Double click the installer and follow the prompts to install ISO Recorder.
3. Navigate to the OTLPE iso file you downloaded, right click it and select Copy image to CD.
4. Insert a blank CD and select your Recorder device, then click Next



Note: You can change the write speed by clicking properties and adjusting the slider as necessary, burning at a slower speed will reduce the chance of burning a bad copy.

5. It will now begin recording, once done click Finish.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  • Please be patient as "Windows" loads
  • Your system should now display a REATOGO-X-PE desktop.
  • Double click on the icon on your desktop.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
    • Copy and Paste the following code into the textbox. Do not include the word "Code"

      Please note: You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %SYSTEMDRIVE%\*.exe
      /md5start
      pci.sys
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\*. /mp /s
    • Push
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the C:\OTL.txt file in your reply.

Edited by syler, 09 April 2010 - 05:12 PM.

unite.jpg


#7 madman666

madman666
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Selah, WA
  • Local time:12:08 AM

Posted 09 April 2010 - 06:24 PM

i'm on a netbook with no cd rom drive. i think my computer has been bricked... sad.gif

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:08 AM

Posted 10 April 2010 - 08:20 AM

The computer is not a brick it's fine, it's just the OS that is borked. Their are several options but it depends what you have
available.

Do you by any chance have the recovery console installed? we may be able to do something with that, it all depends what's
gone wrong. Your AV has interfered with the process of OTL, so even if we replaced pci.sys that may not be the only problem.

Can you get hold of an external CD drive? we could then run OTLPE.

You could also take the Hard Drive out and hook it up to another computer to fix it.

Unfortunately if you can't do any of these then their isn't anything I can do, let me know if you can do any of these options.

unite.jpg


#9 madman666

madman666
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Selah, WA
  • Local time:12:08 AM

Posted 10 April 2010 - 12:01 PM

to my knowledge i don't have the recovery console installed. i MIGHT be able to get an external cd drive but not right away. i do have a desktop would i be able to access the hard drive from that?

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:08 AM

Posted 10 April 2010 - 12:13 PM

QUOTE
i do have a desktop would i be able to access the hard drive from that?


Yes you could, but it depends what type of HD the netbook has, IDE/SATA, and which type you desktop has. If they are the
same then you should be able to connect it as the slave drive. If the connections aren't the same then you would need to get
hold of an IDE/SATA to USB converter, I got one of ebay recently for 5



unite.jpg


#11 madman666

madman666
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Selah, WA
  • Local time:12:08 AM

Posted 10 April 2010 - 12:16 PM

ok i will get the hard drive out and see if they match.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:08 AM

Posted 10 April 2010 - 12:23 PM

Ok then.

unite.jpg


#13 madman666

madman666
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Selah, WA
  • Local time:12:08 AM

Posted 10 April 2010 - 12:53 PM

ok go the hard drive out. says its a 160 gig sata drive. so what steps do i need to take to get it going on my desktop?

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:08 AM

Posted 10 April 2010 - 01:06 PM

Well that all depends im no hardware expert and I have IDE on my old desktop. From what I have read about SATA you
don't have the Master and Slave like you would with IDE.

If your desktop if is SATA also then you may have two cables, one which is already plugged in to your desktop HD and a
spare one which you can plug your netbook HD into, you will have to open up the desktop and have a look.

If you notice a cable with two connectors on it Master&Slave then it is IDE and you can't connect it, if your desktop HD is
hooked up to a cable with only one connector on it then it should be SATA, let me know what you see. SATA&IDE connectors
are completely different so you should notice rite away which one is in your desktop.

unite.jpg


#15 madman666

madman666
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Selah, WA
  • Local time:12:08 AM

Posted 10 April 2010 - 01:29 PM

ok everything is sata. got it hooked up. i can see it in my computer and can access it with no problems. what next?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users