Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Trojan-gen infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 gembob

gembob

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 April 2010 - 09:06 PM

So I've run all of the above programs in additon to Trojan Remover and another online scanner and but computer is still super slow, webpages are being hijacked, and avast keeps saying I have the topic virus and it apparently can't successfully remove it. Below is DDS text log, I also have Hijackthis and malwarebytes logs.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dustin at 13:29:37.18 on Fri 04/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.44 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dustin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ad1.zendmedia.com/ad-spy_hdc.php?id=start6
uSearch Page = About:Blank
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = About:Blank
mSearch Bar = hxxp://websearch.shopnav.com/sidesearch.cgi?uid=10583631&id=5.20013
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;
mSearchAssistant = hxxp://websearch.shopnav.com/sidesearch.cgi?uid=12025578&id=1.00
mCustomizeSearch = hxxp://websearch.shopnav.com/sidesearch.cgi?uid=12025578&id=1.00
EB: Web Offer Bar: {50b4d2b3-723f-41b3-aec4-0bd66f0f45ff} - c:\windows\system32\shdocvw.dll
EB: Web Offer Bar: {a166c1b0-5cdb-447a-894a-4b9fd7149d51} - c:\windows\system32\shdocvw.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AOL Fast Start] "c:\program files\america online 9.0b\AOL.EXE" -b
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\program files\mcafee.com\agent\mcagent.exe
mRun: [RINTUIP] c:\windows\system32\RINTUIP.exe
mRun: [Win Server Updt] c:\windows\pxckdla.exe
mRun: [antiware] c:\windows\system32\eliteptl32.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1133650076\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [System service79] c:\windows\etb\pokapoka79.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-14 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-14 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-14 19024]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2003-9-30 23296]

=============== Created Last 30 ================

2010-04-16 20:27:10 0 ----a-w- c:\documents and settings\dustin\defogger_reenable
2010-04-16 20:22:38 0 d-----w- c:\program files\Trend Micro
2010-04-16 20:21:57 0 d-sh--w- c:\documents and settings\dustin\PrivacIE
2010-04-16 20:15:24 0 d-sh--w- c:\documents and settings\dustin\IETldCache
2010-04-16 08:01:46 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-16 07:32:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-16 07:32:50 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-16 07:32:50 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-16 07:32:48 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-16 07:32:48 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-04-16 07:32:46 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-04-16 07:32:35 0 d-----w- c:\windows\ie8updates
2010-04-16 07:31:45 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-16 07:28:06 0 dc-h--w- c:\windows\ie8
2010-04-16 07:11:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-15 02:29:58 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-15 02:29:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-15 02:25:12 0 d-----w- c:\program files\Lavasoft
2010-04-14 21:38:00 0 d-s---w- c:\documents and settings\dustin\UserData
2010-04-14 21:12:11 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-04-14 20:59:31 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-14 20:59:31 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-14 20:59:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-14 20:59:31 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-14 20:59:31 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-04-14 20:59:26 0 d-----w- c:\docume~1\dustin\applic~1\Simply Super Software
2010-04-14 20:59:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-04-14 05:38:46 0 d-----w- c:\docume~1\dustin\applic~1\Malwarebytes
2010-04-13 21:01:01 0 d-----w- c:\program files\AVG
2010-04-13 21:00:31 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-04-13 20:41:40 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-13 20:37:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-13 20:07:03 0 d-----w- c:\program files\CCleaner
2010-04-13 07:29:00 0 d-----w- c:\program files\VS Revo Group
2010-04-13 07:27:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-13 07:27:27 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-13 07:27:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 07:27:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-13 07:14:40 0 d-----w- c:\windows\system32\CatRoot_bak
2010-04-12 20:43:48 138368 ------w- c:\windows\system32\dllcache\afd.sys
2010-04-12 20:41:45 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-12 20:26:57 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-12 20:26:06 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-12 20:25:42 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-04-12 20:23:43 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-04-12 20:23:00 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-12 20:22:57 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-04-12 20:20:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-04-12 20:20:36 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-12 20:20:15 1196000 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-04-12 20:20:14 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-04-12 20:12:47 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-04-12 20:12:47 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-04-12 20:12:47 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-04-12 20:12:47 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-04-12 20:12:10 0 d-----w- c:\windows\system32\LogFiles
2010-04-12 20:05:28 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-12 20:05:28 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-06 05:05:22 196 ----a-w- c:\windows\lu.dat
2010-04-06 05:05:22 0 ----a-w- c:\windows\kwv2.dat
2010-04-06 04:58:08 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-30 00:31:10 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-03-30 00:31:06 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-03-30 00:30:16 274432 ----a-r- c:\windows\system32\HPZc3212.dll
2010-03-30 00:30:15 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-03-30 00:21:10 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-30 00:21:10 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

==================== Find3M ====================

2010-03-10 05:21:20 1506304 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 05:21:13 1023488 ------w- c:\windows\system32\dllcache\browseui.dll
2010-02-26 06:12:22 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2010-02-26 06:12:17 55808 ------w- c:\windows\system32\dllcache\extmgr.dll
2010-02-26 06:12:16 1054208 ------w- c:\windows\system32\dllcache\danim.dll
2010-02-26 06:12:15 151040 ------w- c:\windows\system32\dllcache\cdfview.dll
2010-02-25 10:53:09 18432 ------w- c:\windows\system32\dllcache\iedw.exe
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 12:31:30 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-16 14:27:26 4734976 ------w- c:\windows\system32\dllcache\wmp.dll
2010-02-16 13:19:55 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:19:55 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 13:17:38 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 12:39:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:39:04 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 12:39:04 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:47:05 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:01:43 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2006-02-17 20:18:20 4590463 ----a-w- c:\program files\R106456.EXE

============= FINISH: 13:30:45.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:25 AM

Posted 21 April 2010 - 07:30 PM

Hi gembob,

Welcome to Bleeping Computer.

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don''t hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 23 April 2010 - 01:26 AM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4024

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/22/2010 9:39:21 PM
mbam-log-2010-04-22 (21-39-21).txt

Scan type: Quick scan
Objects scanned: 131320
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

____________________________________________________________________________

OTL logfile created on: 4/22/2010 11:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Dustin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 17.00 Mb Available Physical Memory | 7.00% Memory free
625.00 Mb Paging File | 281.00 Mb Available in Paging File | 45.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 65.94 Gb Free Space | 88.56% Space Free | Partition Type: NTFS
Drive D: | 526.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 6076L31
Current User Name: Dustin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dustin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\aol\1133650076\EE\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\aol\ACS\AOLacsd.exe (America Online)
PRC - C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dustin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MCVSRte) -- File not found
SRV - (McShield) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys (ALWIL Software)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (AFS2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS (Oak Technology Inc.)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (NaiFiltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidesearch.cg...578&id=1.00
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.shopnav.com/sidesearch.cg...578&id=1.00

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = About:Blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ad1.zendmedia.com/ad-spy_hdc.php?id=start6
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;



O1 HOSTS File: ([2006/01/19 22:53:45 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [antiware] C:\WINDOWS\System32\eliteptl32.exe File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\aol\ACS\AOLDial.exe (America Online)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1133650076\EE\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\aol\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe File not found
O4 - HKLM..\Run: [RINTUIP] C:\WINDOWS\System32\RINTUIP.exe File not found
O4 - HKLM..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe File not found
O4 - HKLM..\Run: [Win Server Updt] C:\WINDOWS\pxckdla.exe File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\America Online 9.0b\AOL.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll File not found
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 10:17:14 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/09/30 00:02:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/04/22 22:57:45 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dustin\Desktop\OTL.exe
[2010/04/22 20:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/16 13:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dustin\Desktop\gmer
[2010/04/16 13:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/16 13:21:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dustin\PrivacIE
[2010/04/16 13:15:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dustin\IETldCache
[2010/04/16 01:34:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/04/16 01:01:46 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/16 00:32:50 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/16 00:32:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/16 00:32:48 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/16 00:32:46 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/04/16 00:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/16 00:30:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/16 00:28:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/16 00:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/14 23:55:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dustin\Recent
[2010/04/14 19:29:58 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/14 19:29:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/14 19:29:47 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/14 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/14 19:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/14 14:46:11 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 14:46:10 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 14:46:08 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 14:46:05 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 14:46:03 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 14:46:03 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 14:46:01 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/14 14:45:18 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 14:45:18 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 14:38:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dustin\UserData
[2010/04/14 14:12:11 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/14 14:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/14 13:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dustin\My Documents\Simply Super Software
[2010/04/14 13:59:31 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/04/14 13:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dustin\Application Data\Simply Super Software
[2010/04/14 13:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/04/13 22:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dustin\Application Data\Malwarebytes
[2010/04/13 14:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/13 14:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/13 13:41:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/13 13:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/13 13:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/13 13:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/13 00:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/04/13 00:27:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/13 00:27:27 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/13 00:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/13 00:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/13 00:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/04/12 13:43:48 | 000,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2010/04/12 13:41:45 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/12 13:27:56 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/12 13:27:22 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2010/04/12 13:27:16 | 000,724,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/12 13:27:11 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/12 13:27:08 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/12 13:27:05 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/12 13:27:03 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/04/12 13:26:06 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/12 13:23:43 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/12 13:22:57 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/04/12 13:20:55 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/04/12 13:20:36 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/12 13:12:47 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010/04/12 13:12:47 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010/04/12 13:12:47 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010/04/12 13:12:47 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/04/12 13:12:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/04/12 13:05:28 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/04/05 21:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dustin\Local Settings\Application Data\AOL
[2010/03/29 17:30:16 | 000,274,432 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2010/03/29 17:21:10 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2003/05/14 06:37:12 | 000,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcu.dll
[2003/05/14 06:24:42 | 000,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjutil.dll
[2003/05/14 06:22:32 | 000,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcur.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/22 23:04:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (6076L31-Dustin).job
[2010/04/22 23:03:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (6076L31-Guest).job
[2010/04/22 23:01:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D6076L31-Owner).job
[2010/04/22 23:01:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (6076L31-Terry).job
[2010/04/22 22:57:47 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dustin\Desktop\OTL.exe
[2010/04/22 22:57:39 | 001,310,720 | ---- | M] () -- C:\Documents and Settings\Dustin\NTUSER.DAT
[2010/04/22 20:29:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/22 20:19:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 20:19:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/22 20:19:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/22 20:19:12 | 266,407,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/16 21:33:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dustin\NTUSER.INI
[2010/04/16 21:33:10 | 004,836,054 | -H-- | M] () -- C:\Documents and Settings\Dustin\Local Settings\Application Data\IconCache.db
[2010/04/16 13:34:28 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dustin\Desktop\gmer.zip
[2010/04/16 13:32:57 | 000,003,366 | ---- | M] () -- C:\Documents and Settings\Dustin\Desktop\Attach.zip
[2010/04/16 13:28:05 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dustin\Desktop\dds.scr
[2010/04/16 13:27:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dustin\defogger_reenable
[2010/04/16 13:22:39 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Dustin\Desktop\HijackThis.lnk
[2010/04/15 18:52:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/15 18:43:17 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/04/15 18:43:16 | 000,441,808 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 18:43:16 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/04/14 19:56:04 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/14 19:29:45 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/14 19:29:41 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/14 19:27:57 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Dustin\Desktop\Revo Uninstaller.lnk
[2010/04/14 19:25:56 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/14 14:46:14 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 09:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 09:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/13 13:46:37 | 000,001,142 | ---- | M] () -- C:\WINDOWS\d053e11660ce2ccd144369694f302da6.ini
[2010/04/13 00:27:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 00:17:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\lu.dat
[2010/04/13 00:17:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\kwv2.dat
[2010/04/13 00:12:43 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/22 20:25:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 13:34:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dustin\Desktop\gmer.zip
[2010/04/16 13:32:57 | 000,003,366 | ---- | C] () -- C:\Documents and Settings\Dustin\Desktop\Attach.zip
[2010/04/16 13:28:00 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dustin\Desktop\dds.scr
[2010/04/16 13:27:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dustin\defogger_reenable
[2010/04/16 13:22:39 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Dustin\Desktop\HijackThis.lnk
[2010/04/16 13:13:10 | 266,407,936 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/16 00:11:38 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/14 19:40:57 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/14 19:27:57 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Dustin\Desktop\Revo Uninstaller.lnk
[2010/04/14 19:25:56 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/14 14:46:14 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/14 13:59:31 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/04/14 13:59:31 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/04/14 13:59:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/04/14 13:59:31 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/04/13 00:27:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 22:05:22 | 000,000,196 | ---- | C] () -- C:\WINDOWS\lu.dat
[2010/04/05 22:05:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/11/26 19:24:21 | 000,001,142 | ---- | C] () -- C:\WINDOWS\d053e11660ce2ccd144369694f302da6.ini
[2005/10/19 16:06:57 | 000,000,099 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/10/19 16:06:57 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/05/16 19:44:31 | 000,000,358 | ---- | C] () -- C:\WINDOWS\farmmext.ini
[2004/07/03 20:20:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/11 18:55:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/17 15:26:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/10/18 12:34:19 | 000,000,052 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INIA
[2003/10/07 19:16:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/03 18:45:52 | 000,000,629 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2003/09/30 00:42:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/30 00:38:39 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2003/09/30 00:36:50 | 000,000,813 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/09/30 00:36:50 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/09/30 00:20:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/30 00:19:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/09/30 00:07:56 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/07/11 07:59:46 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/07/11 07:57:52 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/05/19 09:51:06 | 000,000,223 | ---- | C] () -- C:\WINDOWS\System32\DLBJPLC.INI
[2003/05/14 06:21:40 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlbjjswr.dll
[2003/05/08 12:55:02 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\dlbjusb1.dll
[2003/05/08 12:51:26 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\dlbjserv.dll
[2003/05/08 12:47:04 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomc.dll
[2003/05/08 12:46:08 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\dlbjlmpm.dll
[2003/05/08 12:45:28 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomm.dll
[2003/05/08 12:45:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbjpplc.dll
[2003/05/08 12:41:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbjprox.dll
[2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/11/13 17:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbjvs.dll
[2002/08/29 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECDRV.SYS
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/08/05 23:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

========== LOP Check ==========

[2010/04/14 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/14 14:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/14 13:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/04/14 14:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2003/11/17 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/14 19:26:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2004/07/03 20:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dustin\Application Data\Lycos
[2010/04/14 13:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dustin\Application Data\Simply Super Software
[2010/04/15 18:52:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/05 17:56:03 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2006/02/07 20:30:18 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2006/02/07 20:30:18 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 11:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[2001/08/17 11:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2006/02/07 20:30:18 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2006/02/07 20:30:18 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/01/31 13:43:30 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\I386\atapi.sys
[2003/01/31 13:43:30 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2002/08/29 03:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL
[2002/08/29 03:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2002/08/29 03:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2002/08/29 03:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\scecli.dll
[2002/08/29 03:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2002/08/29 03:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/24 23:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 06:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 06:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 06:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
[2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys
[2010/04/14 09:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
[2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
[2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
[2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys
[2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
[2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\SYSTEM32\DRIVERS\Lbd.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/02/24 05:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
[2010/04/14 19:29:45 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys
[2010/02/11 05:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >
________________________________________________________________________

OTL Extras logfile created on: 4/22/2010 11:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Dustin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 17.00 Mb Available Physical Memory | 7.00% Memory free
625.00 Mb Paging File | 281.00 Mb Available in Paging File | 45.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 65.94 Gb Free Space | 88.56% Space Free | Partition Type: NTFS
Drive D: | 526.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 6076L31
Current User Name: Dustin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:America Online 9.0b -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{A023A2D1-8BD3-4B3D-8077-CD9DDA489CB5}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EE9BC751-014B-42BE-A852-CF510246DFDD}" = DJ740EN
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Ad-Aware" = Ad-Aware
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
"ContextSidebar" = Context Display
"Dell Inkjet Printer J740" = Dell Inkjet Printer J740
"HijackThis" = HijackThis 2.0.2
"HP Officejet 5600 series_Driver" = HP Officejet 5600 series
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 4.8.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSPUB4" = Microsoft Publisher 97
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealOne Player
"Revo Uninstaller" = Revo Uninstaller 1.85
"RonSidebar" = RON Display
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2005 1:46:52 AM | Computer Name = 6076L31 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 10/6/2005 1:46:53 AM | Computer Name = 6076L31 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 10/7/2005 4:56:37 PM | Computer Name = 6076L31 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 10/7/2005 4:56:37 PM | Computer Name = 6076L31 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 10/7/2005 5:25:53 PM | Computer Name = 6076L31 | Source = Application Error | ID = 1000
Description = Faulting application pokapoka73.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x1000174b.

Error - 10/7/2005 7:02:56 PM | Computer Name = 6076L31 | Source = Application Error | ID = 1000
Description = Faulting application pokapoka73.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x014d174b.

Error - 10/8/2005 1:42:42 AM | Computer Name = 6076L31 | Source = Application Error | ID = 1000
Description = Faulting application pokapoka73.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x013d174b.

Error - 10/8/2005 4:53:02 PM | Computer Name = 6076L31 | Source = Application Error | ID = 1000
Description = Faulting application pokapoka73.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x013d174b.

Error - 10/8/2005 4:56:42 PM | Computer Name = 6076L31 | Source = Application Error | ID = 1000
Description = Faulting application pokapoka73.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x013d174b.

Error - 10/9/2005 5:57:08 PM | Computer Name = 6076L31 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting
module ntdll.dll, version 5.1.2600.1217, fault address 0x0000065c.

[ System Events ]
Error - 4/16/2010 5:44:58 AM | Computer Name = 6076L31 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2010 5:45:06 AM | Computer Name = 6076L31 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2010 5:45:15 AM | Computer Name = 6076L31 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/16/2010 5:45:25 AM | Computer Name = 6076L31 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2010 5:45:33 AM | Computer Name = 6076L31 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2010 5:45:40 AM | Computer Name = 6076L31 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/16/2010 4:12:25 PM | Computer Name = 6076L31 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/16/2010 4:13:39 PM | Computer Name = 6076L31 | Source = Service Control Manager | ID = 7000
Description = The McAfee.com VirusScan Online Realtime Engine service failed to
start due to the following error: %%3

Error - 4/21/2010 1:32:44 AM | Computer Name = 6076L31 | Source = Service Control Manager | ID = 7000
Description = The McAfee.com VirusScan Online Realtime Engine service failed to
start due to the following error: %%3

Error - 4/22/2010 11:19:47 PM | Computer Name = 6076L31 | Source = Service Control Manager | ID = 7000
Description = The McAfee.com VirusScan Online Realtime Engine service failed to
start due to the following error: %%3


< End of report >

____________________________________________________________________________

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-22 22:54:38
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Dustin\LOCALS~1\Temp\pwtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF08F1C08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF08F1AC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF08F2078]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF08F1FA2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF08F169A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF08F1B9E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF08F15DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF08F163E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF08F1CBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF08F2146]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF08F1C7E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF08F1DFE]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF08FE50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF08FE32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF08FE468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP F08FB97E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP F08FE332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP F08FE50E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A29A4 5 Bytes JMP F08FA4AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A5972 7 Bytes JMP F08FE46C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[680] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[680] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1133650076\ee\AOLSoftware.exe[2840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\aol\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat EF82CC8A

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Control\Session Manager@PendingFileRenameOperations ???6????? ???????/???????????1???????? ?N???&???????????????????????{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}??????RADIUS Accounting?????B??1??????????%SystemRoot%\System32\rasrad.dll??????N??1??????????????{76560D80-2BFD-11d2-9539-3078302C2030}???????/?/?1?1?1??? ???1??????????????????????? ???????/???????????1???????? ?N???&??????????????????????????????????????d??????&??1?????????e????Windows Accounting???????2?2?1????B??1??????????%SystemRoot%\System32\mprddm.dll??????N??1??????????????{76560D81-2BFD-11d2-9539-3078302C2030}???????1?1?1?1?1??? ???1??????????????Microsoft??????1???1????? ???????/?????1????????????????????????????????Loopback????? ???????1???????????1????N?????N?????????s???????N??1??????????????{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}??????? ???????1???????????1???????? ?N???&?????????????????????????N??1?????????d????{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}????????,??1?????????e????RADIUS Authentication?????B??1??????????%SystemRoot%\System32\rasrad.dll????? ???1??????????????Microsoft????1?1?1?

---- EOF - GMER 1.0.15 ----


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:25 AM

Posted 23 April 2010 - 09:33 AM

Hi gembob,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    O4 - HKLM..\Run: [antiware] C:\WINDOWS\System32\eliteptl32.exe File not found
    O4 - HKLM..\Run: [RINTUIP] C:\WINDOWS\System32\RINTUIP.exe File not found
    O4 - HKLM..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe File not found
    O4 - HKLM..\Run: [Win Server Updt] C:\WINDOWS\pxckdla.exe File not found
    [2003/05/14 06:37:12 | 000,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcu.dll
    [2003/05/14 06:24:42 | 000,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjutil.dll
    [2003/05/14 06:22:32 | 000,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcur.dll
    [2003/05/14 06:21:40 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlbjjswr.dll
    [2003/05/08 12:55:02 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\dlbjusb1.dll
    [2003/05/08 12:51:26 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\dlbjserv.dll
    [2003/05/08 12:47:04 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomc.dll
    [2003/05/08 12:46:08 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\dlbjlmpm.dll
    [2003/05/08 12:45:28 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomm.dll
    [2003/05/08 12:45:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbjpplc.dll
    [2003/05/08 12:41:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbjprox.dll
    [2002/11/13 17:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbjvs.dll


    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

STEP 2 - MBAM

Open Malwarebyte''s Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 24 April 2010 - 03:06 PM

Okay here's the MBAM and Kaspersky Log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4029

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/23/2010 10:34:35 PM
mbam-log-2010-04-23 (22-34-35).txt

Scan type: Quick scan
Objects scanned: 129935
Time elapsed: 19 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, April 24, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 23, 2010 23:38:40
Records in database: 3977011
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 55489
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 06:18:51


File name / Threat / Threats count
C:\Program Files\Common Files\aol\1133650076\EE\aollaunch.exe Infected: Trojan.Win32.Vilsel.acez 1
C:\Program Files\Common Files\aol\Launch\aollaunch.exe Infected: Trojan.Win32.Vilsel.acez 1

Selected area has been scanned.


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:25 AM

Posted 24 April 2010 - 06:36 PM

Looks good, still having problems?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 24 April 2010 - 10:24 PM

Seems to be working fine now, thanks. So I dont need to worry about those aol files with the Trojan.Win32.Vilsel.acez 1? Do you have any tips for getting rid of all the AOL crap? I can't completely get rid of it

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:25 AM

Posted 25 April 2010 - 09:45 AM

Have you tried Add / Remove programs? I think those were only picked up by Kaspersky because of their behavior.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:25 AM

Posted 15 May 2010 - 12:42 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users