Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seeing some indications that I am infected


  • This topic is locked This topic is locked
15 replies to this topic

#1 Gest

Gest

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 18 April 2010 - 10:51 PM

Hi,
I think I have malware on my computer. Almost every time I start up I get the error message, "Windows Explorer has encountered a problem and needs to close." Sometimes I will also get the message "Dr. Watson Postmortem Debugger has encountered a problem and needs to close." The main reason I'm here is because when I do searches on google, the links will disappear when I click them, and I've been told that this is a telltale sign of malware.

I think whatever I have is tricking malwarebytes and superantispyware into thinking they are up-to-date, because when I try to update them it says no new definitions found, but the ones I have are over a month old. I have manually updated both, but they still say that they contain definitions from over a month ago. Scans using said programs have found some things... the only thing I can remember is that I had some vundo files which I deleted/quarantined... but that's all I can remember, sorry. Of course, the symptoms I have described remain.

Any help would be much appreciated!

Just wanted to add this:

I started up my computer today and kept getting alerts from avira saying stapi32.dll is the hiloti.52736.D.3 trojan... I couldn't quarantine it, and the message wouldn't stop popping up... so I allowed the process to run

Attached Files


Edited by Budapest, 20 April 2010 - 04:58 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 23 April 2010 - 06:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Gest

Gest
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 24 April 2010 - 09:24 PM

Hope you can distinguish between the two logs

OTL Extras logfile created on: 4/24/2010 6:22:13 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\preston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 111.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 16.94 Gb Free Space | 22.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 449.75 Gb Free Space | 96.56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-Y7QCX59WRC
Current User Name: preston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"30450:TCP" = 30450:TCP:*:Enabled:ppLive
"45217:UDP" = 45217:UDP:*:Enabled:ppLive
"25841:TCP" = 25841:TCP:*:Enabled:BitComet 25841 TCP
"25841:UDP" = 25841:UDP:*:Enabled:BitComet 25841 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"18174:TCP" = 18174:TCP:*:Enabled:BitCometLite 18174 TCP
"18174:UDP" = 18174:UDP:*:Enabled:BitCometLite 18174 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{88742616-A6E9-4C7E-9665-B625799541FB}" = Wireless-G PCI Adapter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D5714DE-1986-4A58-897C-687D5006A181}" = Brother HL-2140
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA115E76-3203-4079-9BFF-F31BA640E4AF}" = HHD Software USB Monitor 2.37
"{CA529363-D0F2-41EA-B44B-D7515A254645}" = Multimedia Card Reader
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.42
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMP WinOFF" = AMP WinOFF
"ASUS Probe V2.23.04" = ASUS Probe V2.23.04
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Combat Arms" = Combat Arms
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"ECM (Error Code Modeler)" = ECM (Error Code Modeler)
"eMule" = eMule
"foobar2000" = foobar2000
"Free Download Manager_is1" = Free Download Manager 2.5
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{CA529363-D0F2-41EA-B44B-D7515A254645}" = Multimedia Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuVo Driver" = Creative Mass Storage Drivers
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"QuickSFV" = QuickSFV (Remove only)
"ScummVM_is1" = ScummVM 0.11.1
"Soulseek2" = SoulSeek 157 NS 13e
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #2" = Diablo 2 Calculator
"Syberia Pack_is1" = Syberia Pack
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Tremulous" = Tremulous 1.1.0
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"OpenOffice.org 1.1.4" = OpenOffice.org 1.1.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2010 5:41:59 PM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 4/16/2010 6:10:49 PM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module obixetet.dll, version 0.0.0.0, fault address 0x00012c48.

Error - 4/17/2010 2:35:35 AM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module obixetet.dll, version 0.0.0.0, fault address 0x00012c48.

Error - 4/17/2010 2:35:44 AM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 4/17/2010 3:44:13 AM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module stapi32.dll, version 2.0.0.6, fault address 0x00002f91.

Error - 4/18/2010 5:14:30 PM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module obixetet.dll, version 0.0.0.0, fault address 0x00012c48.

Error - 4/18/2010 5:14:36 PM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 4/18/2010 5:29:22 PM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module stapi32.dll, version 2.0.0.6, fault address 0x00002f91.

Error - 4/19/2010 4:49:09 PM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module obixetet.dll, version 0.0.0.0, fault address 0x00012c48.

Error - 4/24/2010 6:15:40 PM | Computer Name = HOME-Y7QCX59WRC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 4/22/2010 4:55:16 PM | Computer Name = HOME-Y7QCX59WRC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 4/23/2010 5:26:03 PM | Computer Name = HOME-Y7QCX59WRC | Source = Service Control Manager | ID = 7000
Description = The AVG Free8 WatchDog service failed to start due to the following
error: %%2

Error - 4/23/2010 5:26:03 PM | Computer Name = HOME-Y7QCX59WRC | Source = Service Control Manager | ID = 7000
Description = The McAfee Task Manager service failed to start due to the following
error: %%3

Error - 4/23/2010 5:26:03 PM | Computer Name = HOME-Y7QCX59WRC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 4/23/2010 5:26:32 PM | Computer Name = HOME-Y7QCX59WRC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/23/2010 5:26:32 PM | Computer Name = HOME-Y7QCX59WRC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/23/2010 5:26:32 PM | Computer Name = HOME-Y7QCX59WRC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 4/24/2010 6:14:50 PM | Computer Name = HOME-Y7QCX59WRC | Source = Service Control Manager | ID = 7000
Description = The AVG Free8 WatchDog service failed to start due to the following
error: %%2

Error - 4/24/2010 6:14:50 PM | Computer Name = HOME-Y7QCX59WRC | Source = Service Control Manager | ID = 7000
Description = The McAfee Task Manager service failed to start due to the following
error: %%3

Error - 4/24/2010 6:14:50 PM | Computer Name = HOME-Y7QCX59WRC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2


< End of report >

OTL logfile created on: 4/24/2010 6:22:13 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\preston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 111.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 16.94 Gb Free Space | 22.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 449.75 Gb Free Space | 96.56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-Y7QCX59WRC
Current User Name: preston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
PRC - [2010/04/07 17:52:51 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/04/03 22:37:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/03 19:04:00 | 001,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 21:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2004/08/23 10:01:14 | 000,200,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTPdeSrv.exe
PRC - [2004/08/06 18:01:42 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2004/04/15 19:24:38 | 005,751,808 | ---- | M] (Cisco Linksys Corporation) -- C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
MOD - [2008/04/13 20:12:08 | 000,168,960 | ---- | M] () -- C:\WINDOWS\obixetet.dll
MOD - [2008/04/13 20:12:08 | 000,052,736 | ---- | M] () -- C:\WINDOWS\stapi32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (McTaskManager)
SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/02/27 23:14:50 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/19 22:00:20 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 22:00:19 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/19 22:00:18 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/03 19:48:44 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/10/22 21:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/02/26 21:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2004/08/19 01:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/23 15:55:50 | 000,046,536 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sunkfilt62.sys -- (SunkFilt62)
DRV - [2004/07/09 14:45:26 | 000,022,304 | ---- | M] (HHD Software) [Kernel | On_Demand | Running] -- C:\Program Files\HHD Software\USB Monitor\hhdusbh.sys -- (hhdusbh)
DRV - [2004/07/09 14:45:22 | 000,008,240 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\DMSHLP.sys -- (DMSHLP)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/17 16:40:00 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2001/10/18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ytmnd.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {A99EC00D-8A2A-4F78-9162-5EA744C43AE6}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{A99EC00D-8A2A-4F78-9162-5EA744C43AE6}: C:\Documents and Settings\preston\Local Settings\Application Data\{A99EC00D-8A2A-4F78-9162-5EA744C43AE6} [2010/04/10 18:39:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 19:11:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 19:11:29 | 000,000,000 | ---D | M]

[2008/07/11 16:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Mozilla\Extensions
[2010/04/23 18:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions
[2006/12/23 01:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/03 00:43:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/20 00:11:40 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\searchplugins\imdb.xml
[2009/08/21 15:17:13 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\searchplugins\youtube-video-search.xml
[2010/04/23 18:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/22 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/01/30 17:35:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE File not found
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Wyudizeba] C:\WINDOWS\obixetet.DLL ()
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/07 11:11:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/05/07 11:10:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WinDefend"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.YV12 - xvidvfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/04/24 18:21:26 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
[2010/04/23 18:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/04/20 17:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/20 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/20 17:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/17 01:25:03 | 004,875,560 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-rules.exe
[2010/04/17 01:05:37 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-setup-1.45.exe
[2010/04/10 18:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\preston\Local Settings\Application Data\{A99EC00D-8A2A-4F78-9162-5EA744C43AE6}
[2010/04/07 19:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/06 03:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\preston\My Documents\Syberia 2 Saves
[2010/02/27 23:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\ECM
[2010/02/27 23:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2010/02/27 23:14:46 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/27 23:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/02/27 23:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\preston\Application Data\DAEMON Tools Lite
[2010/02/27 23:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/27 23:10:57 | 009,161,776 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\preston\Desktop\DTLite4355-0068.exe
[2010/02/05 20:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/02/05 20:36:27 | 003,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\preston\Desktop\spywareblastersetup42.exe
[2010/02/03 20:08:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/03 19:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/03 19:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\preston\Application Data\SUPERAntiSpyware.com
[2010/02/03 19:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/03 19:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/03 19:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/03 19:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\preston\Local Settings\Application Data\Apple
[2010/02/03 19:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/02/02 20:07:39 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/02 20:07:39 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/02 20:07:39 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/02/02 20:07:39 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/02/02 20:07:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/02/02 20:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/02 20:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/02/01 20:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/01 20:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/01 20:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/31 18:21:22 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2010/01/30 17:21:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/30 17:15:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/29 19:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\SoulseekNS
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
[2010/04/24 18:15:23 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 18:14:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bzigimariga.bin
[2010/04/24 18:14:35 | 000,178,108 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/24 18:14:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 18:14:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 04:36:29 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\preston\NTUSER.DAT
[2010/04/24 04:36:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\preston\ntuser.ini
[2010/04/24 04:36:22 | 002,109,794 | -H-- | M] () -- C:\Documents and Settings\preston\Local Settings\Application Data\IconCache.db
[2010/04/23 18:22:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/22 00:33:02 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Sbezuwuse.dat
[2010/04/20 17:32:26 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/18 17:38:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\gmer.zip
[2010/04/18 17:31:19 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\dds.scr
[2010/04/18 17:26:53 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\preston\defogger_reenable
[2010/04/18 17:25:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\Defogger.exe
[2010/04/17 01:28:28 | 004,875,560 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-rules.exe
[2010/04/17 01:08:15 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-setup-1.45.exe
[2010/04/16 23:14:04 | 160,618,012 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\Tomba.rar
[2010/04/16 22:41:32 | 000,033,149 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\ll-jumpingfrash2.rar
[2010/04/16 22:17:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/04/14 03:04:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 22:17:34 | 373,121,568 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\slabs_100_FLEMMING_DALUM_Space_Odyssey_2010.mp3
[2010/03/28 00:49:19 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\CDmage.ini
[2010/03/28 00:29:26 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\CDmage1-01-5.exe
[2010/03/26 22:16:42 | 058,287,111 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\Soft Cell.rar
[2010/03/14 15:27:59 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 15:27:59 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 15:27:58 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 08:58:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/27 23:31:39 | 000,529,265 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\epsxe170.zip
[2010/02/27 23:14:52 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/02/27 23:14:50 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/27 23:13:26 | 009,161,776 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\preston\Desktop\DTLite4355-0068.exe
[2010/02/12 04:04:52 | 002,006,150 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/02/06 16:53:30 | 104,252,343 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\R&Z - crucial point mix (2009).mp3
[2010/02/05 20:37:44 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\SpywareBlaster.lnk
[2010/02/05 20:36:55 | 003,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\preston\Desktop\spywareblastersetup42.exe
[2010/02/03 19:59:06 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/03 19:48:44 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/02 20:07:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/02 19:17:10 | 000,015,080 | ---- | M] () -- C:\Documents and Settings\preston\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/01 21:03:22 | 001,374,664 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\MCPR.exe
[2010/02/01 20:52:19 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/30 17:37:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/30 17:35:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/30 17:21:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/20 17:32:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/18 17:39:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\gmer.exe
[2010/04/18 17:38:42 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\gmer.zip
[2010/04/18 17:31:17 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\dds.scr
[2010/04/18 17:26:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\preston\defogger_reenable
[2010/04/18 17:25:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\Defogger.exe
[2010/04/16 22:41:31 | 160,618,012 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\Tomba.rar
[2010/04/13 20:53:24 | 373,121,568 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\slabs_100_FLEMMING_DALUM_Space_Odyssey_2010.mp3
[2010/04/10 18:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzigimariga.bin
[2010/04/10 18:39:53 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sbezuwuse.dat
[2010/04/10 18:36:21 | 000,033,149 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\ll-jumpingfrash2.rar
[2010/03/28 00:49:19 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\CDmage.ini
[2010/03/28 00:29:19 | 000,571,392 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\CDmage1-01-5.exe
[2010/03/26 21:59:17 | 058,287,111 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\Soft Cell.rar
[2010/02/27 23:31:35 | 000,529,265 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\epsxe170.zip
[2010/02/27 23:14:52 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/02/06 16:28:46 | 104,252,343 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\R&Z - crucial point mix (2009).mp3
[2010/02/05 20:37:44 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\SpywareBlaster.lnk
[2010/02/03 19:59:06 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/03 19:17:57 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/02 20:07:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/01 21:03:21 | 001,374,664 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\MCPR.exe
[2010/01/30 17:21:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/30 17:21:29 | 000,260,272 | ---- | C] () -- C:\cmldr
[2009/01/07 01:58:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008/05/04 19:47:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WMPCI54G.dll
[2008/01/27 18:49:23 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/01/27 18:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/01/27 18:49:05 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008/01/27 18:49:04 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2008/01/27 18:48:55 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/27 18:47:54 | 000,000,191 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/01/11 19:00:14 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/01/08 23:56:44 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/18 13:53:45 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2007/06/25 21:20:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/06/25 21:20:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/06/08 16:39:02 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/25 21:39:20 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/29 19:10:02 | 000,000,258 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/12/10 17:23:10 | 000,000,403 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/12/10 17:21:11 | 000,000,103 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/12/05 18:06:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006/11/22 15:48:00 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\pCastCtl.dll
[2006/10/15 15:57:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/06/15 18:20:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/06/15 18:20:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/06/15 18:20:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/06/15 18:20:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/06/15 18:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/06/15 18:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/26 20:56:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/05/15 18:22:58 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/05/08 16:10:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/08 15:32:30 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2005/05/07 13:24:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/05/07 12:56:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/05/07 11:23:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/05/07 11:20:28 | 000,003,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/05/07 11:20:26 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2001/08/18 08:00:00 | 000,168,960 | ---- | C] () -- C:\WINDOWS\obixetet.dll
[2001/08/18 08:00:00 | 000,052,736 | ---- | C] () -- C:\WINDOWS\stapi32.dll

========== LOP Check ==========

[2010/02/27 23:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/12/20 22:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2008/02/10 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/20 00:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/04/24 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/02/05 20:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/13 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/04/20 17:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/05/09 16:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\.ABC 3.01
[2008/01/28 22:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\.gaim
[2005/05/08 16:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\CoreCodec
[2010/02/27 23:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\DAEMON Tools Lite
[2010/01/05 19:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\fltk.org
[2010/01/18 01:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Free Download Manager
[2008/09/07 00:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\GetRightToGo
[2005/05/07 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\InterTrust
[2005/05/26 20:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\InterVideo
[2009/11/23 16:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Leadertech
[2008/02/26 15:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\NCH Swift Sound
[2009/01/10 00:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\OpenArena
[2006/12/28 01:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Opera
[2006/11/22 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\PPMate
[2007/02/24 13:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\ppStream
[2009/01/12 16:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Ruckus Network
[2008/06/24 14:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\ScummVM
[2009/01/06 22:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\SystemRequirementsLab
[2008/02/11 14:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Ulead Systems
[2009/10/03 19:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2005/05/07 12:33:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/07 14:17:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/05/07 12:33:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/07 14:17:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2005/05/07 12:33:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/07 14:17:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2005/05/07 12:33:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/07 14:17:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/18 08:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >

Thanks!

Attached Files

  • Attached File  ark.txt   8.5KB   2 downloads


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 25 April 2010 - 06:24 AM

Hello, .

OK, you are indeed infected. Let's start with Combofix.

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as CF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on CF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Gest

Gest
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 25 April 2010 - 05:18 PM

Well my symptoms seem to have gone away... avira doesn't pop up with warnings about stapi32.dll and I can click on links in google search and be taken to websites.

Here is the log

ComboFix 10-04-21.01 - preston 04/25/2010 17:13:41.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.257 [GMT -4:00]
Running from: c:\documents and settings\preston\Desktop\cf.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\documents and settings\preston\Local Settings\Application Data\{A99EC00D-8A2A-4F78-9162-5EA744C43AE6}
c:\documents and settings\preston\Local Settings\Application Data\{A99EC00D-8A2A-4F78-9162-5EA744C43AE6}\chrome.manifest
c:\documents and settings\preston\Local Settings\Application Data\{A99EC00D-8A2A-4F78-9162-5EA744C43AE6}\chrome\content\_cfg.js
c:\documents and settings\preston\Local Settings\Application Data\{A99EC00D-8A2A-4F78-9162-5EA744C43AE6}\chrome\content\overlay.xul
c:\documents and settings\preston\Local Settings\Application Data\{A99EC00D-8A2A-4F78-9162-5EA744C43AE6}\install.rdf
c:\windows\obixetet.dll
c:\windows\stapi32.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-23 22:22 . 2010-04-23 22:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-20 21:32 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-20 21:32 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-20 21:31 . 2010-04-20 21:31 -------- d-----w- c:\program files\iPod
2010-04-20 21:30 . 2010-04-20 21:32 -------- d-----w- c:\program files\iTunes
2010-04-20 21:30 . 2010-04-20 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-20 21:29 . 2010-04-20 21:29 -------- d-----w- c:\program files\Apple Software Update
2010-04-10 22:39 . 2010-04-25 20:36 0 ----a-w- c:\windows\Bzigimariga.bin
2010-04-10 22:39 . 2010-04-22 04:33 120 ----a-w- c:\windows\Sbezuwuse.dat
2010-04-07 23:10 . 2010-04-07 23:11 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 06:46 . 2005-07-06 18:00 -------- d-----w- c:\documents and settings\preston\Application Data\Apple Computer
2010-04-24 22:33 . 2009-01-23 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-04-20 21:30 . 2010-02-03 23:18 -------- d-----w- c:\program files\Common Files\Apple
2010-04-20 21:28 . 2008-01-25 02:01 -------- d-----w- c:\program files\Bonjour
2010-04-17 05:14 . 2010-02-04 00:01 117760 ----a-w- c:\documents and settings\preston\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-17 02:17 . 2006-12-28 05:47 -------- d-----w- c:\program files\Opera
2010-04-07 23:10 . 2005-07-06 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-07 21:52 . 2010-02-03 23:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-07 01:26 . 2005-09-11 18:50 -------- d-----w- c:\program files\OpenOffice.org1.1.4
2010-03-26 05:48 . 2010-03-26 05:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-10 06:15 . 2001-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 03:51 . 2010-02-28 03:51 -------- d-----w- c:\program files\ECM
2010-02-28 03:24 . 2010-02-28 03:14 -------- d-----w- c:\documents and settings\preston\Application Data\DAEMON Tools Lite
2010-02-28 03:14 . 2010-02-28 03:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-28 03:14 . 2010-02-28 03:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-28 03:14 . 2010-02-28 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-25 06:24 . 2004-01-08 19:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2001-08-18 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2001-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 00:01 . 2010-02-04 00:01 52224 ----a-w- c:\documents and settings\preston\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-03 23:48 . 2010-02-03 00:07 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-02 23:17 . 2005-05-07 16:47 15080 ----a-w- c:\documents and settings\preston\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 00:32 . 2010-02-02 00:32 503808 ----a-w- c:\documents and settings\preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-557cbe2a-n\msvcp71.dll
2010-02-02 00:32 . 2010-02-02 00:32 348160 ----a-w- c:\documents and settings\preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-557cbe2a-n\msvcr71.dll
2010-02-02 00:32 . 2010-02-02 00:32 499712 ----a-w- c:\documents and settings\preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-557cbe2a-n\jmc.dll
2010-02-02 00:32 . 2010-02-02 00:32 61440 ----a-w- c:\documents and settings\preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12568b65-n\decora-sse.dll
2010-02-02 00:32 . 2010-02-02 00:32 12800 ----a-w- c:\documents and settings\preston\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12568b65-n\decora-d3d.dll
2010-02-02 00:30 . 2008-12-14 20:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-23 01:07 . 2010-01-18 07:39 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2010-01-18 22:40 . 2010-01-18 22:40 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-07 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-08-01 815104]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30450:TCP"= 30450:TCP:ppLive
"45217:UDP"= 45217:UDP:ppLive
"25841:TCP"= 25841:TCP:BitComet 25841 TCP
"25841:UDP"= 25841:UDP:BitComet 25841 UDP
"18174:TCP"= 18174:TCP:BitCometLite 18174 TCP
"18174:UDP"= 18174:UDP:BitCometLite 18174 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/2/2010 8:07 PM 108289]
R3 hhdusbh;USB Monitor Filter driver;c:\program files\HHD Software\USB Monitor\hhdusbh.sys [7/9/2004 2:45 PM 22304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 DMSHLP;Serial Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\DMSHLP.sys [7/9/2004 2:45 PM 8240]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/16/2010 9:33 PM 38224]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]
S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [7/23/2004 3:55 PM 46536]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/27/2010 11:14 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ytmnd.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: {06B5D1CA-04D0-4661-8BF5-C8ED3DF3D8E2} = 205.152.37.23,205.152.144.23
TCP: {56C49DF8-3E99-4309-8F1F-7B074B6E14CC} = 128.192.1.9,128.192.1.193
FF - ProfilePath - c:\documents and settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\preston\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
HKLM-Run-Wyudizeba - c:\windows\obixetet.dll
SafeBoot-McAfeeEngineService



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 17:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.23.04]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1844)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Linksys Wireless-G PCI Adapter\WLService.exe
c:\program files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-25 17:32:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-25 21:32

Pre-Run: 21,508,362,240 bytes free
Post-Run: 21,500,932,096 bytes free

- - End Of File - - 6BAC9C34238CCAC52C626AAE8F3B7364

Thanks again!

Attached Files



#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 26 April 2010 - 06:15 AM

Hello, Gest.

Has Windows Explorer popped up with any more errors? We still have a few things left to deal wtih. We'lll fix a few things, then update some programs with known security holes and run a couple tools to remove remnants of previous antiviruses you had installed (McAfee nad AVG) in the next post.

EDIT: If there's anything in your recycling bin you want to save, please pull it out before running the script below. This will clear temp files and that includes the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :files
    C:\WINDOWS\Bzigimariga.bin
    C:\WINDOWS\Sbezuwuse.dat
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (McTaskManager)
    SRV - File not found [Auto | Stopped] -- -- (avg8wd)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.
etavares

Edited by etavares, 26 April 2010 - 06:23 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Gest

Gest
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 26 April 2010 - 07:40 PM

All processes killed
========== FILES ==========
C:\WINDOWS\Bzigimariga.bin moved successfully.
C:\WINDOWS\Sbezuwuse.dat moved successfully.
========== OTL ==========
Service McTaskManager stopped successfully!
Service McTaskManager deleted successfully!
Service avg8wd stopped successfully!
Service avg8wd deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShStatEXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2995 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 3835311 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: preston
->Temp folder emptied: 159439 bytes
->Temporary Internet Files folder emptied: 9437128 bytes
->Java cache emptied: 26079809 bytes
->FireFox cache emptied: 93962698 bytes
->Flash cache emptied: 1931519 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1207999 bytes
%systemroot%\System32 .tmp files removed: 102417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 86084 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 131.00 mb


OTL by OldTimer - Version 3.2.2.0 log created on 04262010_182637

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

---------------------------------------------------------------------
OTL logfile created on: 4/26/2010 6:33:34 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\preston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 20.13 Gb Free Space | 26.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 450.37 Gb Free Space | 96.70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-Y7QCX59WRC
Current User Name: preston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
PRC - [2010/04/07 17:52:51 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/04/03 22:37:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 21:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2004/08/06 18:01:42 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2004/07/21 08:32:28 | 000,315,904 | ---- | M] () -- C:\Program Files\foobar2000\foobar2000.exe
PRC - [2004/04/15 19:24:38 | 005,751,808 | ---- | M] (Cisco Linksys Corporation) -- C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
PRC - [2002/12/06 16:07:48 | 000,617,984 | ---- | M] () -- C:\Program Files\ASUS\Probe\AsusProb.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/08/18 08:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/02/27 23:14:50 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/19 22:00:20 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 22:00:19 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/19 22:00:18 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/03 19:48:44 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/10/22 21:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/02/26 21:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2004/08/19 01:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/23 15:55:50 | 000,046,536 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sunkfilt62.sys -- (SunkFilt62)
DRV - [2004/07/09 14:45:26 | 000,022,304 | ---- | M] (HHD Software) [Kernel | On_Demand | Running] -- C:\Program Files\HHD Software\USB Monitor\hhdusbh.sys -- (hhdusbh)
DRV - [2004/07/09 14:45:22 | 000,008,240 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\DMSHLP.sys -- (DMSHLP)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/17 16:40:00 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2001/10/18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ytmnd.com/
IE - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 19:11:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 19:11:29 | 000,000,000 | ---D | M]

[2008/07/11 16:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Mozilla\Extensions
[2010/04/25 19:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions
[2006/12/23 01:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/03 00:43:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/20 00:11:40 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\searchplugins\imdb.xml
[2009/08/21 15:17:13 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\searchplugins\youtube-video-search.xml
[2010/04/25 19:17:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/22 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/04/25 17:23:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/07 11:11:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 18:27:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/26 18:26:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/25 17:12:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/25 17:12:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/25 17:12:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/25 17:12:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/25 17:10:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/24 18:21:26 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
[2010/04/23 18:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/04/20 17:32:17 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/20 17:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/20 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/20 17:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/17 01:25:03 | 004,875,560 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-rules.exe
[2010/04/17 01:05:37 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-setup-1.45.exe
[2010/04/14 18:25:05 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\preston\Desktop\iTunesSetup.exe
[2010/04/07 19:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/07 18:55:39 | 033,850,672 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\preston\Desktop\QuickTimeInstaller.exe

========== Files - Modified Within 30 Days ==========

[2010/04/26 18:29:52 | 000,178,108 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/26 18:29:40 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 18:29:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 18:28:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 18:27:47 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\preston\NTUSER.DAT
[2010/04/26 18:27:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\preston\ntuser.ini
[2010/04/26 17:59:17 | 000,013,836 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/25 17:24:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/25 17:23:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/25 17:03:48 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\preston\Desktop\cf.exe
[2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
[2010/04/24 04:36:22 | 002,109,794 | -H-- | M] () -- C:\Documents and Settings\preston\Local Settings\Application Data\IconCache.db
[2010/04/23 18:22:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/20 17:32:26 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/18 17:38:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\gmer.zip
[2010/04/18 17:31:19 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\dds.scr
[2010/04/18 17:26:53 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\preston\defogger_reenable
[2010/04/18 17:25:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\Defogger.exe
[2010/04/17 01:28:28 | 004,875,560 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-rules.exe
[2010/04/17 01:08:15 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-setup-1.45.exe
[2010/04/16 23:14:04 | 160,618,012 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\Tomba.rar
[2010/04/16 22:41:32 | 000,033,149 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\ll-jumpingfrash2.rar
[2010/04/16 22:17:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/04/14 18:47:36 | 097,525,032 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\preston\Desktop\iTunesSetup.exe
[2010/04/14 03:04:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 22:17:34 | 373,121,568 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\slabs_100_FLEMMING_DALUM_Space_Odyssey_2010.mp3
[2010/04/07 19:02:23 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\preston\Desktop\QuickTimeInstaller.exe
[2010/03/28 00:49:19 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\CDmage.ini
[2010/03/28 00:29:26 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\CDmage1-01-5.exe

========== Files Created - No Company Name ==========

[2010/04/26 17:59:17 | 000,013,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/25 17:12:21 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/25 17:12:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/25 17:12:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/25 17:12:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/25 17:12:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/25 17:02:31 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\preston\Desktop\cf.exe
[2010/04/20 17:32:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/18 17:39:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\gmer.exe
[2010/04/18 17:38:42 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\gmer.zip
[2010/04/18 17:31:17 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\dds.scr
[2010/04/18 17:26:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\preston\defogger_reenable
[2010/04/18 17:25:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\Defogger.exe
[2010/04/16 22:41:31 | 160,618,012 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\Tomba.rar
[2010/04/13 20:53:24 | 373,121,568 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\slabs_100_FLEMMING_DALUM_Space_Odyssey_2010.mp3
[2010/04/10 18:36:21 | 000,033,149 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\ll-jumpingfrash2.rar
[2010/03/28 00:49:19 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\CDmage.ini
[2010/03/28 00:29:19 | 000,571,392 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\CDmage1-01-5.exe
[2009/01/07 01:58:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008/05/04 19:47:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WMPCI54G.dll
[2008/01/27 18:49:23 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/01/27 18:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/01/27 18:49:05 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008/01/27 18:49:04 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2008/01/27 18:48:55 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/27 18:47:54 | 000,000,191 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/01/11 19:00:14 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/01/08 23:56:44 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/18 13:53:45 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2007/06/25 21:20:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/06/25 21:20:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/06/08 16:39:02 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/25 21:39:20 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/29 19:10:02 | 000,000,258 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/12/10 17:23:10 | 000,000,403 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/12/10 17:21:11 | 000,000,103 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/12/05 18:06:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006/11/22 15:48:00 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\pCastCtl.dll
[2006/10/15 15:57:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/06/15 18:20:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/06/15 18:20:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/06/15 18:20:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/06/15 18:20:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/06/15 18:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/06/15 18:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/26 20:56:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/05/15 18:22:58 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/05/08 16:10:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/08 15:32:30 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2005/05/07 13:24:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/05/07 12:56:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/05/07 11:23:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/05/07 11:20:28 | 000,003,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/05/07 11:20:26 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
< End of report >

As always, thanks so much!



#8 Gest

Gest
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 27 April 2010 - 05:47 PM

Sorry, forgot to mention... windows explorer error messages seem to have stopped

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 27 April 2010 - 06:41 PM

Hello, Gest.

OK, that's good news. You appear clean, but I want a second opinion so let's run an online scan. If htis looks good, we'll update a few programs and remove remnants of old antiviruses (AVG and McAfee).



I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 Gest

Gest
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 28 April 2010 - 01:36 AM

Here are the contents of the logfile:

C:\Qoobox\Quarantine\C\WINDOWS\obixetet.dll.vir a variant of Win32/Cimag.CG trojan
C:\Qoobox\Quarantine\C\WINDOWS\stapi32.dll.vir a variant of Win32/Cimag.CF trojan






Thanks

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 28 April 2010 - 04:42 PM

Hello, Gest.
OK, good news...we've already caught those files so that's a good report. We'll take care of them at the end. Let's close a few security holes.



Step 1

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 2

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 20 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.



Step 3


We need to remove remnants of McAfee that are still on your computer.
  1. Download the removal tool from here:
    http://download.mcafee.com/products/licens...atches/MCPR.exe
  2. Save it to your desktop.
  3. Doubleclick MCPR.exe on your desktop to run it.
  4. Restart your comptuer after getting the message that 'CleanUp Successful'.
  5. Done. If you get a 'cleanup UNsuccessful message', please let me know.

Next, we need to remove AVG remnants on your computer.
  1. Download the removal tool from here:
    http://download.avg.com/filedir/util/avg_a.../avgremover.exe
  2. Run the tool and Reboot





Step 4

Please run OTL and post the resulting log here for one last look before I call your computer clean.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 Gest

Gest
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 29 April 2010 - 06:07 PM

Ok here it is:

OTL logfile created on: 4/29/2010 5:31:22 PM - Run 3
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\preston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 135.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 19.41 Gb Free Space | 25.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 450.34 Gb Free Space | 96.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-Y7QCX59WRC
Current User Name: preston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/29 17:14:01 | 002,020,592 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
PRC - [2010/04/03 22:37:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/03 19:04:00 | 001,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 21:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2004/08/23 10:01:14 | 000,200,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTPdeSrv.exe
PRC - [2004/08/06 18:01:42 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2004/04/15 19:24:38 | 005,751,808 | ---- | M] (Cisco Linksys Corporation) -- C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
PRC - [2002/12/06 16:07:48 | 000,617,984 | ---- | M] () -- C:\Program Files\ASUS\Probe\AsusProb.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 17:14:01 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/27 23:14:50 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/19 22:00:20 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 22:00:19 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/03 19:48:44 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/10/22 21:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/02/26 21:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2004/08/19 01:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/23 15:55:50 | 000,046,536 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sunkfilt62.sys -- (SunkFilt62)
DRV - [2004/07/09 14:45:26 | 000,022,304 | ---- | M] (HHD Software) [Kernel | On_Demand | Running] -- C:\Program Files\HHD Software\USB Monitor\hhdusbh.sys -- (hhdusbh)
DRV - [2004/07/09 14:45:22 | 000,008,240 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\DMSHLP.sys -- (DMSHLP)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/17 16:40:00 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2001/10/18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ytmnd.com/
IE - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 19:11:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 17:08:13 | 000,000,000 | ---D | M]

[2008/07/11 16:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Mozilla\Extensions
[2010/04/29 17:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions
[2006/12/23 01:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/03 00:43:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/20 00:11:40 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\searchplugins\imdb.xml
[2009/08/21 15:17:13 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\preston\Application Data\Mozilla\Firefox\Profiles\j89i78ok.default\searchplugins\youtube-video-search.xml
[2010/04/29 02:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/29 01:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/10/22 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/04/29 01:38:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/04/25 17:23:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKU\S-1-5-21-1060284298-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/07 11:11:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/29 01:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/29 01:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/29 01:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/04/29 01:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/29 01:39:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/29 01:39:15 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/29 01:39:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/29 01:39:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/29 01:39:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/29 01:37:11 | 027,386,256 | ---- | C] ( ) -- C:\Documents and Settings\preston\Desktop\AdbeRdr930_en_US.exe
[2010/04/29 01:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/29 01:26:51 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\preston\Desktop\jre-6u20-windows-i586.exe
[2010/04/28 23:38:04 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\preston\Desktop\avgremover.exe
[2010/04/27 20:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/26 18:27:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/26 18:26:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/25 17:12:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/25 17:12:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/25 17:12:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/25 17:12:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/25 17:10:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/24 18:21:26 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
[2010/04/23 18:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/04/20 17:32:17 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/20 17:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/20 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/20 17:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/17 01:25:03 | 004,875,560 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-rules.exe
[2010/04/17 01:05:37 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-setup-1.45.exe
[2010/04/14 18:25:05 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\preston\Desktop\iTunesSetup.exe
[2010/04/07 19:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/07 18:55:39 | 033,850,672 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\preston\Desktop\QuickTimeInstaller.exe

========== Files - Modified Within 30 Days ==========

[2010/04/29 17:09:22 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/29 17:08:20 | 000,178,108 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/29 17:08:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/29 17:07:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/29 02:05:46 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\preston\NTUSER.DAT
[2010/04/29 02:05:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\preston\ntuser.ini
[2010/04/29 01:58:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/29 01:55:09 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\preston\Desktop\AdbeRdr930_en_US.exe
[2010/04/29 01:46:13 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/29 01:38:31 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/29 01:38:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/29 01:38:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/29 01:38:31 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/29 01:38:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/29 01:31:41 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\preston\Desktop\jre-6u20-windows-i586.exe
[2010/04/28 23:38:25 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\preston\Desktop\avgremover.exe
[2010/04/28 23:28:37 | 001,374,664 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\MCPR.exe
[2010/04/27 20:34:23 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\esetsmartinstaller_enu.exe
[2010/04/26 17:59:17 | 000,013,836 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/25 17:24:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/25 17:23:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/25 17:03:48 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\preston\Desktop\cf.exe
[2010/04/24 18:21:27 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\preston\Desktop\OTL.exe
[2010/04/24 04:36:22 | 002,109,794 | -H-- | M] () -- C:\Documents and Settings\preston\Local Settings\Application Data\IconCache.db
[2010/04/23 18:22:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/20 17:32:26 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/18 17:38:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\gmer.zip
[2010/04/18 17:31:19 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\dds.scr
[2010/04/18 17:26:53 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\preston\defogger_reenable
[2010/04/18 17:25:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\Defogger.exe
[2010/04/17 01:28:28 | 004,875,560 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-rules.exe
[2010/04/17 01:08:15 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\preston\Desktop\mbam-setup-1.45.exe
[2010/04/16 23:14:04 | 160,618,012 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\Tomba.rar
[2010/04/16 22:41:32 | 000,033,149 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\ll-jumpingfrash2.rar
[2010/04/16 22:17:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/04/14 18:47:36 | 097,525,032 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\preston\Desktop\iTunesSetup.exe
[2010/04/14 03:04:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 22:17:34 | 373,121,568 | ---- | M] () -- C:\Documents and Settings\preston\Desktop\slabs_100_FLEMMING_DALUM_Space_Odyssey_2010.mp3
[2010/04/07 19:02:23 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\preston\Desktop\QuickTimeInstaller.exe

========== Files Created - No Company Name ==========

[2010/04/29 01:58:08 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/29 01:46:13 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/27 20:33:31 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\esetsmartinstaller_enu.exe
[2010/04/26 17:59:17 | 000,013,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/25 17:12:21 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/25 17:12:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/25 17:12:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/25 17:12:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/25 17:12:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/25 17:02:31 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\preston\Desktop\cf.exe
[2010/04/20 17:32:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/18 17:39:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\gmer.exe
[2010/04/18 17:38:42 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\gmer.zip
[2010/04/18 17:31:17 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\dds.scr
[2010/04/18 17:26:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\preston\defogger_reenable
[2010/04/18 17:25:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\Defogger.exe
[2010/04/16 22:41:31 | 160,618,012 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\Tomba.rar
[2010/04/13 20:53:24 | 373,121,568 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\slabs_100_FLEMMING_DALUM_Space_Odyssey_2010.mp3
[2010/04/10 18:36:21 | 000,033,149 | ---- | C] () -- C:\Documents and Settings\preston\Desktop\ll-jumpingfrash2.rar
[2009/01/07 01:58:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2008/05/04 19:47:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WMPCI54G.dll
[2008/01/27 18:49:23 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/01/27 18:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/01/27 18:49:05 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008/01/27 18:49:04 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2008/01/27 18:48:55 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/27 18:47:54 | 000,000,191 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/01/11 19:00:14 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/01/08 23:56:44 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/18 13:53:45 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2007/06/25 21:20:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/06/25 21:20:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/06/08 16:39:02 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/25 21:39:20 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/29 19:10:02 | 000,000,258 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/12/10 17:23:10 | 000,000,403 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/12/10 17:21:11 | 000,000,103 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/12/05 18:06:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006/11/22 15:48:00 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\pCastCtl.dll
[2006/10/15 15:57:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/06/15 18:20:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/06/15 18:20:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/06/15 18:20:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/06/15 18:20:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/06/15 18:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/06/15 18:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/26 20:56:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/05/15 18:22:58 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/05/08 16:10:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/08 15:32:30 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2005/05/07 13:24:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/05/07 12:56:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/05/07 11:23:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/05/07 11:20:28 | 000,003,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/05/07 11:20:26 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
< End of report >


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 29 April 2010 - 06:41 PM

Hello, Gest.

OK, if it's running good on your end, it looks like you're clean. Please continue with step 1 if it's running OK.



Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites
Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 Gest

Gest
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 30 April 2010 - 09:59 PM

Thank you for all of your help etavares.

When you say continue with step 1, are you referring to uninstalling/updating adobe? I did that before my last post. Did it not show up?

Again, everything seems fine now, so I thank you again for your assistance.

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 01 May 2010 - 05:26 AM

Sorry for the confusion, I left out the "step 1" header. Step 1 is running combofix /uninstall and OTC to clean up the quarantined files and the tools we used. It's important to do both of those steps.

You're welcome.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users