Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to upload my dds, ark and attach


  • This topic is locked This topic is locked
30 replies to this topic

#1 flutelaura

flutelaura

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 23 September 2010 - 07:41 PM

I don't know where to start!! I clicked on a news link and my computer went nuts. I followed the procedures here but am unable to upload or post to this forum.

I've been on chat and was directed to go to Kepersky and run a program because of the google redirects. I ran it multiple times but I still could not post. Then I was directed to go to go2s and still I was unable to post.

I decided to come to my neighbor's house and post. I have gmail and I emailed the dds, ark and attach so I could post over here, but the email never arrived and when I check my email account at the neighbors, it shows I never sent an email from my home computer.

I have run AVG, Malwarebytes, Spybot and Avast, but nothing works . . . and I am unable to upload to this bleeping computer site from my infected computer.

I was advised to post this even though I have not logs to help you with. My C/D drive is non-functioning so I will get a flash drive and try to download the logs onto that. I don't know what else to do.

Thank you in advance for any help and guidance you can give me. I truly appreciate your kindness!!!

It took some time, but I was able to forward the dds text via my email program to my neighbor's computer and then upload to bleeping computer here, but the ark and attach gave me problems. I attached them to the email but when my neighbor's email program attempted to open the files, aol popped up a dialog box that stated it was unable to scan the attachments. I didn't feel comfortable opening ark and attach on this other computer so I'm still unable to post those diagnostics. Hopefully the dds text will be somewhate helpful! Thanks again for any help you can give me!




DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 19:48:37.31 on Wed 09/22/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.521 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
svchost.exe
svchost.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:WINDOWSsystem32rundll32.exe
C:PROGRA~1AVGAVG9avgtray.exe
C:PROGRA~1ALWILS~1Avast5avastUI.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32devldr32.exe
svchost.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:WINDOWSSystem32svchost.exe -k imgsvc
C:Program FilesAVGAVG9avgemc.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32MacromedDirectorSwDnld.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Documents and SettingsOwnerDesktopdds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = www.google.com/
uSearch Bar =
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uWinlogon: Shell=c:documents and settingsownerapplication datahotfix.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_06binssv.dll
BHO: {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [AOL Fast Start] "c:progra~1aol9~1.1AOL.EXE" -b
uRun: [Microsoft Works Update Detection] c:program filesmicrosoft worksWkDetect.exe
uRun: [Otawolozikequ] rundll32.exe "c:windowstimatms.dll",Startup
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [avast5] c:progra~1alwils~1avast5avastUI.exe /nogui
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
mRun: [Nnezotetacoyuce] rundll32.exe "c:windowsuqukonej.dll",Startup
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_06binssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:program filesplaysushiPSText.dll
Trusted Zone: yahoo.comlogin
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper200711281.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172022724202
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://pogo.oberon-media.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:program fileshphpcoretechcomphpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
mASetup: {FDC32A47-A70D-4F9E-97DD-7E08EA9C6BF8} - rundll32.exe "c:documents and settingsownerapplication databitrix securityfadosvlk.dll", DllUnrer

================= FIREFOX ===================

FF - ProfilePath - c:docume~1ownerapplic~1mozillafirefoxprofilesoi5vljlb.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - component: c:documents and settingsownerapplication datamozillafirefoxprofilesoi5vljlb.defaultextensionstextlinks@playsushi.comcomponentsPlaySushiFF.dll
FF - component: c:program filesavgavg9firefoxcomponentsavgssff.dll
FF - component: c:program filesmozilla firefoxextensions{ab2ce124-6272-4b12-94a9-7303c7397bd1}componentsSkypeFfComponent.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: XULRunner: {55710C99-6858-4165-9F14-D2313A6AC357} - c:documents and settingsownerlocal settingsapplication data{55710C99-6858-4165-9F14-D2313A6AC357}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-4-22 64160]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-3-11 165584]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-11-24 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-11-24 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2009-11-24 243024]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2010-3-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-3-11 40384]
R2 avg9emc;AVG Free E-mail Scanner;c:program filesavgavg9avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-7-15 308136]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:windowssystem32driversHIDKbFlt.sys [2005-7-25 23680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2009-1-18 1029456]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-3-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-3-11 40384]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:windowssystem32driversLV532AV.SYS [2010-2-18 152576]

=============== Created Last 30 ================

2010-09-22 23:46:03 0 ----a-w- c:documents and settingsownerdefogger_reenable
2010-09-22 20:54:38 120 ----a-w- c:windowsLseluqazefijoci.dat
2010-09-22 20:54:38 0 ----a-w- c:windowsPpice.bin
2010-09-21 13:36:26 0 d-----w- c:docume~1alluse~1applic~1Update
2010-09-21 13:35:48 0 d-----w- c:docume~1ownerapplic~1Bitrix Security
2010-09-20 23:00:02 664 ----a-w- c:windowssystem32d3d9caps.dat
2010-09-03 16:40:05 1693696 ----a-w- c:windowssystem32ltclr13n.dll
2010-09-03 16:40:04 90112 ----a-w- c:windowssystem32lfjbg13n.dll
2010-09-03 16:40:04 73728 ----a-w- c:windowssystem32lffax13n.dll
2010-09-03 16:40:04 388608 ----a-w- c:windowssystem32lfcmp13n.dll
2010-09-03 16:40:04 142848 ----a-w- c:windowssystem32lftif13n.dll
2010-09-03 16:40:03 445440 ----a-w- c:windowssystem32ltimg13n.dll
2010-09-03 16:40:03 246272 ----a-w- c:windowssystem32lfj2k13n.dll
2010-09-03 16:40:03 206848 ----a-w- c:windowssystem32ltefx13n.dll
2010-09-03 16:40:03 154112 ----a-w- c:windowssystem32ltfil13n.dll
2010-09-03 16:40:02 453120 ----a-w- c:windowssystem32ltkrn13n.dll
2010-09-03 16:40:02 265216 ----a-w- c:windowssystem32ltdis13n.dll
2010-09-03 16:40:02 189976 ----a-w- c:windowssystem32mfimgvwr.ocx
2010-09-03 16:39:20 0 d-----w- c:program filesMFInstall
2010-09-03 00:47:57 0 d-----w- c:program filesInvoke Solutions

==================== Find3M ====================

2010-09-07 15:12:17 38848 ----a-w- c:windowsavastSS.scr
2010-08-17 13:17:06 58880 ----a-w- c:windowssystem32spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:windowssystem32rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:windowssystem32xpsp4res.dll
2010-07-15 13:29:39 12536 ----a-w- c:windowssystem32avgrsstx.dll
2010-06-30 12:31:35 149504 ----a-w- c:windowssystem32schannel.dll
2010-06-25 16:15:58 1186208 ----a-w- c:program filesspsetup102.exe
2010-06-25 16:03:13 4064168 ----a-w- c:program filesdfsetup120.exe
2010-06-25 15:59:21 3396176 ----a-w- c:program filesccsetup233.exe
2010-06-09 20:32:37 128832577 ----a-w- c:program filesStorytellingAlice.zip
2010-03-11 17:13:25 69903 ----a-w- c:program filesCookieJar.zip
2010-03-11 16:48:57 45942928 ----a-w- c:program filessetup_av_free.exe
2009-11-24 22:37:02 891248 ----a-w- c:program filesavg_free_stb_all_9_40_cnet.exe
2009-08-20 14:17:48 3278552 ----a-w- c:program filesccsetup222.exe
2009-05-06 13:40:15 15083520 ----a-w- c:program filesspybotsd160.exe
2009-04-29 13:50:42 3226856 ----a-w- c:program filesccsetup219.exe
2009-02-11 20:33:14 1480136 ----a-w- c:program filesArtistScope_IE_42.exe
2008-12-26 12:31:23 606168 ----a-w- c:program filesAmazonMP3Installer.exe
2008-11-05 18:07:27 9204272 ----a-w- c:program filesSpyhunter-Detection-Utility-Install.exe
2008-08-26 01:17:03 58671 ----a-w- c:program filesStartupCPL.zip
2008-05-21 21:46:56 6039048 ----a-w- c:program filesFirefox Setup 2.0.0.14.exe
2008-04-19 01:02:20 432576 ----a-w- c:program filesMySpaceIM_Setup.exe
2008-03-02 20:59:04 17710968 ----a-w- c:program filesavinstall.exe
2007-08-29 02:33:46 33241 ----a-w- c:program filessdfree.exe
2007-08-26 20:23:17 513320 ----a-w- c:program fileserunt.zip
2007-03-30 01:58:15 12051128 ----a-w- c:program filesEDC_FT0.exe
2007-03-29 16:16:49 40738456 ----a-w- c:program fileszlsSetup_70_337_000_en.exe
2007-03-13 01:38:24 2685104 ----a-w- c:program filesccsetup138.exe
2007-02-28 01:55:49 2566736 ----a-w- c:program filesspywareblastersetup351.exe
2007-02-28 01:15:44 5037072 ----a-w- c:program filesspybotsd14.exe
2007-02-28 00:58:26 4322304 ----a-w- c:program filesaawsepersonal.exe
2007-02-22 03:06:23 380583 ----a-w- c:program filesFolding@Home503.EXE
2008-09-09 19:58:08 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008090920080910index.dat

============= FINISH: 19:51:15.07 ===============

I'm certain I've been infected with that TDSS rootkit virus, which I've had before and used both MBAM and TDSSkiller to remove, but TDSSkiller keeps stating that \HardDisk0\MBR is infected and no matter what it does (cure or quaranteen) it never goes away. apart from the usual symptoms (the redirects from google searches) I've also been getting random popups to equally random sites, and occasionally my internet doesn't seem to respond at all when I start it or open a link in a new tab or page. I've tried a couple of times to get TDSSkiller to get rid of the infection, but my computer crashes, or crashes while booting, if I selected cure. I recently had to restore to an earlier restore point to get my computer to even boot again. I don't know if this is part of the infection, but I've never had this problem before now.

clapping.gif

Finally, I was able to upload ark and attach logs from another computer. I'm sorry I do not know how to add to my original post . . . Hopefully the logs will help!

Thanks again!

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 28 September 2010 - 09:02 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:16 PM

Posted 29 September 2010 - 05:03 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 flutelaura

flutelaura
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 29 September 2010 - 06:49 PM

Thank you very much Myrti for your help with this problem.

I seem to be unable to stop the Avast Virus Definition Database Updater from running. I unchecked the Avast program from the msconfig startup, but it seems to uncheck itself automatically. If this is a problem, can you please tell me how to disable it?

I ran The Mirror Scan but was unable to post the texts to bleeping computer from my home computer. I tried to even email the texts to my neighbor's computer, but as soon as I posted the text in the body of the email, the computer froze and I had to reboot. I finally had to cut and paste both texts into works word processing document and save it under a different name - then I was able to paste it into an email and send it to my neighbor. While I was wrestling over why my puter was freezing - I ran that Kapersky dss again because it helps to run it again - now I wonder if I should have run that? I'm sorry if this messed up the scan - I've been working for hours and hours and hours trying to get this info to you. Let me know if running the scan was bad and I'll run the Mirror Scan again and post results again. (Now that I know how to bypass all the blocks this malware presents!)

OTL Extras logfile created on: 9/29/2010 5:44:44 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.15 Gb Total Space | 21.18 Gb Free Space | 55.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HP-542X
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1337:UDP" = 1337:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"1336:UDP" = 1336:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1250346471\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1250346471\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4FDD1003-E0DE-3F4F-EE3E-1F2D715A7334}" = Antivirus 2010
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}}_is1" = Invoke Solutions Participant 6.2.0.1452
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"1200UB Plus v1.2" = 1200UB Plus v1.2
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"FTW" = Family Tree Maker
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KEMailKb" = Internet Keyboard Elite
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"Speccy" = Speccy
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1202660629-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Inquisit 3 Web Edition" = Inquisit 3 Web Edition
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/8/2009 10:10:21 AM | Computer Name = HP-542X | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module cdmyidd.dll, version 5.1.6.8, fault address 0x0000e8c5.
Error - 4/8/2009 10:10:25 AM | Computer Name = HP-542X | Source = Application Error | ID = 1001
Description = Fault bucket 1139880515.
Error - 4/9/2009 12:14:40 PM | Computer Name = HP-542X | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module cdmyidd.dll, version 5.1.6.8, fault address 0x00014033.
Error - 4/9/2009 12:14:45 PM | Computer Name = HP-542X | Source = Application Error | ID = 1001
Description = Fault bucket 1140199566.
Error - 4/10/2009 11:38:03 PM | Computer Name = HP-542X | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module cdmyidd.dll, version 5.1.6.8, fault address 0x00054660.
Error - 4/10/2009 11:38:06 PM | Computer Name = HP-542X | Source = Application Error | ID = 1001
Description = Fault bucket 1144242848.
Error - 4/12/2009 9:31:11 PM | Computer Name = HP-542X | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module cdmyidd.dll, version 5.1.6.8, fault address 0x0001f6d4.
Error - 4/12/2009 9:31:15 PM | Computer Name = HP-542X | Source = Application Error | ID = 1001
Description = Fault bucket 1150300644.
Error - 4/14/2009 9:40:35 AM | Computer Name = HP-542X | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module cdmyidd.dll, version 5.1.6.8, fault address 0x00012a3b.
Error - 4/14/2009 9:40:43 AM | Computer Name = HP-542X | Source = Application Error | ID = 1001
Description = Fault bucket 1140037656.
[ System Events ]
Error - 9/26/2010 8:31:14 PM | Computer Name = HP-542X | Source = PlugPlayManager | ID = 12
Description = The device 'SAMSUNG DVD-ROM SD-616F' (IDE\CdRomSAMSUNG_DVD-ROM_SD-616F_________________F102____\5&d636049&0&0.1.0)
disappeared from the system without first being prepared for removal.
Error - 9/27/2010 8:45:54 AM | Computer Name = HP-542X | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
Error - 9/27/2010 7:12:58 PM | Computer Name = HP-542X | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
Error - 9/27/2010 7:15:05 PM | Computer Name = HP-542X | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 9/28/2010 8:53:57 AM | Computer Name = HP-542X | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
Error - 9/28/2010 1:01:45 PM | Computer Name = HP-542X | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
Error - 9/28/2010 1:06:02 PM | Computer Name = HP-542X | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
Error - 9/28/2010 10:23:29 PM | Computer Name = HP-542X | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
Error - 9/29/2010 1:15:16 PM | Computer Name = HP-542X | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
Error - 9/29/2010 5:41:54 PM | Computer Name = HP-542X | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126
< End of report >
OTL logfile created on: 9/29/2010 5:44:44 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.15 Gb Total Space | 21.18 Gb Free Space | 55.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HP-542X
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/09/29 13:18:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/09/23 09:31:47 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/07 22:39:37 | 003,016,560 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/21 11:43:41 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 09:29:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:29:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:24:58 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:24:42 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/03 19:34:21 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2001/08/17 23:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
========== Modules (SafeList) ==========
MOD - [2010/09/29 13:18:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\6to4v32.dll -- (6to4)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/21 11:43:41 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:29:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/03 19:34:21 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/14 14:36:00 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/07/15 09:29:58 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:24:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 08:38:26 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/04/22 18:33:51 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/12/14 17:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/06 17:01:50 | 004,024,832 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/07/25 06:13:00 | 000,023,680 | ---- | M] (Dritek System Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HIDKbFlt.sys -- (HIDKbFlt)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/15 23:41:10 | 000,152,576 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 13:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 13:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2000/08/18 13:57:52 | 000,017,524 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\..\URLSearchHook: {9ee802e8-c931-47ab-b570-aa8f791598ca} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.0.20071211
FF - prefs.js..extensions.enabledItems: {55710C99-6858-4165-9F14-D2313A6AC357}:1.9.1
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 09:34:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{55710C99-6858-4165-9F14-D2313A6AC357}: C:\Documents and Settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357} [2010/09/21 22:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/01 16:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 16:00:03 | 000,000,000 | ---D | M]
[2009/04/10 07:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/24 20:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oi5vljlb.default\extensions
[2010/03/19 13:33:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oi5vljlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/13 11:13:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oi5vljlb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/20 10:19:25 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oi5vljlb.default\searchplugins\aol-search.xml
[2010/09/24 20:27:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/18 16:23:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/07/24 18:21:31 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/07/24 18:21:34 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2010/09/21 08:08:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
O1 HOSTS File: ([2008/09/03 12:49:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No CLSID value found.
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {F35CE83E-9EBF-40D5-AE87-53F982389740} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {F35CE83E-9EBF-40D5-AE87-53F982389740} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\..\Toolbar\WebBrowser: (no name) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nnezotetacoyuce] C:\WINDOWS\uqukonej.DLL File not found
O4 - HKU\S-1-5-21-1202660629-1383384898-839522115-1003..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1202660629-1383384898-839522115-1003..\Run: [Otawolozikequ] C:\WINDOWS\timatms.DLL File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll File not found
O15 - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1202660629-1383384898-839522115-1003\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1172022724202 (WUWebControl Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab (Maid Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://download-games.pogo.com/online2/pog...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/bin...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab (InetDownload Class)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://pogo.oberon-media.com/online2/pogo/...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://rms2.invokesolutions.com/events/bin...1450/MILive.cab (Invoke Solutions Participant Control(MR))
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://clubgames.pogo.com/online2/pogop/ma...ameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1202660629-1383384898-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Owner\Application Data\hotfix.exe) - C:\Documents and Settings\Owner\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/19 23:51:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Folding@Home 5.03.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\aol\1250346471\ee\aolsoftware.exe (AOL LLC)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - C:\Program Files\Microsoft Works\WkDetect.exe File not found
MsConfig - StartUpReg: PanelApp - hkey= - key= - C:\Documents and Settings\Owner\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC32A47-A70D-4F9E-97DD-7E08EA9C6BF8} - rundll32.exe "C:\Documents and Settings\Owner\Application Data\Bitrix Security\fadosvlk.dll", DllUnrer
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/09/29 13:18:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/24 22:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/24 21:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/09/23 18:43:09 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\ht.exe
[2010/09/23 11:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/09/22 10:24:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/09/22 02:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/22 02:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/21 22:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}
[2010/09/21 09:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/09/21 09:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Bitrix Security
[2010/09/20 18:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/20 18:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/03 12:40:05 | 001,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltclr13n.dll
[2010/09/03 12:40:04 | 000,388,608 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfcmp13n.dll
[2010/09/03 12:40:04 | 000,142,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lftif13n.dll
[2010/09/03 12:40:04 | 000,090,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfjbg13n.dll
[2010/09/03 12:40:04 | 000,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lffax13n.dll
[2010/09/03 12:40:03 | 000,445,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimg13n.dll
[2010/09/03 12:40:03 | 000,246,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfj2k13n.dll
[2010/09/03 12:40:03 | 000,206,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltefx13n.dll
[2010/09/03 12:40:03 | 000,154,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil13n.dll
[2010/09/03 12:40:02 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn13n.dll
[2010/09/03 12:40:02 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltdis13n.dll
[2010/09/03 12:40:02 | 000,189,976 | ---- | C] (MyFamily.com, Inc.) -- C:\WINDOWS\System32\mfimgvwr.ocx
[2010/09/03 12:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\MFInstall
[2010/09/02 20:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Invoke Solutions
[2010/06/25 12:15:39 | 001,186,208 | ---- | C] (Piriform Ltd) -- C:\Program Files\spsetup102.exe
[2010/06/25 12:03:01 | 004,064,168 | ---- | C] (Piriform Ltd) -- C:\Program Files\dfsetup120.exe
[2010/06/25 11:59:11 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup233.exe
[2009/11/24 18:36:56 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_40_cnet.exe
[2009/08/20 10:17:41 | 003,278,552 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup222.exe
[2009/05/06 09:39:58 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe
[2009/04/29 09:50:29 | 003,226,856 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup219.exe
[2009/02/11 16:33:13 | 001,480,136 | ---- | C] (ArtistScope Pty Ltd) -- C:\Program Files\ArtistScope_IE_42.exe
[2008/05/21 17:46:41 | 006,039,048 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.14.exe
[2008/04/18 21:02:19 | 000,432,576 | ---- | C] (MySpace Inc.) -- C:\Program Files\MySpaceIM_Setup.exe
[2008/03/28 16:13:37 | 000,017,524 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2008/03/02 16:59:01 | 017,710,968 | ---- | C] (PC Tools ) -- C:\Program Files\avinstall.exe
[2007/03/29 21:58:14 | 012,051,128 | ---- | C] (CyberDefender Corp.) -- C:\Program Files\EDC_FT0.exe
[2007/03/12 21:38:24 | 002,685,104 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup138.exe
[2007/02/27 21:55:49 | 002,566,736 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup351.exe
[2007/02/27 21:15:44 | 005,037,072 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd14.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/09/29 17:42:38 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/29 17:42:09 | 000,000,810 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/29 17:42:09 | 000,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/29 17:42:09 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/09/29 17:41:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/09/29 17:41:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/29 17:41:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/29 17:41:07 | 1332,772,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/29 13:34:32 | 065,437,042 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.prepare
[2010/09/29 13:34:09 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/29 13:34:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/29 13:33:10 | 001,989,102 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/09/29 13:31:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/29 13:30:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8568F759-FF71-4C57-9860-32BAF496765B}.job
[2010/09/29 13:18:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/28 22:29:23 | 065,414,391 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/27 08:53:23 | 000,001,304 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/09/24 22:34:51 | 088,873,398 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\reg backup.reg
[2010/09/23 18:43:25 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\ht.exe
[2010/09/23 17:36:41 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bleeping computer post.wps
[2010/09/23 11:23:23 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/09/23 10:54:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ppice.bin
[2010/09/22 19:51:16 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/09/22 19:48:25 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/09/22 19:46:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/09/22 19:44:59 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/09/22 19:04:46 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Lseluqazefijoci.dat
[2010/09/21 09:39:09 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/20 18:35:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/13 14:09:16 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\survey.wps
[2010/09/13 13:23:59 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2010.9.2_LC_Prescreener-1_-_FINAL_0908.doc
[2010/09/07 22:42:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/04 12:13:43 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2010/09/04 12:13:36 | 000,398,744 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/09/02 19:46:51 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Bobs cover letter.wps
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/25 22:29:11 | 1332,772,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/24 22:34:27 | 088,873,398 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\reg backup.reg
[2010/09/23 11:19:51 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/09/22 20:33:53 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bleeping computer post.wps
[2010/09/22 19:50:15 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/09/22 19:47:29 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/09/22 19:46:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/09/22 19:44:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/09/22 16:54:38 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lseluqazefijoci.dat
[2010/09/22 16:54:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ppice.bin
[2010/09/21 09:39:08 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/20 19:00:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/13 13:45:41 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\survey.wps
[2010/09/13 13:23:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2010.9.2_LC_Prescreener-1_-_FINAL_0908.doc
[2010/06/09 16:32:25 | 128,832,577 | ---- | C] () -- C:\Program Files\StorytellingAlice.zip
[2010/03/11 13:13:16 | 000,069,903 | ---- | C] () -- C:\Program Files\CookieJar.zip
[2010/03/11 12:48:16 | 045,942,928 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2008/12/26 08:31:12 | 000,606,168 | ---- | C] () -- C:\Program Files\AmazonMP3Installer.exe
[2008/11/05 14:07:04 | 009,204,272 | ---- | C] () -- C:\Program Files\Spyhunter-Detection-Utility-Install.exe
[2008/08/19 22:13:13 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/02/03 00:02:20 | 000,000,043 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2007/10/25 19:12:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI
[2007/09/09 22:55:06 | 000,000,239 | ---- | C] () -- C:\WINDOWS\Trellian.ini
[2007/08/28 22:33:46 | 000,033,241 | ---- | C] () -- C:\Program Files\sdfree.exe
[2007/08/26 20:10:43 | 000,058,671 | ---- | C] () -- C:\Program Files\StartupCPL.zip
[2007/08/26 16:23:16 | 000,513,320 | ---- | C] () -- C:\Program Files\erunt.zip
[2007/06/19 14:53:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2007/03/29 22:16:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2007/03/29 12:46:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2007/03/29 12:15:55 | 040,738,456 | ---- | C] () -- C:\Program Files\zlsSetup_70_337_000_en.exe
[2007/03/13 21:00:48 | 000,000,801 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/02/27 20:58:26 | 004,322,304 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
[2007/02/22 18:07:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/02/22 18:06:59 | 000,001,304 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/21 23:06:21 | 000,380,583 | ---- | C] () -- C:\Program Files\Folding@Home503.EXE
[2007/02/21 21:53:03 | 000,010,828 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2007/02/21 21:50:38 | 000,015,387 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/20 22:03:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/02/20 21:20:18 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/20 20:54:08 | 000,000,210 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/08/18 08:00:00 | 000,533,568 | ---- | C] () -- C:\WINDOWS\System32\mscifsnt.dll
[2000/09/19 17:25:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\bpenhan.dll
[1998/06/11 15:38:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
========== Custom Scans ==========
< CODE >
< %SYSTEMDRIVE%\*.exe >
[2009/08/15 10:34:12 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
< MD5 for: AGP440.SYS >
[2007/02/20 23:45:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/09 15:35:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/02/20 23:45:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/09 15:35:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2007/02/20 23:45:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/09 15:35:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/02/20 23:45:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/09 15:35:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/06/24 08:15:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/06/24 08:15:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/06/24 08:15:27 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007/02/19 18:36:23 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/19 18:36:23 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/19 18:36:23 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/07/15 09:24:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/07/15 09:29:58 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/09/23 11:39:57 | 000,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
========== Files - Unicode (All) ==========
[2008/04/13 20:12:38 | 000,188,416 | ---- | M] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\us
еrinit.exe
[2001/08/18 08:00:00 | 000,188,416 | ---- | C] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\us
еrinit.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD638AEC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76C67845
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:16 PM

Posted 30 September 2010 - 04:21 AM

Hi,

please run ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please also create a backup of the MBR:
  • Please download mbr.exe and save it to C:\windows <- (Important!) if it isn't already present.
  • Open NOTEPAD and copy/paste the text in the quotebox below into it:
    CODE
    @ECHO OFF
    CD "%~DP0"
    MBR -c 0 1 backup_mbr.zip
    DEL %0

  • Save this as mbrlook.bat. Choose to "Save type as - All Files" and save it to your Desktop.
    It should look like this:
  • Double click the mbrlook.bat to run it.
  • A file named mbr.zip will be created on your desktop. Please attach that to your next reply.
Once we have the backup of the file, I'll give you the instructions to replace the MBR.

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 flutelaura

flutelaura
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 30 September 2010 - 03:07 PM

Thank you Myrti - I ran Combofix twice because it somehow froze the first time. Below is the c:/combofix.txt and below that is the omboixog.txt (not sure if you needed this but it is the log that popped up after combofix completed the scan.)

ComboFix 10-09-29.04 - Owner 09/30/2010 15:06:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.655 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
PEV Error: PersonalFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}
c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}\install.rdf
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\All Users\Application Data\Update\seupd.exe
c:\documents and settings\Owner\Application Data\Bitrix Security\arm
c:\documents and settings\Owner\Application Data\Bitrix Security\fadosvlk_shrd
c:\documents and settings\Owner\Application Data\Bitrix Security\fg.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\jje.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\ljgh.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\plk.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\qnf.txt
c:\documents and settings\Owner\My Documents\reg backup.reg
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\certstore.dat
c:\windows\system32\tmp.reg
c:\windows\system32\USRINI~1.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NDISRD
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-25 02:09 . 2010-09-25 02:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-23 13:32 . 2010-09-23 13:32 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 13:32 . 2010-09-23 13:32 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 13:32 . 2010-09-23 13:32 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 13:32 . 2010-09-23 13:32 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 13:32 . 2010-09-23 13:32 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 13:32 . 2010-09-23 13:32 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 13:32 . 2010-09-23 13:32 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 13:32 . 2010-09-23 13:32 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 13:32 . 2010-09-23 13:32 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 13:29 . 2010-09-23 13:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-22 20:54 . 2010-09-23 14:54 0 ----a-w- c:\windows\Ppice.bin
2010-09-22 20:54 . 2010-09-22 23:04 120 ----a-w- c:\windows\Lseluqazefijoci.dat
2010-09-21 13:36 . 2010-09-30 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-20 23:00 . 2010-09-29 17:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-03 16:40 . 2006-10-06 13:35 1693696 ----a-w- c:\windows\system32\ltclr13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 90112 ----a-w- c:\windows\system32\lfjbg13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 73728 ----a-w- c:\windows\system32\lffax13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 388608 ----a-w- c:\windows\system32\lfcmp13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 142848 ----a-w- c:\windows\system32\lftif13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 445440 ----a-w- c:\windows\system32\ltimg13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 246272 ----a-w- c:\windows\system32\lfj2k13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 206848 ----a-w- c:\windows\system32\ltefx13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 154112 ----a-w- c:\windows\system32\ltfil13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 453120 ----a-w- c:\windows\system32\ltkrn13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 265216 ----a-w- c:\windows\system32\ltdis13n.dll
2010-09-03 16:39 . 2010-09-03 16:40 -------- d-----w- c:\program files\MFInstall
2010-09-03 00:47 . 2010-09-03 00:47 -------- d-----w- c:\program files\Invoke Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 15:39 . 2001-08-18 12:00 8832 -c--a-w- c:\windows\system32\drivers\rasacd.sys
2010-09-22 19:00 . 2009-11-24 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-22 14:25 . 2007-02-28 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-07 15:12 . 2010-07-27 00:11 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-03-11 16:49 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-03-11 16:50 46672 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-03-11 16:50 165584 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-03-11 16:50 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-03-11 16:50 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-03-11 16:50 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-03-11 16:50 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-03-11 16:50 28880 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-17 13:17 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-01 20:00 . 2010-03-23 16:33 -------- d-----w- c:\program files\Coupons
2010-07-22 15:49 . 2007-02-21 03:01 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 01:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 13:29 . 2009-11-24 22:59 243024 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:29 . 2010-07-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:24 . 2009-11-24 22:59 216400 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-25 16:15 . 2010-06-25 16:15 1186208 ----a-w- c:\program files\spsetup102.exe
2010-06-25 16:03 . 2010-06-25 16:03 4064168 ----a-w- c:\program files\dfsetup120.exe
2010-06-25 15:59 . 2010-06-25 15:59 3396176 ----a-w- c:\program files\ccsetup233.exe
2010-06-09 20:32 . 2010-06-09 20:32 128832577 ----a-w- c:\program files\StorytellingAlice.zip
2010-03-11 17:13 . 2010-03-11 17:13 69903 ----a-w- c:\program files\CookieJar.zip
2010-03-11 16:48 . 2010-03-11 16:48 45942928 ----a-w- c:\program files\setup_av_free.exe
2009-11-24 22:37 . 2009-11-24 22:36 891248 ----a-w- c:\program files\avg_free_stb_all_9_40_cnet.exe
2009-08-20 14:17 . 2009-08-20 14:17 3278552 ----a-w- c:\program files\ccsetup222.exe
2009-05-06 13:40 . 2009-05-06 13:39 15083520 ----a-w- c:\program files\spybotsd160.exe
2009-04-29 13:50 . 2009-04-29 13:50 3226856 ----a-w- c:\program files\ccsetup219.exe
2009-02-11 20:33 . 2009-02-11 20:33 1480136 ----a-w- c:\program files\ArtistScope_IE_42.exe
2008-12-26 12:31 . 2008-12-26 12:31 606168 ----a-w- c:\program files\AmazonMP3Installer.exe
2008-11-05 18:07 . 2008-11-05 18:07 9204272 ----a-w- c:\program files\Spyhunter-Detection-Utility-Install.exe
2008-08-26 01:17 . 2007-08-27 00:10 58671 ----a-w- c:\program files\StartupCPL.zip
2008-05-21 21:46 . 2008-05-21 21:46 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
2008-04-19 01:02 . 2008-04-19 01:02 432576 ----a-w- c:\program files\MySpaceIM_Setup.exe
2008-03-02 20:59 . 2008-03-02 20:59 17710968 ----a-w- c:\program files\avinstall.exe
2007-08-29 02:33 . 2007-08-29 02:33 33241 ----a-w- c:\program files\sdfree.exe
2007-08-26 20:23 . 2007-08-26 20:23 513320 ----a-w- c:\program files\erunt.zip
2007-03-30 01:58 . 2007-03-30 01:58 12051128 ----a-w- c:\program files\EDC_FT0.exe
2007-03-29 16:16 . 2007-03-29 16:15 40738456 ----a-w- c:\program files\zlsSetup_70_337_000_en.exe
2007-03-13 01:38 . 2007-03-13 01:38 2685104 ----a-w- c:\program files\ccsetup138.exe
2007-02-28 01:55 . 2007-02-28 01:55 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
2007-02-28 01:15 . 2007-02-28 01:15 5037072 ----a-w- c:\program files\spybotsd14.exe
2007-02-28 00:58 . 2007-02-28 00:58 4322304 ----a-w- c:\program files\aawsepersonal.exe
2007-02-22 03:06 . 2007-02-22 03:06 380583 ----a-w- c:\program files\Folding@Home503.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]
"Otawolozikequ"="c:\windows\timatms.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Nnezotetacoyuce"="c:\windows\uqukonej.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
backup=c:\windows\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-03 23:34 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-13 22:48 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 13:30 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\aol\1250346471\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1250346471\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1337:UDP"= 1337:UDP:Windows Media Format SDK (iexplore.exe)
"1336:UDP"= 1336:UDP:Windows Media Format SDK (iexplore.exe)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/22/2009 6:35 PM 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2010 12:50 PM 165584]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/24/2009 6:59 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/24/2009 6:59 PM 243024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2010 12:50 PM 17744]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:25 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:29 AM 308136]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\system32\drivers\HIDKbFlt.sys [7/25/2005 6:13 AM 23680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2/18/2010 4:36 PM 152576]
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:34]

2008-05-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{8568F759-FF71-4C57-9860-32BAF496765B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
Trusted Zone: yahoo.com\login
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\oi5vljlb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
BHO-{9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
Toolbar-{9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
WebBrowser-{9EE802E8-C931-47AB-B570-AA8F791598CA} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-PanelApp - c:\documents and settings\Owner\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
ActiveSetup-{FDC32A47-A70D-4F9E-97DD-7E08EA9C6BF8} - c:\documents and settings\Owner\Application Data\Bitrix Security\fadosvlk.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 15:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A367C76]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74c6852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7460bd4
PacketIndicateHandler -> NDIS.sys @ 0xf746ca21
SendHandler -> NDIS.sys @ 0xf7460d44
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-30 15:33:25
ComboFix-quarantined-files.txt 2010-09-30 19:33

Pre-Run: 23,298,519,040 bytes free
Post-Run: 23,267,688,448 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - F015433159DBCE3166FC90C276343AA5




OMBOIXOG.txt
ComboFix 10-09-29.04 - Owner 09/30/2010 15:06:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.655 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
PEV Error: PersonalFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}
c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{55710C99-6858-4165-9F14-D2313A6AC357}\install.rdf
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\All Users\Application Data\Update\seupd.exe
c:\documents and settings\Owner\Application Data\Bitrix Security\arm
c:\documents and settings\Owner\Application Data\Bitrix Security\fadosvlk_shrd
c:\documents and settings\Owner\Application Data\Bitrix Security\fg.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\jje.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\ljgh.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\plk.txt
c:\documents and settings\Owner\Application Data\Bitrix Security\qnf.txt
c:\documents and settings\Owner\My Documents\reg backup.reg
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\certstore.dat
c:\windows\system32\tmp.reg
c:\windows\system32\USRINI~1.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NDISRD
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-25 02:09 . 2010-09-25 02:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-23 13:32 . 2010-09-23 13:32 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 13:32 . 2010-09-23 13:32 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 13:32 . 2010-09-23 13:32 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 13:32 . 2010-09-23 13:32 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 13:32 . 2010-09-23 13:32 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 13:32 . 2010-09-23 13:32 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 13:32 . 2010-09-23 13:32 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 13:32 . 2010-09-23 13:32 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 13:32 . 2010-09-23 13:32 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 13:29 . 2010-09-23 13:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-22 20:54 . 2010-09-23 14:54 0 ----a-w- c:\windows\Ppice.bin
2010-09-22 20:54 . 2010-09-22 23:04 120 ----a-w- c:\windows\Lseluqazefijoci.dat
2010-09-21 13:36 . 2010-09-30 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-20 23:00 . 2010-09-29 17:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-03 16:40 . 2006-10-06 13:35 1693696 ----a-w- c:\windows\system32\ltclr13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 90112 ----a-w- c:\windows\system32\lfjbg13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 73728 ----a-w- c:\windows\system32\lffax13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 388608 ----a-w- c:\windows\system32\lfcmp13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 142848 ----a-w- c:\windows\system32\lftif13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 445440 ----a-w- c:\windows\system32\ltimg13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 246272 ----a-w- c:\windows\system32\lfj2k13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 206848 ----a-w- c:\windows\system32\ltefx13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 154112 ----a-w- c:\windows\system32\ltfil13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 453120 ----a-w- c:\windows\system32\ltkrn13n.dll
2010-09-03 16:40 . 2006-10-06 13:35 265216 ----a-w- c:\windows\system32\ltdis13n.dll
2010-09-03 16:39 . 2010-09-03 16:40 -------- d-----w- c:\program files\MFInstall
2010-09-03 00:47 . 2010-09-03 00:47 -------- d-----w- c:\program files\Invoke Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 15:39 . 2001-08-18 12:00 8832 -c--a-w- c:\windows\system32\drivers\rasacd.sys
2010-09-22 19:00 . 2009-11-24 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-22 14:25 . 2007-02-28 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-07 15:12 . 2010-07-27 00:11 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-03-11 16:49 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-03-11 16:50 46672 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-03-11 16:50 165584 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-03-11 16:50 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-03-11 16:50 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-03-11 16:50 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-03-11 16:50 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-03-11 16:50 28880 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-17 13:17 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-01 20:00 . 2010-03-23 16:33 -------- d-----w- c:\program files\Coupons
2010-07-22 15:49 . 2007-02-21 03:01 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 01:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 13:29 . 2009-11-24 22:59 243024 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:29 . 2010-07-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:24 . 2009-11-24 22:59 216400 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-25 16:15 . 2010-06-25 16:15 1186208 ----a-w- c:\program files\spsetup102.exe
2010-06-25 16:03 . 2010-06-25 16:03 4064168 ----a-w- c:\program files\dfsetup120.exe
2010-06-25 15:59 . 2010-06-25 15:59 3396176 ----a-w- c:\program files\ccsetup233.exe
2010-06-09 20:32 . 2010-06-09 20:32 128832577 ----a-w- c:\program files\StorytellingAlice.zip
2010-03-11 17:13 . 2010-03-11 17:13 69903 ----a-w- c:\program files\CookieJar.zip
2010-03-11 16:48 . 2010-03-11 16:48 45942928 ----a-w- c:\program files\setup_av_free.exe
2009-11-24 22:37 . 2009-11-24 22:36 891248 ----a-w- c:\program files\avg_free_stb_all_9_40_cnet.exe
2009-08-20 14:17 . 2009-08-20 14:17 3278552 ----a-w- c:\program files\ccsetup222.exe
2009-05-06 13:40 . 2009-05-06 13:39 15083520 ----a-w- c:\program files\spybotsd160.exe
2009-04-29 13:50 . 2009-04-29 13:50 3226856 ----a-w- c:\program files\ccsetup219.exe
2009-02-11 20:33 . 2009-02-11 20:33 1480136 ----a-w- c:\program files\ArtistScope_IE_42.exe
2008-12-26 12:31 . 2008-12-26 12:31 606168 ----a-w- c:\program files\AmazonMP3Installer.exe
2008-11-05 18:07 . 2008-11-05 18:07 9204272 ----a-w- c:\program files\Spyhunter-Detection-Utility-Install.exe
2008-08-26 01:17 . 2007-08-27 00:10 58671 ----a-w- c:\program files\StartupCPL.zip
2008-05-21 21:46 . 2008-05-21 21:46 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
2008-04-19 01:02 . 2008-04-19 01:02 432576 ----a-w- c:\program files\MySpaceIM_Setup.exe
2008-03-02 20:59 . 2008-03-02 20:59 17710968 ----a-w- c:\program files\avinstall.exe
2007-08-29 02:33 . 2007-08-29 02:33 33241 ----a-w- c:\program files\sdfree.exe
2007-08-26 20:23 . 2007-08-26 20:23 513320 ----a-w- c:\program files\erunt.zip
2007-03-30 01:58 . 2007-03-30 01:58 12051128 ----a-w- c:\program files\EDC_FT0.exe
2007-03-29 16:16 . 2007-03-29 16:15 40738456 ----a-w- c:\program files\zlsSetup_70_337_000_en.exe
2007-03-13 01:38 . 2007-03-13 01:38 2685104 ----a-w- c:\program files\ccsetup138.exe
2007-02-28 01:55 . 2007-02-28 01:55 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
2007-02-28 01:15 . 2007-02-28 01:15 5037072 ----a-w- c:\program files\spybotsd14.exe
2007-02-28 00:58 . 2007-02-28 00:58 4322304 ----a-w- c:\program files\aawsepersonal.exe
2007-02-22 03:06 . 2007-02-22 03:06 380583 ----a-w- c:\program files\Folding@Home503.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]
"Otawolozikequ"="c:\windows\timatms.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Nnezotetacoyuce"="c:\windows\uqukonej.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
backup=c:\windows\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-03 23:34 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-13 22:48 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 13:30 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\aol\1250346471\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1250346471\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1337:UDP"= 1337:UDP:Windows Media Format SDK (iexplore.exe)
"1336:UDP"= 1336:UDP:Windows Media Format SDK (iexplore.exe)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/22/2009 6:35 PM 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2010 12:50 PM 165584]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/24/2009 6:59 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/24/2009 6:59 PM 243024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2010 12:50 PM 17744]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:25 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:29 AM 308136]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\system32\drivers\HIDKbFlt.sys [7/25/2005 6:13 AM 23680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2/18/2010 4:36 PM 152576]
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:34]

2008-05-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{8568F759-FF71-4C57-9860-32BAF496765B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
Trusted Zone: yahoo.com\login
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\oi5vljlb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
BHO-{9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
Toolbar-{9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
WebBrowser-{9EE802E8-C931-47AB-B570-AA8F791598CA} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-PanelApp - c:\documents and settings\Owner\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
ActiveSetup-{FDC32A47-A70D-4F9E-97DD-7E08EA9C6BF8} - c:\documents and settings\Owner\Application Data\Bitrix Security\fadosvlk.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 15:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A367C76]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74c6852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7460bd4
PacketIndicateHandler -> NDIS.sys @ 0xf746ca21
SendHandler -> NDIS.sys @ 0xf7460d44
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-30 15:33:25
ComboFix-quarantined-files.txt 2010-09-30 19:33

Pre-Run: 23,298,519,040 bytes free
Post-Run: 23,267,688,448 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - F015433159DBCE3166FC90C276343AA5

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:16 PM

Posted 01 October 2010 - 04:18 AM

Hi,

do you have a Windows CD we could use?

Please run a new scan with Malwarebytes and post the log here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 flutelaura

flutelaura
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 01 October 2010 - 09:39 AM

Good morning Myrti and thanks again for all your help. I do have a copy of a Windows C/D someone gave me but my C/D drive has been giving me problems for some time now . . . the driver disappeared or something. I had someone work on my machine who said they knew what they were doing, but obviously, they didn't and the drive hasn't worked since. My husband thinks the driver is missing . . . I don't know . . . when you pull up my computer, there is no c/d drive. It's odd. I hope my problems aren't your worst nightmare! ohmy.gif

I was surprised yesterday when I was able to upload and post to bleepingcomputer from my home computer - does this mean I'm in recovery? lol



Malwarebytes' Anti-Malware 1.30
Database version: 1403
Windows 5.1.2600 Service Pack 3

10/1/2010 10:34:05 AM
mbam-log-2010-10-01 (10-34-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 95133
Time elapsed: 1 hour(s), 30 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:16 PM

Posted 03 October 2010 - 08:58 AM

Hi,

some of the malware has been removed, but part is still present. Since your CD drive isn't working, I would like you to try to boot into the recovery console on the PC installed by ComboFix:
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
  5. Let me know if a command prompt shows up
  6. type exit to leave it again
Windows will now begin loading.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 flutelaura

flutelaura
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 03 October 2010 - 09:51 AM

Sorry to hear about your PC problems . . . I can relate!! :D

Things are better, for a short time . . . then it freezes and I have to reboot.

I'm not sure how to stop the computer from opening Windows.

I boot up and it automatically passes by the screen that contains "safe mode" and I know I can tap on F8 to get to that screen, but I don't know how to stop it on the recovery console screen.

I tried hitting enter upon reboot but that didn't work either. Is there some key to press so that I can stop it right on that screen?

Thanks again.

Laura

PS I'll keep trying and researching how to do this and if I succeed, I will re-post immediately!

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:16 PM

Posted 03 October 2010 - 10:17 AM

Hi,

does the recovery console not appear in the menu with safe mode?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 flutelaura

flutelaura
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 03 October 2010 - 03:08 PM

If I hit F8 or F10 upon start I am able to scroll down to "Return to OS Choices Menu"

When I click on the Windows Recovery Option, I get a screen that says:

NTLDR is compressed
Press ctl+alt+delete to restart

Then I have a blinking curser, but you can type nothing in the spot including the word "exit" It's just a blinking curser.

You can, however, cntl+alt+delete to start Windows.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:16 PM

Posted 04 October 2010 - 08:20 AM

Hi,

ok, it seems this isn't working either. Do you know how to boot from a flash drive?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 flutelaura

flutelaura
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 04 October 2010 - 09:59 AM

No, I'm sorry I do not know how to boot from a flash drive, however I am sure I can learn if I could find a flashdrive with XP on it. I read a bit on doing this and it said that computers that were over 2 years old probably wouldn't work - my computer is ANCIENT - it's about seven or eight years old.

I'm back at my neighbor's home computer because I can no longer get online AT ALL!! I click on IE and the "Microsoft Security Essentials Alert" pops up. I ran the Kapersky 2xs but it didn't fix it this time - it worked before but not now.

I'm assuming the Microsoft Windows Recovery Console IS loaded on my computer and I'm unable to access it. Is this correct? If not, I was reading about manually loading it by clicking and dragging some icons as shown at the bottom of this link:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I'm fighting discouragement - I don't understand why people would create such trojans that will destroy innocent housewive's computers. It's seems so cruel - I appreciate people like you who are willing to help others you never met. You are very much appreciated.

Laura



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:16 PM

Posted 05 October 2010 - 04:12 AM

Hi,

ok, let's try alternative solutions then. If your PC is that old, it is possible that it is physically incapable of booting from a flash drive, but let's check. When the PC starts booting, press F2 (or the key that is shown on your the screen, this is before the safe mode menu). When you get into the menu, navigate to the tab that says boot order or something similar. In that list, do you see something referncing USB or Flash drives? Please leave the BIOS menu without saving the changes and boot up. Let me know what you find.

Let's see if TDSSKiller will help:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

The recovery console should already be installed, from what I have seen in the logs. The infection however will frequently make it inaccessisble.
Their motivation is easily summarized in one word: money.



regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 flutelaura

flutelaura
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 06 October 2010 - 09:44 AM

Sorry this took so long . . .

I am still unable to get online with IE or Firefox - the "microsoft security essentials alert" keeps popping up

I finally had a brainstorm last night and tried using AOL to get online and here I am!! smile.gif

Previously the TDSSKiller (what I call the Kaperksy thingie) worked - As soon as my computer bogged, I'd run that and I was able to get online - now it doesn't work. No matter what, I cannot get online with IE or Firefox.

I ran the TDSSKiller from the "run" box and the log is below.

As for the BIOS - Here is what the boot menu says:

Boot-time diagnostic screen (disabled)
quick boot mode (enabled)
Boot device priority



I entered "boot device priority" and this is what this menu said:

Hard Drive
Maxtor 4D040H2- (PM)
Bootable add-in cards

Removeable Devices
Legacy floppy drive


Nothing about USB or a flash drive.

My husband still says the c/d drive doesn't work because it does not have a driver. I am still trying to remedy that. (not that I know what I'm doing. . . . but I try!)








2010/10/06 09:55:12.0984 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/10/06 09:55:12.0984 ================================================================================
2010/10/06 09:55:12.0984 SystemInfo:
2010/10/06 09:55:12.0984
2010/10/06 09:55:12.0984 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/06 09:55:12.0984 Product type: Workstation
2010/10/06 09:55:12.0984 ComputerName: HP-542X
2010/10/06 09:55:12.0984 UserName: Owner
2010/10/06 09:55:12.0984 Windows directory: C:\WINDOWS
2010/10/06 09:55:12.0984 System windows directory: C:\WINDOWS
2010/10/06 09:55:12.0984 Processor architecture: Intel x86
2010/10/06 09:55:12.0984 Number of processors: 1
2010/10/06 09:55:12.0984 Page size: 0x1000
2010/10/06 09:55:12.0984 Boot type: Normal boot
2010/10/06 09:55:12.0984 ================================================================================
2010/10/06 09:55:13.0484 Initialize success
2010/10/06 09:55:34.0578 ================================================================================
2010/10/06 09:55:34.0578 Scan started
2010/10/06 09:55:34.0578 Mode: Manual;
2010/10/06 09:55:34.0578 ================================================================================
2010/10/06 09:55:35.0000 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/10/06 09:55:35.0515 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/06 09:55:35.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/06 09:55:36.0203 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/06 09:55:36.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/06 09:55:37.0484 ALCXWDM (9a0a8e525c50b732ea0f8f0b597a95f9) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/10/06 09:55:39.0046 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/10/06 09:55:39.0171 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/10/06 09:55:39.0312 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/10/06 09:55:39.0437 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/10/06 09:55:39.0656 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/10/06 09:55:39.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/06 09:55:40.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/06 09:55:40.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/06 09:55:40.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/06 09:55:41.0125 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/10/06 09:55:41.0359 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/10/06 09:55:41.0609 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/10/06 09:55:41.0921 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/06 09:55:42.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/06 09:55:42.0515 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/06 09:55:42.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/06 09:55:43.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/06 09:55:43.0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/06 09:55:44.0546 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/10/06 09:55:45.0203 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/06 09:55:45.0468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/06 09:55:45.0656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/06 09:55:45.0859 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/06 09:55:46.0078 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/06 09:55:46.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/06 09:55:46.0750 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/10/06 09:55:47.0046 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/10/06 09:55:47.0765 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/06 09:55:48.0609 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/06 09:55:49.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/06 09:55:49.0765 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/06 09:55:50.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/06 09:55:51.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/06 09:55:51.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/06 09:55:52.0718 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/06 09:55:53.0125 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/06 09:55:53.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/06 09:55:54.0468 GT680x (3ed7c522c3361b7f3dd9ae12fb0ee603) C:\WINDOWS\system32\DRIVERS\GT680x.SYS
2010/10/06 09:55:55.0265 HIDKbFlt (f99f9f6a33cd4a8079421ca2a68ed79f) C:\WINDOWS\system32\DRIVERS\HIDKbFlt.sys
2010/10/06 09:55:56.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/06 09:55:57.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/06 09:55:59.0187 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/06 09:55:59.0953 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/06 09:56:01.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/06 09:56:03.0187 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/06 09:56:03.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/06 09:56:04.0359 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/06 09:56:04.0828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/06 09:56:05.0156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/06 09:56:05.0406 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/06 09:56:05.0593 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/06 09:56:05.0765 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/06 09:56:06.0062 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/06 09:56:06.0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/06 09:56:06.0578 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/06 09:56:06.0859 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/10/06 09:56:07.0218 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/10/06 09:56:07.0640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/06 09:56:07.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/06 09:56:08.0328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/06 09:56:08.0843 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/06 09:56:09.0671 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/06 09:56:10.0359 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/06 09:56:10.0843 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/06 09:56:11.0453 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/06 09:56:11.0906 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/06 09:56:12.0187 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/06 09:56:12.0453 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/06 09:56:12.0890 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/06 09:56:13.0281 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/06 09:56:13.0750 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/06 09:56:14.0062 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/06 09:56:14.0390 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/06 09:56:14.0750 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/06 09:56:14.0984 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/06 09:56:15.0281 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/06 09:56:15.0531 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/06 09:56:15.0718 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/06 09:56:15.0906 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/06 09:56:16.0140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/06 09:56:16.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/06 09:56:16.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/06 09:56:17.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/06 09:56:17.0187 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/06 09:56:17.0453 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/06 09:56:17.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/06 09:56:17.0875 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/06 09:56:18.0093 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/06 09:56:18.0312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/06 09:56:18.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/06 09:56:18.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/06 09:56:20.0078 PID_0920 (9b4aff0adade21cba680e074f6be600b) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
2010/10/06 09:56:20.0968 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/10/06 09:56:21.0734 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/06 09:56:21.0968 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/06 09:56:22.0359 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/06 09:56:22.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/06 09:56:23.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/06 09:56:23.0750 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/06 09:56:23.0968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/06 09:56:24.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/06 09:56:24.0562 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/06 09:56:24.0765 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/06 09:56:24.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/06 09:56:25.0203 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/06 09:56:25.0468 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/10/06 09:56:25.0703 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/10/06 09:56:25.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/06 09:56:26.0234 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/06 09:56:26.0578 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/06 09:56:26.0921 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/06 09:56:27.0406 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/10/06 09:56:28.0171 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/06 09:56:28.0984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/06 09:56:29.0468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/06 09:56:30.0156 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/06 09:56:30.0921 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/06 09:56:31.0546 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/06 09:56:32.0046 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/06 09:56:33.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/06 09:56:34.0390 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/06 09:56:35.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/06 09:56:35.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/06 09:56:36.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/06 09:56:37.0375 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS
2010/10/06 09:56:37.0953 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/06 09:56:39.0140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/06 09:56:39.0906 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/06 09:56:40.0484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/06 09:56:41.0203 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/06 09:56:41.0843 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/06 09:56:42.0593 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/06 09:56:43.0296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/06 09:56:43.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/06 09:56:44.0390 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/06 09:56:45.0468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/06 09:56:46.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/06 09:56:46.0687 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/10/06 09:56:47.0625 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/06 09:56:48.0296 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/06 09:56:48.0968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/06 09:56:49.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/06 09:56:50.0250 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/06 09:56:50.0484 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/06 09:56:50.0484 ================================================================================
2010/10/06 09:56:50.0484 Scan finished
2010/10/06 09:56:50.0484 ================================================================================
2010/10/06 09:56:50.0531 Detected object count: 1
2010/10/06 09:57:47.0593 \HardDisk0\MBR - will be cured after reboot
2010/10/06 09:57:47.0609 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/06 09:57:49.0781 Deinitialize success

Edited by flutelaura, 06 October 2010 - 09:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users