Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run GMER or fixwareout


  • This topic is locked This topic is locked
12 replies to this topic

#1 howlingwolf1

howlingwolf1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 11 October 2010 - 07:57 PM

Running Windows XP Pro. Malewarebytes installed and ran, Super Antivirus installed and ran. Downloaded Rkill. DDS.txt is posted:

DDS (Ver_10-10-10.02) - NTFSx86
Run by Mike at 16:59:55.29 on Mon 10/11/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1031 [GMT -7:00]

AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = mike
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\4752ec04-f2ab-4d1b-8609-bd5e48ab7176.com
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-30 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-14 1691480]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 jsyvl;jsyvl;c:\windows\system32\drivers\xluym.sys [2010-5-21 54016]

=============== Created Last 30 ================

2010-10-11 18:46:50 -------- d-----w- c:\docume~1\mike\applic~1\SUPERAntiSpyware.com
2010-10-11 18:46:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-11 18:46:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-11 07:24:31 -------- d--h--w- c:\windows\PIF
2010-10-11 07:20:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 07:20:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 07:20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-09 04:24:52 -------- d-----w- c:\docume~1\mike\applic~1\AVG10
2010-10-09 04:23:22 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-09 04:21:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-09 03:38:56 -------- d-----w- c:\program files\AVG
2010-10-09 03:03:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-06 16:31:23 67072 --sha-r- c:\windows\system32\wmpasfk.dll
2010-09-27 14:50:40 -------- d-----w- c:\program files\iPod
2010-09-27 14:50:37 -------- d-----w- c:\program files\iTunes
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-09-27 14:44:21 -------- d-----w- c:\program files\Bonjour
2010-09-21 08:48:23 89088 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2010-09-21 08:47:23 -------- d-----w- C:\IntelPRO
2010-09-21 08:46:00 98752 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-09-21 08:46:00 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-09-21 08:03:49 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-09-21 08:03:49 -------- d-----w- C:\Intel
2010-09-21 06:07:27 33599 ----a-w- c:\windows\system32\drivers\wATV04nt.sys
2010-09-21 06:07:27 29311 ----a-w- c:\windows\system32\drivers\wATV01nt.sys
2010-09-21 06:07:27 23615 ----a-w- c:\windows\system32\drivers\wCh7xxNT.sys
2010-09-21 06:07:27 19551 ----a-w- c:\windows\system32\drivers\wATV02NT.sys
2010-09-21 06:07:27 19455 ----a-w- c:\windows\system32\drivers\wVchNTxx.sys
2010-09-21 06:07:27 12127 ----a-w- c:\windows\system32\drivers\wADV02NT.sys
2010-09-21 06:07:27 12063 ----a-w- c:\windows\system32\drivers\wSiINTxx.sys
2010-09-21 06:07:27 11775 ----a-w- c:\windows\system32\drivers\wADV05NT.sys
2010-09-21 06:07:24 702845 ----a-w- c:\windows\system32\i81xdnt5.dll
2010-09-21 06:07:24 161020 ----a-w- c:\windows\system32\drivers\i81xnt5.sys
2010-09-21 06:07:24 12415 ----a-w- c:\windows\system32\drivers\wADV01nt.sys
2010-09-21 05:59:52 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-09-21 05:58:46 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-09-13 23:27:24 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

==================== Find3M ====================

2010-10-11 06:58:29 2356 ----a-w- c:\windows\system32\tmp.reg
2010-10-05 05:44:16 28144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-21 08:45:58 44 ----a-w- c:\windows\system32\msssc.dll
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 17:01:58.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:01:58 PM

Posted 20 October 2010 - 08:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


PW

#3 howlingwolf1

howlingwolf1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 October 2010 - 09:42 AM

Thank you for your response. Update: I've been scanning with Malwarebytes, SuperAnitVirus, Kerpasky online scanner. I was getting Google search redirects, also seem to be having alot of svchost memory usage. I was unable for awhile to run the Gmer program. Here are the logs you requested.


DDS (Ver_10-10-10.02) - NTFSx86
Run by Mike at 12:22:32.29 on Wed 10/20/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1074 [GMT -7:00]

AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = mike
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-30 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-14 1691480]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 jsyvl;jsyvl;c:\windows\system32\drivers\xluym.sys [2010-5-21 54016]

=============== Created Last 30 ================

2010-10-16 19:26:14 -------- d-----w- C:\Downloads
2010-10-15 04:27:01 -------- d-----w- c:\docume~1\mike\applic~1\LimeWire
2010-10-15 04:25:51 -------- d-----w- c:\program files\LimeWire
2010-10-12 18:10:47 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 18:10:47 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 18:10:26 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 18:46:50 -------- d-----w- c:\docume~1\mike\applic~1\SUPERAntiSpyware.com
2010-10-11 18:46:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-11 18:46:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-11 07:24:31 -------- d--h--w- c:\windows\PIF
2010-10-11 07:20:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 07:20:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 07:20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-09 04:24:52 -------- d-----w- c:\docume~1\mike\applic~1\AVG10
2010-10-09 04:23:22 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-09 04:21:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-09 03:38:56 -------- d-----w- c:\program files\AVG
2010-10-09 03:03:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-06 16:31:23 67072 --sha-r- c:\windows\system32\wmpasfk.dll
2010-09-27 14:50:40 -------- d-----w- c:\program files\iPod
2010-09-27 14:50:37 -------- d-----w- c:\program files\iTunes
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-09-27 14:47:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-09-27 14:44:21 -------- d-----w- c:\program files\Bonjour
2010-09-21 08:48:23 89088 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2010-09-21 08:47:23 -------- d-----w- C:\IntelPRO
2010-09-21 08:46:00 98752 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-09-21 08:46:00 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-09-21 08:03:49 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-09-21 08:03:49 -------- d-----w- C:\Intel
2010-09-21 06:07:27 33599 ----a-w- c:\windows\system32\drivers\wATV04nt.sys
2010-09-21 06:07:27 29311 ----a-w- c:\windows\system32\drivers\wATV01nt.sys
2010-09-21 06:07:27 23615 ----a-w- c:\windows\system32\drivers\wCh7xxNT.sys
2010-09-21 06:07:27 19551 ----a-w- c:\windows\system32\drivers\wATV02NT.sys
2010-09-21 06:07:27 19455 ----a-w- c:\windows\system32\drivers\wVchNTxx.sys
2010-09-21 06:07:27 12127 ----a-w- c:\windows\system32\drivers\wADV02NT.sys
2010-09-21 06:07:27 12063 ----a-w- c:\windows\system32\drivers\wSiINTxx.sys
2010-09-21 06:07:27 11775 ----a-w- c:\windows\system32\drivers\wADV05NT.sys
2010-09-21 06:07:24 702845 ----a-w- c:\windows\system32\i81xdnt5.dll
2010-09-21 06:07:24 161020 ----a-w- c:\windows\system32\drivers\i81xnt5.sys
2010-09-21 06:07:24 12415 ----a-w- c:\windows\system32\drivers\wADV01nt.sys
2010-09-21 05:59:52 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-09-21 05:58:46 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys

==================== Find3M ====================

2010-10-11 06:58:29 2356 ----a-w- c:\windows\system32\tmp.reg
2010-10-05 05:44:16 28144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-21 08:45:58 44 ----a-w- c:\windows\system32\msssc.dll
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 12:23:15.10 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/27/2009 10:49:39 PM
System Uptime: 10/19/2010 10:00:29 PM (14 hours ago)

Motherboard: Intel Corporation | | D845GERG2
Processor: Intel® Pentium® 4 CPU 2.20GHz | J2E1 | 2199/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 16.612 GiB free.
E: is FIXED (FAT32) - 75 GiB total, 5.11 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/7/2010 05:09:40 PM - System Checkpoint
RP2: 10/8/2010 07:25:04 PM - System Checkpoint
RP3: 10/9/2010 07:45:32 PM - System Checkpoint
RP4: 10/11/2010 01:04:29 AM - System Checkpoint
RP5: 10/12/2010 01:42:06 AM - System Checkpoint
RP6: 10/13/2010 02:42:02 AM - System Checkpoint
RP7: 10/14/2010 03:41:50 AM - System Checkpoint
RP8: 10/15/2010 06:24:28 AM - System Checkpoint
RP9: 10/16/2010 06:20:46 AM - Software Distribution Service 3.0
RP10: 10/19/2010 10:20:51 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Audacity 1.2.6
Bonjour
Canon MP530
CCleaner
Cool MP3 Splitter
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iPhone Configuration Utility
iTunes
Java™ 6 Update 17
LimeWire 5.4.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Small Business
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
MobileMe Control Panel
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Olympus Digital Wave Player
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Roxio Easy Media Creator 8 Suite
Safari
Security Advisor
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic CinePlayer Decoder Pack
SoundMAX
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

10/16/2010 06:13:21 AM, error: Service Control Manager [7034] - The QoS RSVP service terminated unexpectedly. It has done this 1 time(s).
10/16/2010 05:58:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/15/2010 08:46:52 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/15/2010 08:46:52 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
10/15/2010 08:28:05 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
10/15/2010 03:33:20 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
10/15/2010 03:32:24 PM, error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: The system cannot find the file specified.
10/15/2010 03:28:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde TfFsMon TfSysMon
10/14/2010 10:09:26 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
10/14/2010 10:09:26 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
10/14/2010 10:09:26 PM, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s).
10/14/2010 10:09:26 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
10/14/2010 10:09:26 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2010 10:09:26 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2010 10:09:26 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2010 10:09:26 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2010 10:09:26 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2010 10:09:26 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2010 10:09:26 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/14/2010 10:09:26 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/14/2010 10:09:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss RxFilter SASDIFSV SASKUTIL Tcpip TfFsMon TfSysMon
10/14/2010 10:09:26 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 10:09:26 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 10:09:26 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 10:09:26 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 10:09:26 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 10:09:26 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/14/2010 09:59:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/14/2010 09:58:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/14/2010 09:55:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
10/14/2010 09:55:22 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
10/14/2010 09:54:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/14/2010 09:51:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm RxFilter SASDIFSV SASKUTIL TfFsMon TfSysMon
10/14/2010 09:50:19 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/14/2010 09:50:19 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
10/14/2010 09:48:11 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-21 07:17:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\awloikod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- EOF - GMER 1.0.15 ----

Thanks for your help..

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 22 October 2010 - 06:00 PM

Hi howlingwolf1,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.

Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:

    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.

In your next reply, please post back:

1.TDSSKiller.txt
2.OTListIt.txt and Extra.txt Thanks

#5 howlingwolf1

howlingwolf1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 23 October 2010 - 03:35 PM

Thank you for your help here are the reports. Mike

2010/10/23 13:19:47.0691 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 13:19:47.0691 ================================================================================
2010/10/23 13:19:47.0691 SystemInfo:
2010/10/23 13:19:47.0691
2010/10/23 13:19:47.0691 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/23 13:19:47.0691 Product type: Workstation
2010/10/23 13:19:47.0691 ComputerName: HOME-19C33F4763
2010/10/23 13:19:47.0707 UserName: Mike
2010/10/23 13:19:47.0707 Windows directory: C:\WINDOWS
2010/10/23 13:19:47.0707 System windows directory: C:\WINDOWS
2010/10/23 13:19:47.0707 Processor architecture: Intel x86
2010/10/23 13:19:47.0707 Number of processors: 1
2010/10/23 13:19:47.0707 Page size: 0x1000
2010/10/23 13:19:47.0707 Boot type: Normal boot
2010/10/23 13:19:47.0707 ================================================================================
2010/10/23 13:19:47.0848 Initialize success
2010/10/23 13:19:51.0097 ================================================================================
2010/10/23 13:19:51.0097 Scan started
2010/10/23 13:19:51.0097 Mode: Manual;
2010/10/23 13:19:51.0097 ================================================================================
2010/10/23 13:19:52.0191 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/23 13:19:52.0254 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/23 13:19:52.0394 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/10/23 13:19:52.0457 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/23 13:19:52.0551 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/23 13:19:53.0066 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/10/23 13:19:53.0379 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/23 13:19:53.0425 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/23 13:19:53.0597 ati2mtag (1bc00580219007683339b3a78b8f2232) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/23 13:19:53.0660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/23 13:19:53.0769 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/23 13:19:53.0894 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/10/23 13:19:53.0941 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/23 13:19:54.0050 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/23 13:19:54.0113 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/23 13:19:54.0175 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/23 13:19:54.0238 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/23 13:19:54.0519 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/23 13:19:54.0613 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/23 13:19:54.0675 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/23 13:19:54.0722 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/23 13:19:54.0785 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/23 13:19:54.0878 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/23 13:19:54.0941 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/10/23 13:19:55.0003 E1000 (785db16f68a89d4500a93625cead7b0e) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/10/23 13:19:55.0082 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/23 13:19:55.0144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/23 13:19:55.0191 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/23 13:19:55.0238 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/23 13:19:55.0300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/23 13:19:55.0347 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/23 13:19:55.0410 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/23 13:19:55.0519 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/23 13:19:55.0566 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/23 13:19:55.0628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/23 13:19:55.0691 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/23 13:19:55.0847 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/23 13:19:55.0988 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/10/23 13:19:56.0066 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/10/23 13:19:56.0128 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/10/23 13:19:56.0175 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/10/23 13:19:56.0206 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/10/23 13:19:56.0269 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/10/23 13:19:56.0331 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/10/23 13:19:56.0394 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
2010/10/23 13:19:56.0425 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
2010/10/23 13:19:56.0472 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
2010/10/23 13:19:56.0535 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/10/23 13:19:56.0613 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/10/23 13:19:56.0660 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/10/23 13:19:56.0706 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/10/23 13:19:56.0753 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
2010/10/23 13:19:56.0831 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
2010/10/23 13:19:56.0956 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/23 13:19:57.0050 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/23 13:19:57.0378 IntcAzAudAddService (86da76435b3cd52ce9033ddd1a3d2f74) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/23 13:19:57.0503 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/23 13:19:57.0581 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/23 13:19:57.0644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/23 13:19:57.0722 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/23 13:19:57.0753 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/23 13:19:57.0800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/23 13:19:57.0863 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/23 13:19:57.0925 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/23 13:19:57.0972 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/23 13:19:58.0050 jsyvl (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\xluym.sys
2010/10/23 13:19:58.0113 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/23 13:19:58.0144 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/23 13:19:58.0191 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/23 13:19:58.0253 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/23 13:19:58.0425 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/23 13:19:58.0488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/23 13:19:58.0644 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/10/23 13:19:58.0722 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/23 13:19:58.0816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/23 13:19:58.0863 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/23 13:19:59.0034 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/10/23 13:19:59.0144 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/10/23 13:19:59.0222 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/23 13:19:59.0316 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/23 13:19:59.0394 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/23 13:19:59.0456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/23 13:19:59.0503 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/23 13:19:59.0534 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/23 13:19:59.0597 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/23 13:19:59.0644 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/23 13:19:59.0706 NAL (ab7cc5ddfa1557bab312e12abb6a5158) C:\WINDOWS\system32\Drivers\iqvw32.sys
2010/10/23 13:19:59.0769 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/23 13:19:59.0831 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/23 13:19:59.0878 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/23 13:19:59.0925 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/23 13:19:59.0972 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/23 13:20:00.0003 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/23 13:20:00.0066 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/23 13:20:00.0191 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/23 13:20:00.0269 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/23 13:20:00.0347 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/23 13:20:00.0441 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/23 13:20:00.0503 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/23 13:20:00.0566 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/23 13:20:00.0612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/23 13:20:00.0675 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/23 13:20:00.0737 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/23 13:20:00.0816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/23 13:20:00.0878 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/23 13:20:01.0191 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/23 13:20:01.0284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/23 13:20:01.0331 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/23 13:20:01.0378 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/23 13:20:01.0628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/23 13:20:01.0690 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/23 13:20:01.0753 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/23 13:20:01.0800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/23 13:20:01.0862 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/23 13:20:01.0894 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/23 13:20:01.0956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/23 13:20:02.0034 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/23 13:20:02.0081 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/23 13:20:02.0237 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/10/23 13:20:02.0284 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/23 13:20:02.0472 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/10/23 13:20:02.0550 RxFilter (04cc07c9f18b137e17e8a3c3d8b90c23) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2010/10/23 13:20:02.0722 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/23 13:20:02.0769 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/23 13:20:02.0862 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/23 13:20:02.0956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/23 13:20:03.0019 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/23 13:20:03.0097 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/23 13:20:03.0269 smwdm (c908f7a3326e794789cac485b73149b4) C:\WINDOWS\system32\drivers\smwdm.sys
2010/10/23 13:20:03.0393 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/23 13:20:03.0456 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/23 13:20:03.0565 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/23 13:20:03.0643 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/23 13:20:03.0675 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/23 13:20:03.0893 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/23 13:20:04.0003 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/23 13:20:04.0081 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/23 13:20:04.0128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/23 13:20:04.0190 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/23 13:20:04.0472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/23 13:20:04.0565 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/23 13:20:04.0659 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/23 13:20:04.0722 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/23 13:20:04.0815 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/23 13:20:04.0847 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/23 13:20:04.0909 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/23 13:20:04.0987 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/23 13:20:05.0034 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/23 13:20:05.0081 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/23 13:20:05.0128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/23 13:20:05.0190 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/23 13:20:05.0221 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/10/23 13:20:05.0284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/23 13:20:05.0393 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2010/10/23 13:20:05.0456 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/23 13:20:05.0534 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/23 13:20:05.0628 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/23 13:20:05.0753 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/23 13:20:05.0893 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/10/23 13:20:05.0987 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/23 13:20:06.0065 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/23 13:20:06.0112 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/23 13:20:06.0362 ================================================================================
2010/10/23 13:20:06.0362 Scan finished
2010/10/23 13:20:06.0362 ================================================================================
2010/10/23 13:20:31.0235 Deinitialize success



OTL logfile created on: 10/23/2010 PM 01:21:33 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.53 Gb Free Space | 22.18% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 5.12 Gb Free Space | 6.87% Space Free | Partition Type: FAT32

Computer Name: HOME-19C33F4763 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 13:08:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/21 16:13:40 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/10/21 16:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/10/21 16:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/10/21 15:54:54 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2002/10/23 10:15:08 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/06/26 17:36:58 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe


========== Modules (SafeList) ==========

MOD - [2010/10/23 13:08:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2005/10/21 16:09:44 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/10/21 16:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/10/21 16:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/21 13:58:02 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/10/21 13:57:20 | 000,405,504 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2002/09/27 11:56:20 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/05/21 09:20:08 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\xluym.sys -- (jsyvl)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/08 19:15:44 | 005,860,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/10 11:57:01 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/03/10 11:56:52 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/10/21 14:34:30 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/08/30 22:42:36 | 001,333,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/27 04:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 23:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/03 23:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/03 23:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/03 23:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/03 23:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/10/16 00:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-329068152-1844823847-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-329068152-1844823847-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


[2009/11/04 19:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2009/08/07 22:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/13 22:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\hvdk109d.default\extensions
[2009/11/04 19:36:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\hvdk109d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 09:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/10 23:58:23 | 000,000,848 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-1844823847-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-1844823847-839522115-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-1844823847-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1844823847-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/27 23:46:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/01/31 14:25:04 | 000,000,000 | RH-D | M] - E:\autorun -- [ FAT32 ]
O33 - MountPoints2\{45b6ed58-9cd2-11de-915d-0016761ce5be}\Shell - "" = AutoRun
O33 - MountPoints2\{45b6ed58-9cd2-11de-915d-0016761ce5be}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 13:19:37 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/10/23 13:08:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/20 12:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/17 03:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/10/16 12:26:14 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/10/16 05:49:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Recent
[2010/10/14 21:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\LimeWire
[2010/10/14 21:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\LimeWire
[2010/10/14 21:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/10/11 11:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\SUPERAntiSpyware.com
[2010/10/11 11:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/11 11:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/11 11:45:45 | 009,157,960 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Mike\Desktop\SAS_FREE.EXE
[2010/10/11 00:24:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/10/11 00:20:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/11 00:20:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/11 00:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/08 21:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\AVG10
[2010/10/08 21:23:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/08 21:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/08 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/08 20:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/28 20:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Downloads
[2010/09/27 07:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/27 07:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/27 07:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 13:19:01 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/23 13:08:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/23 13:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/23 13:04:38 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 13:04:36 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/23 12:01:23 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\Agqo.job
[2010/10/23 12:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 11:26:14 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/21 17:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/19 16:55:19 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2010/10/19 16:55:05 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Calculator (2).lnk
[2010/10/16 12:30:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/16 12:30:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/16 11:21:53 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 06:28:08 | 000,441,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/16 06:28:08 | 000,071,206 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/14 21:40:36 | 003,878,092 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\ComboFix.exe
[2010/10/14 21:27:47 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Mike\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/14 21:26:09 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\LimeWire 5.4.6.lnk
[2010/10/11 16:59:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mike\defogger_reenable
[2010/10/11 16:59:11 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Defogger.exe
[2010/10/11 15:52:26 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\iExplore.exe
[2010/10/11 15:52:14 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.scr
[2010/10/11 15:52:08 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 15:52:00 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.com
[2010/10/11 11:46:12 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/11 11:45:45 | 009,157,960 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Mike\Desktop\SAS_FREE.EXE
[2010/10/11 00:24:32 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.pif
[2010/10/10 23:58:29 | 000,002,356 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/10/10 23:37:33 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SmitfraudFix.exe
[2010/10/09 11:39:12 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/06 21:20:07 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/06 09:31:23 | 000,067,072 | RHS- | M] () -- C:\WINDOWS\System32\wmpasfk.dll
[2010/10/04 22:44:16 | 000,028,144 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/04 11:09:04 | 008,108,370 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\HuntingRegs2010.pdf
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/10/01 11:21:38 | 000,001,114 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Music.lnk
[2010/10/01 10:29:00 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/09/29 18:10:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/27 07:47:09 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/27 07:35:21 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/27 07:35:21 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 13:18:54 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/19 16:55:19 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2010/10/19 16:55:05 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Calculator (2).lnk
[2010/10/15 12:47:50 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.scr
[2010/10/15 12:47:50 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/15 12:47:50 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.com
[2010/10/15 12:47:50 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\iExplore.exe
[2010/10/14 21:40:36 | 003,878,092 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\ComboFix.exe
[2010/10/14 21:27:47 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Mike\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/14 21:26:09 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\LimeWire 5.4.6.lnk
[2010/10/11 16:59:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\defogger_reenable
[2010/10/11 16:59:11 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Defogger.exe
[2010/10/11 11:46:12 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/11 11:44:17 | 007,163,936 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SUPERAntiSpyware.exe
[2010/10/11 00:20:47 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.pif
[2010/10/10 23:37:32 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SmitfraudFix.exe
[2010/10/09 11:54:45 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\gmer.exe
[2010/10/09 11:40:56 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/06 09:31:23 | 000,067,072 | RHS- | C] () -- C:\WINDOWS\System32\wmpasfk.dll
[2010/10/06 09:31:23 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\Agqo.job
[2010/10/04 22:34:25 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Shortcut to Damn Good Music.lnk
[2010/10/04 11:09:04 | 008,108,370 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\HuntingRegs2010.pdf
[2010/10/01 11:21:49 | 000,001,114 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Music.lnk
[2010/09/27 07:51:41 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/27 07:47:09 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/27 07:31:01 | 000,000,629 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/09/21 01:45:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2010/09/20 23:07:24 | 000,702,845 | ---- | C] () -- C:\WINDOWS\System32\i81xdnt5.dll
[2010/05/21 09:20:08 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xluym.sys
[2010/04/02 14:53:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\housecall.guid.cache
[2010/01/05 11:23:54 | 000,155,992 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\rx_audio.Cache
[2010/01/05 11:12:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\rx_image.Cache
[2009/11/05 19:38:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/12 10:31:24 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/14 17:11:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2009/04/12 18:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2009/04/12 18:03:58 | 000,004,389 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/02 10:54:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2009/04/02 10:54:26 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2009/03/27 10:46:33 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2009/03/27 10:46:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2009/03/20 18:52:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/18 21:19:07 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/16 19:39:31 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/27 15:18:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/10/24 20:35:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/21 14:07:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/10/19 16:56:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/10/07 15:48:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

========== LOP Check ==========

[2010/10/07 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOME-19C33F4763\Application Data\Uniblue
[2010/10/10 23:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/03/08 11:23:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/08 21:23:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/08 20:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/28 11:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/18 21:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/05/28 06:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/09 16:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Makyah\Application Data\AVG10
[2009/04/15 17:19:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Makyah\Application Data\Broderbund
[2009/04/12 18:36:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Maria\Application Data\Broderbund
[2010/10/08 21:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\AVG10
[2009/04/12 18:32:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mike\Application Data\Broderbund
[2010/01/30 02:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Canon
[2009/10/09 23:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/23 13:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\LimeWire
[2010/05/24 23:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Uniblue
[2010/10/23 12:01:23 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\Tasks\Agqo.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/10/06 09:31:23 | 000,067,072 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wmpasfk.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/10/23 12:01:23 | 000,000,308 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\Agqo.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/27 15:16:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/02/27 15:16:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/02/27 15:16:46 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys
[2010/10/16 05:57:30 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2010/08/26 06:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mike\My Documents\swiftdeer portrait.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mike\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mike\My Documents\illegalimmigrants.jpg:Roxio EMC Stream
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


OTL Extras logfile created on: 10/23/2010 PM 01:21:33 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.53 Gb Free Space | 22.18% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 5.12 Gb Free Space | 6.87% Space Free | Partition Type: FAT32

Computer Name: HOME-19C33F4763 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-329068152-1844823847-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"E:\Programs\Trendnet\Setup.exe" = E:\Programs\Trendnet\Setup.exe:*:Enabled:Setup -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Maria\Local Settings\Application Data\asam.exe" = C:\Documents and Settings\Maria\Local Settings\Application Data\asam.exe:*:Disabled:enable -- File not found
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2713384-7398-43E9-9D43-565B3A7FEFEE}" = Security Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel® PROSet
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool MP3 Splitter" = Cool MP3 Splitter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Thanks again Sundavis..

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 23 October 2010 - 04:18 PM

Hi howlingwolf1,


Step1


  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    DRV - [2010/05/21 09:20:08 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\xluym.sys -- (jsyvl)
    IE - HKU\S-1-5-21-329068152-1844823847-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKU\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-1844823847-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-1844823847-839522115-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-1844823847-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
    O32 - AutoRun File - [2003/01/31 14:25:04 | 000,000,000 | RH-D | M] - E:\autorun -- [ FAT32 ]
    O33 - MountPoints2\{45b6ed58-9cd2-11de-915d-0016761ce5be}\Shell - "" = AutoRun
    O33 - MountPoints2\{45b6ed58-9cd2-11de-915d-0016761ce5be}\Shell\AutoRun - "" = Auto&Play
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    [2010/10/23 12:01:23 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\Agqo.job
    [2010/10/16 06:28:08 | 000,441,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/16 06:28:08 | 000,071,206 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/10 23:58:29 | 000,002,356 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
    [2010/10/06 09:31:23 | 000,067,072 | RHS- | M] () -- C:\WINDOWS\System32\wmpasfk.dll
    [2010/05/21 09:20:08 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xluym.sys
    
    :Files
    C:\WINDOWS\system32\wmpasfk.dll
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    [Reboot]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.

Step2

  • If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  • Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow Combofix to continue scanning for malware.
  • When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  • Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post back:

1.OTL delete log
2.ComboFix log

Let me know if you have any remaining issues on your pc.

#7 howlingwolf1

howlingwolf1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 23 October 2010 - 09:05 PM

Okay here are the post you requested. On going issues left, the redirects stopped, but I seem to be using alot of memory with svchost.

All processes killed
========== OTL ==========
Service jsyvl stopped successfully!
Service jsyvl deleted successfully!
C:\WINDOWS\system32\drivers\xluym.sys moved successfully.
Registry value HKEY_USERS\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
C:\WINDOWS\Downloaded Program Files\oscan8.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b6ed58-9cd2-11de-915d-0016761ce5be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45b6ed58-9cd2-11de-915d-0016761ce5be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b6ed58-9cd2-11de-915d-0016761ce5be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45b6ed58-9cd2-11de-915d-0016761ce5be}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\WINDOWS\tasks\Agqo.job moved successfully.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
File C:\WINDOWS\System32\tmp.reg not found.
C:\WINDOWS\system32\wmpasfk.dll moved successfully.
File C:\WINDOWS\System32\drivers\xluym.sys not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\wmpasfk.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 162560 bytes

User: Administrator.HOME-19C33F4763
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 333680 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43988 bytes
->Flash cache emptied: 56504 bytes

User: Guest
->Temp folder emptied: 1218508 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 74418308 bytes
->Apple Safari cache emptied: 157672448 bytes
->Flash cache emptied: 4271 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 35099 bytes

User: Makyah
->Temp folder emptied: 18365903 bytes
->Temporary Internet Files folder emptied: 28425681 bytes
->Java cache emptied: 2670838 bytes
->Apple Safari cache emptied: 1110016 bytes
->Flash cache emptied: 34460 bytes

User: Maria
->Temp folder emptied: 151687369 bytes
->Temporary Internet Files folder emptied: 86520099 bytes
->Java cache emptied: 49607145 bytes
->FireFox cache emptied: 2177045 bytes
->Apple Safari cache emptied: 1744896 bytes
->Flash cache emptied: 115442 bytes

User: Mike
->Temp folder emptied: 173769575 bytes
->Temporary Internet Files folder emptied: 80607771 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27006419 bytes
->Google Chrome cache emptied: 69938722 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2011460 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19992692 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 740097 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 502192 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 909.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.HOME-19C33F4763

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: Makyah
->Flash cache emptied: 0 bytes

User: Maria
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.0 log created on 10232010_174638

OTL by OldTimer - Version 3.2.17.0 log created on 10232010_174638

ComboFix 10-10-22.05 - Mike 10/23/2010 18:38:18.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1158 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.HOME-19C33F4763\Application Data\020000009ae5ede9669C.manifest
c:\documents and settings\Administrator.HOME-19C33F4763\Application Data\020000009ae5ede9669O.manifest
c:\documents and settings\Administrator.HOME-19C33F4763\Application Data\020000009ae5ede9669P.manifest
c:\documents and settings\Administrator.HOME-19C33F4763\Application Data\020000009ae5ede9669S.manifest
c:\documents and settings\Mike\Application Data\020000009ae5ede9669C.manifest
c:\documents and settings\Mike\Application Data\020000009ae5ede9669O.manifest
c:\documents and settings\Mike\Application Data\020000009ae5ede9669P.manifest
c:\documents and settings\Mike\Application Data\020000009ae5ede9669S.manifest
c:\windows\Downloaded Program Files\Lang
c:\windows\Downloaded Program Files\Lang\ara\IGDIara.dll
c:\windows\Downloaded Program Files\Lang\arb\IGDIarb.dll
c:\windows\Downloaded Program Files\Lang\chs\IGDIchs.dll
c:\windows\Downloaded Program Files\Lang\cht\IGDIcht.dll
c:\windows\Downloaded Program Files\Lang\csy\IGDIcsy.dll
c:\windows\Downloaded Program Files\Lang\dan\IGDIdan.dll
c:\windows\Downloaded Program Files\Lang\deu\IGDIdeu.dll
c:\windows\Downloaded Program Files\Lang\ell\IGDIell.dll
c:\windows\Downloaded Program Files\Lang\eng\IGDIeng.dll
c:\windows\Downloaded Program Files\Lang\esp\IGDIesp.dll
c:\windows\Downloaded Program Files\Lang\fin\IGDIfin.dll
c:\windows\Downloaded Program Files\Lang\fra\IGDIfra.dll
c:\windows\Downloaded Program Files\Lang\frc\IGDIfrc.dll
c:\windows\Downloaded Program Files\Lang\heb\IGDIheb.dll
c:\windows\Downloaded Program Files\Lang\hun\IGDIhun.dll
c:\windows\Downloaded Program Files\Lang\ita\IGDIita.dll
c:\windows\Downloaded Program Files\Lang\jpn\IGDIjpn.dll
c:\windows\Downloaded Program Files\Lang\kor\IGDIkor.dll
c:\windows\Downloaded Program Files\Lang\nld\IGDInld.dll
c:\windows\Downloaded Program Files\Lang\nor\IGDInor.dll
c:\windows\Downloaded Program Files\Lang\plk\IGDIplk.dll
c:\windows\Downloaded Program Files\Lang\ptb\IGDIptb.dll
c:\windows\Downloaded Program Files\Lang\ptg\IGDIptg.dll
c:\windows\Downloaded Program Files\Lang\rus\IGDIrus.dll
c:\windows\Downloaded Program Files\Lang\sve\IGDIsve.dll
c:\windows\Downloaded Program Files\Lang\tha\IGDItha.dll
c:\windows\Downloaded Program Files\Lang\trk\IGDItrk.dll
c:\windows\Downloaded Program Files\Win2000
c:\windows\Downloaded Program Files\Win2000\hccutils.dll
c:\windows\Downloaded Program Files\Win2000\hkcmd.exe
c:\windows\Downloaded Program Files\Win2000\i830mnt5.cat
c:\windows\Downloaded Program Files\Win2000\ialmcoin.dll
c:\windows\Downloaded Program Files\Win2000\ialmdd5.dll
c:\windows\Downloaded Program Files\Win2000\ialmdev5.dll
c:\windows\Downloaded Program Files\Win2000\ialmdnt5.dll
c:\windows\Downloaded Program Files\Win2000\ialmgdev.dll
c:\windows\Downloaded Program Files\Win2000\ialmgicd.dll
c:\windows\Downloaded Program Files\Win2000\ialmnt5.inf
c:\windows\Downloaded Program Files\Win2000\ialmnt5.sys
c:\windows\Downloaded Program Files\Win2000\ialmrem.dll
c:\windows\Downloaded Program Files\Win2000\ialmrnt5.dll
c:\windows\Downloaded Program Files\Win2000\igfxcfg.exe
c:\windows\Downloaded Program Files\Win2000\igfxcpl.cpl
c:\windows\Downloaded Program Files\Win2000\igfxdev.dll
c:\windows\Downloaded Program Files\Win2000\igfxdgps.dll
c:\windows\Downloaded Program Files\Win2000\igfxdiag.exe
c:\windows\Downloaded Program Files\Win2000\igfxdo.dll
c:\windows\Downloaded Program Files\Win2000\igfxeud.dll
c:\windows\Downloaded Program Files\Win2000\igfxexps.dll
c:\windows\Downloaded Program Files\Win2000\igfxext.exe
c:\windows\Downloaded Program Files\Win2000\igfxhara.lhp
c:\windows\Downloaded Program Files\Win2000\igfxharb.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhchs.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhcht.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhcsy.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhdan.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhdeu.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhell.lhp
c:\windows\Downloaded Program Files\Win2000\igfxheng.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhenu.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhesp.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhfin.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhfra.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhfrc.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhheb.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhhun.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhita.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhjpn.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhk.dll
c:\windows\Downloaded Program Files\Win2000\igfxhkor.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhnld.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhnor.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhplk.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhptb.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhptg.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhrus.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhsve.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhtha.lhp
c:\windows\Downloaded Program Files\Win2000\igfxhtrk.lhp
c:\windows\Downloaded Program Files\Win2000\igfxpph.dll
c:\windows\Downloaded Program Files\Win2000\igfxrara.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrarb.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrchs.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrcht.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrcsy.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrdan.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrdeu.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrell.lrc
c:\windows\Downloaded Program Files\Win2000\igfxreng.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrenu.lrc
c:\windows\Downloaded Program Files\Win2000\igfxresp.lrc
c:\windows\Downloaded Program Files\Win2000\igfxress.dll
c:\windows\Downloaded Program Files\Win2000\igfxrfin.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrfra.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrfrc.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrheb.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrhun.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrita.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrjpn.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrkor.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrnld.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrnor.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrplk.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrptb.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrptg.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrrus.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrsve.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrtha.lrc
c:\windows\Downloaded Program Files\Win2000\igfxrtrk.lrc
c:\windows\Downloaded Program Files\Win2000\igfxsrvc.dll
c:\windows\Downloaded Program Files\Win2000\igfxtray.exe
c:\windows\Downloaded Program Files\Win2000\igfxzoom.exe
c:\windows\Downloaded Program Files\Win2000\oemdspif.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\msssc.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMATHXNSECBVF
-------\Service_PRAGMAthxnsecbvf


((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 00:46 . 2010-10-24 00:46 -------- d-----w- C:\_OTL
2010-10-17 10:02 . 2010-10-17 10:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-10-16 19:26 . 2010-10-21 17:44 -------- d-----w- C:\Downloads
2010-10-15 04:27 . 2010-10-24 01:47 -------- d-----w- c:\documents and settings\Mike\Application Data\LimeWire
2010-10-15 04:25 . 2010-10-15 04:26 -------- d-----w- c:\program files\LimeWire
2010-10-12 18:10 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 18:10 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 18:10 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 18:46 . 2010-10-11 18:46 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2010-10-11 18:46 . 2010-10-11 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-11 18:46 . 2010-10-16 09:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-11 07:24 . 2010-10-11 07:24 -------- d--h--w- c:\windows\PIF
2010-10-11 07:20 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 07:20 . 2010-10-11 07:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 07:20 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-09 23:47 . 2010-10-09 23:47 -------- d-----w- c:\documents and settings\Makyah\Application Data\AVG10
2010-10-09 04:24 . 2010-10-09 04:24 -------- d-----w- c:\documents and settings\Mike\Application Data\AVG10
2010-10-09 04:23 . 2010-10-09 04:23 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-09 04:21 . 2010-10-11 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-09 03:38 . 2010-10-09 03:38 -------- d-----w- c:\program files\AVG
2010-10-09 03:03 . 2010-10-09 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-07 22:59 . 2010-10-07 22:59 -------- d-----w- c:\documents and settings\Administrator.HOME-19C33F4763\Application Data\Uniblue
2010-09-27 14:50 . 2010-09-27 14:50 -------- d-----w- c:\program files\iPod
2010-09-27 14:50 . 2010-09-27 14:51 -------- d-----w- c:\program files\iTunes
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-09-27 14:44 . 2010-09-27 14:44 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-16 12:57 . 2004-08-04 12:00 153344 ----a-w- c:\windows\system32\drivers\dmio.sys
2010-09-18 19:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-13 23:27 . 2010-09-13 23:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-09 13:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 04:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-21 163840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-27 90112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-09 18790432]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McciCMService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 04:27 PM 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2009 08:23 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/14/2010 09:00 PM 1691480]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 03:23]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 03:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 18:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\*& x**O*h*** *\InfFile]
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-23 18:51:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-24 01:51

Pre-Run: 18,583,482,368 bytes free
Post-Run: 20,034,101,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5355BD09E3BFCF65C3B48A1CF293DB2C

Thanks. Mike

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 23 October 2010 - 11:01 PM

Hi howlingwolf1,




Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup)

On the Update tab, click on Update Now buttons. When done, press Apply and OK the button. Then clear your java cache as instructed in this thread .


Step1

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\*& x**O*h*** *\InfFile]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.



Step3

Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.

  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.ComboFix log
2.Kas Online Scan Report

Tell me how your pc is running now.

#9 howlingwolf1

howlingwolf1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 24 October 2010 - 01:33 PM

Hi, okay I updated the java consel, but there was no button to clear the cache. Ran Combofix and ATF Cleaner. The Kerpasky online virus scan it did not turn up anything and did not post a report(?). The computor ran great after the combofix and atf cleaner, but slowed down again after the kerpasky scan. I have an instance of Svchost.exe using a lot of memory, I monitored this in Windows Task Manager.

ComboFix 10-10-22.05 - Mike 10/23/2010 23:13:02.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1151 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 05:51 . 2010-10-24 05:51 -------- d-----w- c:\program files\Common Files\Java
2010-10-24 05:51 . 2010-09-15 11:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-24 00:46 . 2010-10-24 00:46 -------- d-----w- C:\_OTL
2010-10-17 10:02 . 2010-10-17 10:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-10-16 19:26 . 2010-10-21 17:44 -------- d-----w- C:\Downloads
2010-10-15 04:27 . 2010-10-24 06:01 -------- d-----w- c:\documents and settings\Mike\Application Data\LimeWire
2010-10-15 04:25 . 2010-10-15 04:26 -------- d-----w- c:\program files\LimeWire
2010-10-12 18:10 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 18:10 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 18:10 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 18:46 . 2010-10-11 18:46 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2010-10-11 18:46 . 2010-10-11 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-11 18:46 . 2010-10-16 09:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-11 07:24 . 2010-10-11 07:24 -------- d--h--w- c:\windows\PIF
2010-10-11 07:20 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 07:20 . 2010-10-11 07:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 07:20 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-09 23:47 . 2010-10-09 23:47 -------- d-----w- c:\documents and settings\Makyah\Application Data\AVG10
2010-10-09 04:24 . 2010-10-09 04:24 -------- d-----w- c:\documents and settings\Mike\Application Data\AVG10
2010-10-09 04:23 . 2010-10-09 04:23 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-09 04:21 . 2010-10-11 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-09 03:38 . 2010-10-09 03:38 -------- d-----w- c:\program files\AVG
2010-10-09 03:03 . 2010-10-09 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-07 22:59 . 2010-10-07 22:59 -------- d-----w- c:\documents and settings\Administrator.HOME-19C33F4763\Application Data\Uniblue
2010-09-27 14:50 . 2010-09-27 14:50 -------- d-----w- c:\program files\iPod
2010-09-27 14:50 . 2010-09-27 14:51 -------- d-----w- c:\program files\iTunes
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-09-27 14:47 . 2010-09-27 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-09-27 14:44 . 2010-09-27 14:44 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-16 12:57 . 2004-08-04 12:00 153344 ----a-w- c:\windows\system32\drivers\dmio.sys
2010-09-18 19:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:29 . 2009-04-26 02:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 23:27 . 2010-09-13 23:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-09 13:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 04:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-10-24_01.46.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-24 06:00 . 2010-10-24 06:00 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
+ 2010-10-24 05:51 . 2010-09-15 11:50 153376 c:\windows\system32\javaws.exe
+ 2010-10-24 05:51 . 2010-09-15 11:50 145184 c:\windows\system32\javaw.exe
- 2009-11-20 16:54 . 2009-10-11 12:17 145184 c:\windows\system32\javaw.exe
+ 2010-10-24 05:51 . 2010-09-15 11:50 145184 c:\windows\system32\java.exe
- 2009-11-20 16:54 . 2009-10-11 12:17 145184 c:\windows\system32\java.exe
+ 2010-10-24 05:51 . 2010-10-24 05:51 180224 c:\windows\Installer\e25bd0.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-21 163840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-27 90112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-09 18790432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McciCMService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 04:27 PM 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2009 08:23 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/14/2010 09:00 PM 1691480]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 03:23]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 03:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\*& x**O*h*** *\InfFile]
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-23 23:21:39
ComboFix-quarantined-files.txt 2010-10-24 06:21
ComboFix2.txt 2010-10-24 05:46
ComboFix3.txt 2010-10-24 01:51

Pre-Run: 19,906,502,656 bytes free
Post-Run: 19,902,791,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0C0A2340F2A15CBF3C03B693DA8634B8
Thanks again. Mike

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 24 October 2010 - 01:53 PM

Hi howlingwolf1,



I have an instance of Svchost.exe using a lot of memory...

Go to this thread for your reference. Hope that helps.


but there was no button to clear the cache..


  • Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked

    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
  • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Try the following instead if still not working for Kas Online Scanner:


Please run the ESET Online Scanner
Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt .
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


#11 howlingwolf1

howlingwolf1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 24 October 2010 - 11:46 PM

Okay cleared the Java Consel and ran ESET online scanner. I'll reboot and see how the computor runs and let you know. Thanks for the threads. Here is the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=99f15f2354b80346b993ffb582e17b1c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-25 03:34:03
# local_time=2010-10-24 08:34:03 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 457264 457264 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=117108
# found=9
# cleaned=9
# scan_time=3244
C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0D63300B-A4DE-4FB7-A317-C0A812841AC9}\RP12\A0021564.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0D63300B-A4DE-4FB7-A317-C0A812841AC9}\RP13\A0021670.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0D63300B-A4DE-4FB7-A317-C0A812841AC9}\RP4\A0004514.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0D63300B-A4DE-4FB7-A317-C0A812841AC9}\RP4\A0004517.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\System Volume Information\_restore{0D63300B-A4DE-4FB7-A317-C0A812841AC9}\RP4\A0004619.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\System Volume Information\_restore{0D63300B-A4DE-4FB7-A317-C0A812841AC9}\RP4\A0004621.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Programs\Downloads\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Programs\Downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Thanks again. Mike

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 25 October 2010 - 01:03 AM

Hi howlingwolf1,



You log appears to be clean now. :thumbsup: If you have no remaining issues on your pc, lets do some tidy up and we can send you on your way.


Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2

Start OTL from your desktop.
  • Double click OTL and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 27 October 2010 - 11:52 AM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users