Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after 'removing' AntiMalware Doctor & Google redirect: still experiencing issues after removal of virus


  • This topic is locked This topic is locked
62 replies to this topic

#1 DAM091

DAM091

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 30 April 2011 - 02:47 PM

(Sorry, I must've hit something that made the post go through while I was typing a title. It's supposed to read "Problems after 'removing' AntiMalware Doctor & Google redirect: still experiencing issues after removal of virus".)

***NOTE: I have not been able to complete a GMER scan. My system keeps crashing and restarting at some point during the scan. According to Windows, it has to do with a driver error. It only happens during the scan. Here is the error signature I get when it reboots:

BCCode : 1000000a BCP1 : BA918008 BCP2 : 00000005 BCP3 : 00000001
BCP4 : 806D98FE OSVer : 5_1_2600 SP : 3_0 Product : 256_1

And here are the files included in the report:

C:\DOCUME~1\DAM\LOCALS~1\Temp\WERa6d1.dir00\Mini043011-01.dmp
C:\DOCUME~1\DAM\LOCALS~1\Temp\WERa6d1.dir00\sysdata.xml

***

Hello guys, and thanks for your help. Here's my story.

A short while ago, my system became infected with AntiMalware Doctor and Google redirect. After some searching, I found Microsoft Customer Support. After a dozen or so sessions with as many agents, the viruses APPEARED to be gone. The agents would take over control of my system and use programs including SuperAntiSpyware, Malwarebytes AntiMalware, and HiJackThis (although I don't think he used it well). They also installed Microsoft Security Essentials, since I didn't have an antivirus installed.

Here is a list of issues that APPEAR to be resolved:
AntiMalware Doctor infection
Google redirect infection (showed up after AntiMalware Doctor was removed)
Couldn't access Microsoft Update page, including Windows Update & Microsoft Security Essentials definitions
System freezes during startup/shutdown/restart

After they were done, the viruses SEEMED to be gone. However, I now have other issues. My system slows to a crawl often. Audio and video are having serious problems. Sound is choppy and distorted; even the Windows startup and shutdown sounds stutter. Video, whether streaming or saved to my hard drive, stutters constantly. Games using Java or Flash have the same issue, and the sound is out of sync with the video. Internet will work perfectly at times, and become unresponsive at other times. And just now, I got a bluescreen and a restart. That hadn't happened in a long time. And it happened just as I was finishing typing this long post. I am now writing in notepad so I can save, as that was especially frustrating. One of the agents updated my video driver, but it had no effect.

The agents, god bless 'em, they did their best, but I feel my problems were a little over their heads. So after some more searching, I found you guys. I believe that my system may still be infected with remnants of the viruses. I know that it's possible that the viruses are gone, and my problems are unrelated to them. However, I can't be sure until I find someone to look at it who knows what they're doing. That's where you come in. If, in fact, I no longer have an infection, then I'm sorry to have wasted your time. But, on the off chance I do, hopefully you can help me fix my problems. Either way, I appreciate any help you can give me tremendously.

I am on a Compaq Presario M2000 laptop that's pretty old. I'm running XP Pro 32-bit, SP3.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by DAM at 16:00:48.96 on Fri 04/29/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1354 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\DAM\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl23a1d04a;MpKsl23a1d04a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a642c90-6377-4a68-8c45-0ba94ecb8783}\MpKsl23a1d04a.sys [2011-4-29 28752]
R1 MpKslc5bf96a1;MpKslc5bf96a1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a642c90-6377-4a68-8c45-0ba94ecb8783}\MpKslc5bf96a1.sys [2011-4-29 28752]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-23 231424]
S1 MpKsl25b5ec75;MpKsl25b5ec75;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd0e9fd5-e778-4e70-9373-08b72108e4e6}\mpksl25b5ec75.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd0e9fd5-e778-4e70-9373-08b72108e4e6}\MpKsl25b5ec75.sys [?]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\drivers\cbpmp50.sys --> c:\windows\system32\drivers\CBPMp50.sys [?]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2010-5-29 27072]
S3 WPC300N;Linksys Wireless Notebook Adapter WPC300N Driver;c:\windows\system32\drivers\WPC300N.SYS [2010-5-29 822400]
S4 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2010-5-29 106496]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]
S4 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2010-11-3 94024]
.
=============== Created Last 30 ================
.
2011-04-29 19:52:00 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{4a642c90-6377-4a68-8c45-0ba94ecb8783}\MpKslc5bf96a1.sys
2011-04-29 18:35:44 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{4a642c90-6377-4a68-8c45-0ba94ecb8783}\MpKsl23a1d04a.sys
2011-04-29 18:11:04 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{4a642c90-6377-4a68-8c45-0ba94ecb8783}\mpengine.dll
2011-04-22 07:26:43 -------- d-----w- c:\docume~1\dam\applic~1\Unity
2011-04-19 00:33:35 388096 ----a-r- c:\docume~1\dam\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-15 04:43:09 -------- d-----w- c:\windows\Drivers
2011-04-15 04:42:16 -------- d-----w- C:\swsetup
2011-04-15 04:37:00 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2011-04-15 04:36:55 90202 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-04-15 04:36:55 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2011-04-15 04:36:55 186016 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-04-15 04:36:53 77917 ----a-w- c:\windows\system32\SynCOM.dll
2011-04-15 04:36:53 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2011-04-15 04:36:51 -------- d-----w- c:\program files\Synaptics
2011-04-11 17:14:12 -------- d-----w- c:\docume~1\dam\locals~1\applic~1\Sunbelt Software
2011-04-11 15:33:18 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-11 15:13:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-09 00:55:54 0 ----a-w- c:\windows\ativpsrm.bin
2011-04-09 00:01:12 -------- d-----w- c:\docume~1\dam\locals~1\applic~1\ATI
2011-04-08 23:41:32 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-04-08 23:41:32 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-04-08 23:41:32 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-04-08 23:41:31 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-04-08 23:41:31 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-04-08 23:41:30 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-04-08 23:41:29 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-04-08 23:41:16 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-04-08 23:35:29 -------- d-----w- C:\ATI
2011-04-08 22:20:10 -------- d-----w- c:\program files\Sling Media
2011-04-08 21:24:42 -------- d-----w- c:\docume~1\dam\locals~1\applic~1\VS Revo Group
2011-04-06 04:43:19 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-04-06 02:45:56 -------- d-----w- c:\windows\ie8updates
2011-04-05 23:23:54 -------- d-----w- c:\windows\system32\CatRoot2
2011-04-05 22:26:55 -------- d-----w- c:\docume~1\dam\applic~1\TeamViewer
2011-04-05 22:25:51 -------- d-----w- c:\program files\TeamViewer
2011-04-05 16:22:40 -------- dc----w- c:\windows\ie8
2011-04-05 00:47:34 -------- d-----w- c:\docume~1\dam\applic~1\SUPERAntiSpyware.com
2011-04-03 20:39:27 -------- d-----w- c:\program files\Trend Micro
2011-04-03 18:48:57 -------- d-----w- c:\windows\pss
2011-04-01 14:30:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2011-03-29 07:07:44 0 ----a-w- c:\windows\Ezavoxokexaquv.bin
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 16:03:31.20 ===============

I forgot to add the Defogger log to my first post. I got the following error:

"Defogger ran to completion, but one or more errors occured. See defogger_disable.log for more details."

Here is the log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:42 on 30/04/2011 (DAM)

Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Update: I finally got Gmer to run a complete scan without crashing the system. Attached is the ark file.

Sorry for posting on my own topic again. I hope I'm not pushing myself to the back of the line...

Merged posts and fixed title. ~ OB

Attached Files


Edited by Orange Blossom, 01 May 2011 - 01:48 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:06 AM

Posted 09 May 2011 - 01:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 DAM091

DAM091
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 May 2011 - 11:39 AM

Thank you for your reply. Don't worry, I understand that you guys have a lot of people to help. I also understand that you guys do this for free, on your spare time, and out of sheer generosity. I appreciate all your help.

Here are the exact steps I took in following your instructions:
1. I disconnected from the internet.
2. I deactivated Microsoft Security Essentials and shut it down.
3. I ran DDS.
4. I ran Defogger (and got an error; see below).
5. I ran GMER.

I just wanted to point out that I ran all programs from my desktop that were already installed from my first post. If you need me to delete them and reinstall, I can do that.

Here is my Defogger error message:
Defogger ran to completion, but one or more errors occured. See defogger_disable.log for more details.

Here is my Defogger_disable.log:
***
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:58 on 09/05/2011 (DAM)

Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
***

Here is my dds.txt log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by DAM at 10:52:33.32 on Mon 05/09/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1422 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DAM\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-23 231424]
S1 MpKsl25b5ec75;MpKsl25b5ec75;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd0e9fd5-e778-4e70-9373-08b72108e4e6}\mpksl25b5ec75.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd0e9fd5-e778-4e70-9373-08b72108e4e6}\MpKsl25b5ec75.sys [?]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\drivers\cbpmp50.sys --> c:\windows\system32\drivers\CBPMp50.sys [?]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2010-5-29 27072]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 WPC300N;Linksys Wireless Notebook Adapter WPC300N Driver;c:\windows\system32\drivers\WPC300N.SYS [2010-5-29 822400]
S4 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2010-5-29 106496]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]
S4 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2010-11-3 94024]
.
=============== Created Last 30 ================
.
2011-05-09 14:36:54 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{0702a30c-d7b8-4578-8ad2-b1bfd348ac88}\mpengine.dll
2011-05-04 02:18:12 -------- d-----w- c:\program files\KellySoftware
2011-05-01 15:39:39 -------- d-sh--w- C:\found.000
2011-04-30 21:51:53 -------- d-----w- c:\windows\system32\NtmsData
2011-04-30 03:24:12 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-04-30 03:24:12 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-04-30 03:24:12 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-04-30 03:24:12 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-04-30 03:24:12 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-04-30 03:24:11 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-04-30 03:24:10 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-04-30 03:23:58 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-04-30 02:21:59 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2011-04-30 02:21:59 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2011-04-30 02:21:57 23040 ----a-w- c:\windows\system32\ativmvxx.ax
2011-04-30 02:21:54 9728 ----a-w- c:\windows\system32\ativdaxx.ax
2011-04-30 01:41:58 -------- d-----w- c:\program files\SystemRequirementsLab
2011-04-22 07:26:43 -------- d-----w- c:\docume~1\dam\applic~1\Unity
2011-04-19 00:33:35 388096 ----a-r- c:\docume~1\dam\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-15 04:43:09 -------- d-----w- c:\windows\Drivers
2011-04-15 04:42:16 -------- d-----w- C:\swsetup
2011-04-15 04:37:00 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2011-04-15 04:36:55 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2011-04-15 04:36:55 213696 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-04-15 04:36:55 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-04-15 04:36:53 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2011-04-15 04:36:53 163840 ----a-w- c:\windows\system32\SynCOM.dll
2011-04-15 04:36:51 -------- d-----w- c:\program files\Synaptics
2011-04-11 17:14:12 -------- d-----w- c:\docume~1\dam\locals~1\applic~1\Sunbelt Software
2011-04-11 15:33:18 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-11 15:13:34 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2011-04-09 00:55:54 0 ----a-w- c:\windows\ativpsrm.bin
2011-03-29 07:07:44 0 ----a-w- c:\windows\Ezavoxokexaquv.bin
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 10:54:12.60 ===============

Attached are my DDS attach.txt, ark.txt, and defogger_disable.log files.

Thank you again for all your help. I'll await my next set of instructions.


-David

Attached Files


Edited by DAM091, 09 May 2011 - 11:40 AM.


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:06 PM

Posted 10 May 2011 - 12:45 AM

Hello DAM091 and welcome to BC. :)


1. Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



2. We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 DAM091

DAM091
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 10 May 2011 - 01:31 AM

Thanks for the quick response. Hopefully I get this in before you go to sleep :-)

I'll both copy/paste and attach all logs. If you want me to do otherwise, just let me know.

2011/05/10 02:13:08.0093 3048 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 02:13:08.0500 3048 ================================================================================
2011/05/10 02:13:08.0500 3048 SystemInfo:
2011/05/10 02:13:08.0500 3048
2011/05/10 02:13:08.0500 3048 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/10 02:13:08.0500 3048 Product type: Workstation
2011/05/10 02:13:08.0500 3048 ComputerName: DAM-NOTEBOOK
2011/05/10 02:13:08.0500 3048 UserName: DAM
2011/05/10 02:13:08.0500 3048 Windows directory: C:\WINDOWS
2011/05/10 02:13:08.0500 3048 System windows directory: C:\WINDOWS
2011/05/10 02:13:08.0500 3048 Processor architecture: Intel x86
2011/05/10 02:13:08.0500 3048 Number of processors: 1
2011/05/10 02:13:08.0500 3048 Page size: 0x1000
2011/05/10 02:13:08.0500 3048 Boot type: Normal boot
2011/05/10 02:13:08.0500 3048 ================================================================================
2011/05/10 02:13:09.0046 3048 Initialize success
2011/05/10 02:13:21.0718 1696 ================================================================================
2011/05/10 02:13:21.0718 1696 Scan started
2011/05/10 02:13:21.0718 1696 Mode: Manual;
2011/05/10 02:13:21.0718 1696 ================================================================================
2011/05/10 02:13:26.0015 1696 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 02:13:26.0812 1696 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/10 02:13:28.0453 1696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 02:13:29.0359 1696 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/10 02:13:30.0359 1696 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 02:13:33.0937 1696 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/05/10 02:13:37.0281 1696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 02:13:38.0140 1696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 02:13:43.0343 1696 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/10 02:13:44.0218 1696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 02:13:44.0953 1696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 02:13:47.0125 1696 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/10 02:13:47.0859 1696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 02:13:48.0656 1696 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/10 02:13:49.0359 1696 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/10 02:13:50.0156 1696 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/10 02:13:51.0937 1696 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/10 02:13:52.0796 1696 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/10 02:13:53.0562 1696 CAMCAUD (80eb55b615ed0f669a28a96fefd4603f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/05/10 02:13:54.0843 1696 CAMCHALA (ad1d8debdb1df8682e374e0cd1638c1b) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/05/10 02:13:56.0328 1696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 02:13:58.0859 1696 CBPSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\CBPSp50.sys
2011/05/10 02:14:00.0406 1696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 02:14:01.0218 1696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 02:14:02.0109 1696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 02:14:03.0984 1696 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/10 02:14:05.0812 1696 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/10 02:14:06.0640 1696 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/05/10 02:14:08.0953 1696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 02:14:10.0578 1696 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 02:14:11.0500 1696 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 02:14:12.0281 1696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 02:14:13.0015 1696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 02:14:14.0625 1696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 02:14:15.0500 1696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 02:14:16.0312 1696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/10 02:14:17.0250 1696 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 02:14:18.0078 1696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/10 02:14:18.0921 1696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/10 02:14:19.0796 1696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 02:14:20.0593 1696 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 02:14:21.0328 1696 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/10 02:14:22.0093 1696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 02:14:22.0906 1696 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/10 02:14:24.0265 1696 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/05/10 02:14:27.0343 1696 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/10 02:14:28.0750 1696 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
2011/05/10 02:14:31.0015 1696 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/10 02:14:32.0140 1696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 02:14:34.0656 1696 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/10 02:14:35.0468 1696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 02:14:38.0171 1696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/10 02:14:39.0234 1696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/10 02:14:40.0078 1696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 02:14:40.0937 1696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 02:14:41.0734 1696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 02:14:42.0625 1696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 02:14:43.0515 1696 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 02:14:44.0390 1696 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 02:14:45.0140 1696 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/10 02:14:46.0140 1696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 02:14:47.0000 1696 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
2011/05/10 02:14:48.0031 1696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 02:14:49.0578 1696 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/10 02:14:50.0390 1696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 02:14:51.0140 1696 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 02:14:51.0875 1696 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 02:14:52.0687 1696 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/10 02:14:53.0609 1696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 02:14:54.0562 1696 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/10 02:14:56.0375 1696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 02:14:57.0609 1696 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/10 02:14:58.0468 1696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 02:14:59.0312 1696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 02:15:00.0265 1696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 02:15:01.0046 1696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 02:15:01.0984 1696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 02:15:02.0953 1696 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 02:15:04.0000 1696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 02:15:04.0812 1696 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 02:15:05.0546 1696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 02:15:06.0421 1696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 02:15:07.0250 1696 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 02:15:08.0062 1696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/10 02:15:09.0000 1696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 02:15:09.0796 1696 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
2011/05/10 02:15:10.0562 1696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 02:15:11.0906 1696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 02:15:12.0671 1696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 02:15:13.0734 1696 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/05/10 02:15:14.0546 1696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 02:15:15.0265 1696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 02:15:16.0000 1696 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/10 02:15:16.0859 1696 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/10 02:15:17.0546 1696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 02:15:18.0359 1696 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 02:15:19.0093 1696 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/05/10 02:15:19.0875 1696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 02:15:21.0218 1696 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 02:15:21.0984 1696 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/10 02:15:22.0656 1696 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/05/10 02:15:27.0468 1696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 02:15:28.0203 1696 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/10 02:15:29.0046 1696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 02:15:29.0953 1696 PTDCBus (e304bf7307e3d8ac423982d14b141ec1) C:\WINDOWS\system32\DRIVERS\PTDCBus.sys
2011/05/10 02:15:30.0765 1696 PTDCMdm (a6b28d696ca8a421a4229b2b75330166) C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys
2011/05/10 02:15:31.0421 1696 PTDCVsp (7162c9029f3a60d945c52cc56c67487d) C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys
2011/05/10 02:15:32.0140 1696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 02:15:36.0125 1696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 02:15:36.0937 1696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 02:15:37.0718 1696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 02:15:38.0421 1696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 02:15:39.0390 1696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/10 02:15:40.0078 1696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 02:15:40.0984 1696 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/10 02:15:41.0875 1696 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 02:15:42.0625 1696 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 02:15:43.0421 1696 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/10 02:15:44.0250 1696 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/10 02:15:45.0000 1696 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/10 02:15:46.0109 1696 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/05/10 02:15:47.0000 1696 RTL8023xp (eacd871fdbe85393d112782896c2d7dd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/10 02:15:47.0703 1696 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/10 02:15:48.0531 1696 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/10 02:15:49.0328 1696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 02:15:50.0125 1696 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/10 02:15:50.0937 1696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/10 02:15:52.0937 1696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 02:15:53.0812 1696 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 02:15:54.0937 1696 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/10 02:15:55.0640 1696 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/10 02:15:56.0359 1696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 02:15:57.0156 1696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 02:15:57.0984 1696 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/05/10 02:16:01.0640 1696 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/10 02:16:02.0359 1696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 02:16:03.0515 1696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 02:16:04.0375 1696 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2011/05/10 02:16:05.0109 1696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 02:16:05.0828 1696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 02:16:06.0546 1696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 02:16:08.0046 1696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 02:16:09.0859 1696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 02:16:10.0609 1696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 02:16:11.0406 1696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 02:16:12.0171 1696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 02:16:12.0875 1696 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/10 02:16:13.0609 1696 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/10 02:16:14.0421 1696 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/10 02:16:15.0156 1696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 02:16:15.0875 1696 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/10 02:16:16.0640 1696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 02:16:17.0984 1696 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 02:16:18.0859 1696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 02:16:19.0656 1696 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/05/10 02:16:20.0906 1696 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/10 02:16:22.0406 1696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 02:16:23.0875 1696 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/10 02:16:24.0875 1696 wlluc48 (dca17912a1926ae427537648fc0e74d5) C:\WINDOWS\system32\DRIVERS\wlluc48.sys
2011/05/10 02:16:25.0593 1696 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/10 02:16:27.0109 1696 WPC300N (ee44fe4c6388eae2ec5749e2c5d781f2) C:\WINDOWS\system32\DRIVERS\WPC300N.SYS
2011/05/10 02:16:27.0937 1696 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/10 02:16:28.0781 1696 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/10 02:16:29.0640 1696 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/10 02:16:30.0250 1696 ================================================================================
2011/05/10 02:16:30.0250 1696 Scan finished
2011/05/10 02:16:30.0250 1696 ================================================================================




---------------------------------------------------------------------------




OTL logfile created on: 5/10/2011 2:17:40 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\DAM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 32.27 Gb Free Space | 57.75% Space Free | Partition Type: NTFS

Computer Name: DAM-NOTEBOOK | User Name: DAM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/10 02:17:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAM\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/10 02:17:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAM\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Nwsapagent)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Disabled | Stopped] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/05/26 17:49:36 | 000,120,064 | ---- | M] (SmithMicro Inc.) [Disabled | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2007/10/18 14:14:44 | 000,106,496 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\CBTWlanSrv.exe -- (CBTWlanSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/05/26 17:38:12 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/05/26 17:38:06 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/05/26 17:38:00 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/26 17:37:58 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/05/26 17:36:52 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/03/09 05:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/11/24 18:04:10 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/01/11 11:45:20 | 000,039,424 | R--- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCMdm.sys -- (PTDCMdm) PANTECH PC Card Drivers (UDP)
DRV - [2008/01/11 11:45:20 | 000,037,760 | R--- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCVsp.sys -- (PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP)
DRV - [2008/01/11 11:45:20 | 000,024,832 | R--- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCBus.sys -- (PTDCBus) PANTECH PC Card Composite Device Driver (UDP)
DRV - [2007/10/02 05:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/07/23 16:49:50 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPC300N.SYS -- (WPC300N)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CBPSp50.sys -- (CBPSp50)
DRV - [2005/08/23 08:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/23 08:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/23 08:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/04/20 18:46:42 | 000,350,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/04/20 18:45:48 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/08/03 23:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1004336348-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1004336348-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1004336348-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E}: C:\Documents and Settings\DAM\Local Settings\Application Data\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E} [2011/03/29 03:07:42 | 000,000,000 | ---D | M]


Hosts file not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-583907252-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1004336348-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DAM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DAM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/10 04:27:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13013010-207d-11df-956b-00c09faa7839}\Shell - "" = AutoRun
O33 - MountPoints2\{13013010-207d-11df-956b-00c09faa7839}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13013010-207d-11df-956b-00c09faa7839}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c5930178-1d89-11df-9567-00c09faa7839}\Shell - "" = AutoRun
O33 - MountPoints2\{c5930178-1d89-11df-9567-00c09faa7839}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5930178-1d89-11df-9567-00c09faa7839}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 02:17:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAM\Desktop\OTL.exe
[2011/05/10 02:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAM\Desktop\tdsskiller
[2011/05/03 22:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAM\My Documents\triforce-triforce-1283031238
[2011/05/03 22:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAM\Start Menu\Programs\KellySoftware
[2011/05/03 22:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\KellySoftware
[2011/05/01 11:39:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/30 17:51:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/29 23:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2011/04/29 23:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2011/04/29 22:21:59 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2011/04/29 22:21:59 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/04/29 22:21:57 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2011/04/29 22:21:57 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/04/29 22:21:54 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2011/04/29 22:21:54 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/04/29 21:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/04/29 15:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAM\Desktop\gmer
[2011/04/22 03:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAM\Application Data\Unity
[2011/04/18 20:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAM\Start Menu\Programs\HiJackThis
[2011/04/15 00:43:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2011/04/15 00:42:16 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/04/15 00:37:00 | 000,069,722 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2011/04/15 00:36:55 | 000,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2011/04/15 00:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/04/11 13:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAM\Local Settings\Application Data\Sunbelt Software
[2011/04/11 11:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/04/11 00:07:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DAM\Start Menu\Programs\Administrative Tools
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/10 02:17:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAM\Desktop\OTL.exe
[2011/05/10 02:11:40 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\DAM\Desktop\tdsskiller.zip
[2011/05/09 10:16:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/09 10:13:47 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 10:13:26 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 22:30:08 | 000,027,549 | ---- | M] () -- C:\Documents and Settings\DAM\My Documents\triforce-triforce-1283031238.zip
[2011/05/03 22:17:50 | 001,703,157 | ---- | M] () -- C:\Documents and Settings\DAM\My Documents\Matrix_ks.exe
[2011/05/03 19:27:30 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/04/29 22:15:49 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/04/29 15:14:48 | 000,293,176 | ---- | M] () -- C:\Documents and Settings\DAM\Desktop\gmer.zip
[2011/04/20 13:47:05 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\DAM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 13:04:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\DAM\Desktop\dds.scr
[2011/04/20 13:03:16 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\DAM\Desktop\Defogger.exe
[2011/04/18 20:43:52 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\DAM\Desktop\HiJackThis.lnk
[2011/04/15 11:59:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 11:31:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 01:38:07 | 000,445,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 01:38:06 | 000,072,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/11 11:15:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/11 10:38:30 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\DAM\Desktop\Internet Explorer .lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 02:11:32 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\DAM\Desktop\tdsskiller.zip
[2011/05/03 22:30:03 | 000,027,549 | ---- | C] () -- C:\Documents and Settings\DAM\My Documents\triforce-triforce-1283031238.zip
[2011/05/03 22:17:42 | 001,703,157 | ---- | C] () -- C:\Documents and Settings\DAM\My Documents\Matrix_ks.exe
[2011/04/30 11:11:17 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/04/29 23:23:58 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/04/29 22:15:30 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/04/29 15:14:35 | 000,293,176 | ---- | C] () -- C:\Documents and Settings\DAM\Desktop\gmer.zip
[2011/04/20 13:42:45 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\DAM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 13:04:03 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\DAM\Desktop\dds.scr
[2011/04/20 13:03:13 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\DAM\Desktop\Defogger.exe
[2011/04/18 20:33:31 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\DAM\Desktop\HiJackThis.lnk
[2011/04/11 11:14:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/04/08 20:55:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/04/01 11:31:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/29 03:07:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jnedanubililah.dat
[2011/03/29 03:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ezavoxokexaquv.bin
[2011/02/26 01:19:09 | 000,151,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/22 20:01:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/18 13:24:09 | 000,050,596 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/29 02:16:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/05/29 02:16:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/05/29 02:16:43 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/05/29 01:33:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\CBTWlanSrv.exe
[2010/05/29 01:32:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\RegActiveX.exe
[2010/05/28 19:43:27 | 000,001,094 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2010/03/23 22:41:53 | 000,023,108 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/03/23 22:33:27 | 000,077,347 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/03/17 17:40:13 | 000,012,717 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat
[2010/02/11 00:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 00:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/11/06 02:00:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2009/11/06 02:00:31 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2009/08/18 12:48:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\DAM\Application Data\$_hpcst$.hpc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/26 17:38:12 | 000,026,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/12/26 21:09:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/21 17:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,445,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/02/28 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/02/28 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/02/28 08:00:00 | 000,072,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/06/11 06:59:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/11/10 04:30:48 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/10 04:23:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/09 22:30:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/09 22:29:00 | 000,245,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


---------------------------------------------------------------------------


OTL Extras logfile created on: 5/10/2011 2:17:40 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\DAM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 32.27 Gb Free Space | 57.75% Space Free | Partition Type: NTFS

Computer Name: DAM-NOTEBOOK | User Name: DAM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02AC211F-0026-4D6D-A5D8-429F94C86181}" = Linksys Wireless-N Notebook Adapter - WPC300N
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3CC023A9-CE6C-44E5-BB0E-457F84F0B895}" = Sprint SmartView
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4CEB6253-7AB0-42D6-9A54-2725885ED642}" = WebSlingPlayer ActiveX
"{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"Machinarium" = Machinarium
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"Simple Sudoku_is1" = Simple Sudoku 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2011 9:12:24 PM | Computer Name = DAM-NOTEBOOK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8107.0, P3 timeout, P4 1.1.6702.0, P5 fixed, P6 1 _ 2048, P7 10 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/11/2011 11:14:39 AM | Computer Name = DAM-NOTEBOOK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/11/2011 11:15:00 AM | Computer Name = DAM-NOTEBOOK | Source = Microsoft Security Client | ID = 5000
Description =

Error - 4/11/2011 12:18:59 PM | Computer Name = DAM-NOTEBOOK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8107.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/11/2011 1:13:52 PM | Computer Name = DAM-NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/11/2011 2:49:05 PM | Computer Name = DAM-NOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application Ad-AwareAdmin.exe, version 9.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2011 2:49:05 PM | Computer Name = DAM-NOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application Ad-AwareAdmin.exe, version 9.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2011 2:49:17 PM | Computer Name = DAM-NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/15/2011 1:29:50 PM | Computer Name = DAM-NOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 11:55:44 PM | Computer Name = DAM-NOTEBOOK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x800705b4, P2 mpupdateengine, P3 am bdd,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8107.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 5/9/2011 10:16:16 AM | Computer Name = DAM-NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 5/9/2011 10:16:16 AM | Computer Name = DAM-NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The SAP Agent service terminated with the following error: %%126

Error - 5/9/2011 11:01:27 AM | Computer Name = DAM-NOTEBOOK | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 11:01:28 AM | Computer Name = DAM-NOTEBOOK | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 11:06:12 AM | Computer Name = DAM-NOTEBOOK | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 11:17:03 AM | Computer Name = DAM-NOTEBOOK | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 11:18:13 AM | Computer Name = DAM-NOTEBOOK | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 11:23:16 AM | Computer Name = DAM-NOTEBOOK | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 11:29:15 AM | Computer Name = DAM-NOTEBOOK | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/9/2011 11:29:32 AM | Computer Name = DAM-NOTEBOOK | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >



Thanks!

-David

Attached Files



#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:06 PM

Posted 10 May 2011 - 02:15 AM

Please do not attach logs unless instructed.


Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    FF - HKLM\software\mozilla\Firefox\extensions\\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E}: C:\Documents and Settings\DAM\Local Settings\Application Data\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E} [2011/03/29 03:07:42 | 000,000,000 | ---D | M]
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2011/03/29 03:07:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jnedanubililah.dat
    [2011/03/29 03:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ezavoxokexaquv.bin
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 DAM091

DAM091
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 10 May 2011 - 02:37 AM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E}\ not found.
C:\Documents and Settings\DAM\Local Settings\Application Data\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E}\chrome\content folder moved successfully.
C:\Documents and Settings\DAM\Local Settings\Application Data\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E}\chrome folder moved successfully.
C:\Documents and Settings\DAM\Local Settings\Application Data\{59BF11E6-2D6C-4FFC-A1FE-29B07760F93E} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\WINDOWS\Jnedanubililah.dat moved successfully.
C:\WINDOWS\Ezavoxokexaquv.bin moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\DAM\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\DAM\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11185586 bytes
->Flash cache emptied: 651 bytes

User: All Users

User: DAM
->Temp folder emptied: 39547183 bytes
->Temporary Internet Files folder emptied: 76889853 bytes
->Java cache emptied: 161043 bytes
->Flash cache emptied: 124235 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 62176451 bytes
->Flash cache emptied: 1588 bytes

User: NetworkService
->Temp folder emptied: 21381754 bytes
->Temporary Internet Files folder emptied: 123291398 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 55128 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 458790 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 80220280 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 339212097 bytes

Total Files Cleaned = 722.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05102011_031958

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\DAM\Local Settings\Temp\fla6.tmp not found!
File\Folder C:\Documents and Settings\DAM\Local Settings\Temp\fla7.tmp not found!
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\255585[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\333174[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\aclk[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\adsCAQMBBRV.htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\ads[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\clickenc=http___adclick.g.doubleclick[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\page__gopid__2241219[1].txt moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\sandbox[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\YCGBBBUA\sh41[1].html moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\X90RPFGY\120110509223819@x90[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\X90RPFGY\20110509223819[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\X90RPFGY\aptureLoadIframe[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\X90RPFGY\banner_top[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\X90RPFGY\search[4].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\X90RPFGY\topic394668[1].html moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\WIVXZDNG\11861597562@x23[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\WIVXZDNG\847[2].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\WIVXZDNG\881953[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\WIVXZDNG\96f5704a[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\WIVXZDNG\quantcast[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\WIVXZDNG\search[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\C5DC3N1Y\adsCA0119N3.htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\C5DC3N1Y\ads[2].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\C5DC3N1Y\banner_side[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\C5DC3N1Y\if[1].htm moved successfully.
C:\Documents and Settings\DAM\Local Settings\Temporary Internet Files\Content.IE5\C5DC3N1Y\redirect_v92_cim_11_8_0[2].html moved successfully.

Registry entries deleted on Reboot...

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:06 PM

Posted 10 May 2011 - 02:46 AM

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 DAM091

DAM091
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 10 May 2011 - 12:21 PM

After downloading Microsoft Windows Recovery Console, ComboFix was scanning (where it says it should take 10 minutes or less). I waited as long as I could, then went to sleep while it ran. When I got up, it was at the same screen. (I didn't click anywhere while ComboFix ran, as per instructions.) My system wasn't responding, so I had to force power down. Afterwards I ran ComboFix again, and it ran to completion.


ComboFix 11-05-09.03 - DAM 05/10/2011 12:38:36.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1510 [GMT -4:00]
Running from: c:\documents and settings\DAM\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DAM\Application Data\Adobe\plugs
c:\documents and settings\DAM\Application Data\Adobe\shed
c:\windows\system32\Install.txt
c:\windows\system32\tukdtjsr.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NWSAPAGENT
-------\Service_Nwsapagent
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-10 16:32 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AEB70EF2-2577-469D-8EA3-C9712883D70B}\mpengine.dll
2011-05-10 07:19 . 2011-05-10 07:19 -------- d-----w- C:\_OTL
2011-05-04 02:18 . 2011-05-04 02:18 -------- d-----w- c:\program files\KellySoftware
2011-05-01 15:39 . 2011-05-01 15:39 -------- d-----w- C:\found.000
2011-04-30 21:51 . 2011-04-30 21:53 -------- d-----w- c:\windows\system32\NtmsData
2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-04-30 03:24 . 2003-11-10 22:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-04-30 03:24 . 2003-11-10 22:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-04-30 03:24 . 2003-11-10 22:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-30 03:24 . 2003-11-10 22:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-30 03:24 . 2003-11-10 22:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-04-30 03:24 . 2011-04-30 03:24 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-04-30 03:24 . 2011-04-30 03:24 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-04-30 03:23 . 2010-02-11 01:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-04-30 02:21 . 2008-04-13 23:11 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2011-04-30 02:21 . 2008-04-13 23:11 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2011-04-30 02:21 . 2008-04-13 23:12 23040 ----a-w- c:\windows\system32\ativmvxx.ax
2011-04-30 02:21 . 2008-04-13 23:12 9728 ----a-w- c:\windows\system32\ativdaxx.ax
2011-04-30 01:41 . 2011-04-30 01:41 -------- d-----w- c:\program files\SystemRequirementsLab
2011-04-22 07:26 . 2011-04-22 07:26 -------- d-----w- c:\documents and settings\DAM\Application Data\Unity
2011-04-19 00:33 . 2011-04-19 00:33 388096 ----a-r- c:\documents and settings\DAM\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-15 15:30 . 2011-04-15 15:30 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2011-04-15 15:24 . 2011-04-15 15:24 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2011-04-15 04:43 . 2011-04-15 04:43 -------- d-----w- c:\windows\Drivers
2011-04-15 04:42 . 2011-04-30 01:16 -------- d-----w- C:\swsetup
2011-04-15 04:37 . 2004-11-04 22:39 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2011-04-15 04:36 . 2007-09-15 06:21 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-04-15 04:36 . 2007-09-15 06:09 213696 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-04-15 04:36 . 2004-11-04 22:42 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2011-04-15 04:36 . 2007-09-15 06:13 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2011-04-15 04:36 . 2007-09-15 06:13 163840 ----a-w- c:\windows\system32\SynCOM.dll
2011-04-15 04:36 . 2011-04-15 04:36 -------- d-----w- c:\program files\Synaptics
2011-04-11 17:14 . 2011-04-11 17:14 -------- d-----w- c:\documents and settings\DAM\Local Settings\Application Data\Sunbelt Software
2011-04-11 15:33 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-11 15:13 . 2011-04-11 15:14 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 08:24 . 2011-03-29 08:24 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-11 14:10 . 2006-02-28 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33 . 2004-11-10 08:23 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-20 05:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 17:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 03:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-09-15 06:27 1015808 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-11-04 22:40 98394 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"SprintRcAppSvc"=3 (0x3)
"SlingAgentService"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)
"CBTWlanSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/23/2005 8:06 AM 231424]
S1 MpKsl25b5ec75;MpKsl25b5ec75;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD0E9FD5-E778-4E70-9373-08B72108E4E6}\MpKsl25b5ec75.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD0E9FD5-E778-4E70-9373-08B72108E4E6}\MpKsl25b5ec75.sys [?]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys --> c:\windows\system32\Drivers\CBPMp50.sys [?]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [5/29/2010 1:33 AM 27072]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 WPC300N;Linksys Wireless Notebook Adapter WPC300N Driver;c:\windows\system32\drivers\WPC300N.SYS [5/29/2010 1:33 AM 822400]
S4 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [5/29/2010 1:33 AM 106496]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/24/2010 12:42 PM 136176]
S4 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [11/3/2010 7:19 PM 94024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 13:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(596)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-05-10 13:13:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-10 17:13
.
Pre-Run: 35,225,575,424 bytes free
Post-Run: 35,182,813,184 bytes free
.
- - End Of File - - 21F966FBDB9E239939ECDDBCDF59F43B

#10 DAM091

DAM091
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 10 May 2011 - 11:56 PM

Question: if I get any Microsoft updates during this process, do you want me to install them, or hold them for later?
There's a Malicious Software Removal Tool update, plus 2 Office '03 updates.

-David

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:06 PM

Posted 11 May 2011 - 07:48 AM

Please do not make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:06 PM

Posted 11 May 2011 - 08:06 AM

Please tell me how's the computer running after doing the online scan below.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 DAM091

DAM091
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 11 May 2011 - 03:54 PM

The scan didn't find anything. I'm still experiencing the same issues with audio and video.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=f9bfca89397a1848ad4178b079276887
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-11 08:43:16
# local_time=2011-05-11 04:43:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 3186606 3186606 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 42 87 0 16244635 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=47544
# found=0
# cleaned=0
# scan_time=10424


-David

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:06 PM

Posted 11 May 2011 - 05:23 PM

Please try the following:


1. Please check volume for errors.
  • To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.



2. Please go to this link -> http://www.bleepingcomputer.com/tutorials/the-importance-of-disk-defragmentation/ and follow the steps to perform a Disk Defragmentation.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 DAM091

DAM091
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 12 May 2011 - 03:22 PM

7 hour chkdsk, 6 hour defrag. Still nothing.

:-(

-David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users