Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infection steadily getting worse


  • This topic is locked This topic is locked
48 replies to this topic

#1 the_commercial

the_commercial

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:20 AM

Posted 23 May 2011 - 05:52 PM

Hey guys. I'm new here, and I didn't know where else to go. I've had the Google redirect virus for about two months, and now my laptop is also playing random sound clips. Also, each time I open Internet Explorer, it's telling me that I'm working offline and now I have to manually switch it to online when I want to use the internet. I have no idea what to do. Please help!!! Logs below:

-------------------------------------------------------------------------------------------------------------
***UPDATE!***
When I turned my computer on this morning, a blue screen came up that I've never seen before. It said:

A problem has been detected and Windows has been shut down to prevent damage to your computer

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable DIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F* to select Advanced Startup options, and then select Safe Mode.

Technical informations:

*** STOP: 0x00000050 (0xFB3EF000, 0x00000000, 0x8043ccB, 0x00000000)

Beginning dump of physical momory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.
------------------------------------------------------------------------------------------------------



.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Pete Mendoza at 12:03:41 on 2011-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.98 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\iTunes2\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\real\realplayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\program files\real\realplayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\program files\real\realplayer\RealPlay.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Pete Mendoza\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.3\dealioToolbarIE.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.3\dealioToolbarIE.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.3\dealioToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes2\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220677648125
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220724568515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = :\WINDOW
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pete mendoza\application data\mozilla\firefox\profiles\uddi70g3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da87b4c&i=23&tp=ab&nt=1&q=
FF - prefs.js: keyword.enabled - true
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pete mendoza\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\pete mendoza\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\itunes2\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\pete mendoza\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-6 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-6 107272]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-6 325128]
.
=============== Created Last 30 ================
.
2011-05-20 05:24:39 -------- dc-h--w- c:\windows\ie8
2011-05-20 05:01:15 66048 ----a-w- c:\windows\ieResetIcons.exe
2011-05-20 02:46:31 -------- d-----w- c:\documents and settings\pete mendoza\application data\Malwarebytes
2011-05-20 02:46:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 02:46:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-20 02:46:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-19 09:31:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-19 09:31:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-14 01:51:27 0 ----a-w- c:\windows\Kxikuwiviy.bin
2011-05-14 01:51:20 -------- d-----w- c:\documents and settings\pete mendoza\local settings\application data\{9980F341-B759-4E12-B172-5A81358A9786}
2011-05-13 06:45:40 1152 ----a-w- c:\windows\system32\windrv.sys
2011-04-30 04:14:12 -------- d--h--w- c:\documents and settings\all users\application data\McAfee Security Scan
2011-04-30 04:12:16 29544 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k(2)(3).sys
2011-03-03 06:55:19 149504 ----a-w- c:\windows\system32\dnsapi(2)(3).dll
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet(2)(4).dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06:29 1210880 ----a-w- c:\windows\system32\urlmon(2)(4).dll
2011-02-22 23:06:28 1991680 ----a-w- c:\windows\system32\iertutil(2)(2)(2).dll
2011-02-22 23:06:28 11080704 ----a-w- c:\windows\system32\ieframe(2)(2)(2).dll
2009-11-04 09:04:59 563880 ----a-w- c:\program files\ChromeSetup.exe
.
============= FINISH: 12:05:53.03 ===============

Attached Files


Edited by the_commercial, 24 May 2011 - 10:32 AM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:20 AM

Posted 24 May 2011 - 06:43 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Files
    c:\documents and settings\pete mendoza\local settings\application data\{9980F341-B759-4E12-B172-5A81358A9786}
    c:\windows\Kxikuwiviy.bin
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



What issues are you currently experiencing with your computer?

Edited by SweetTech, 24 May 2011 - 06:43 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 the_commercial

the_commercial
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:20 AM

Posted 25 May 2011 - 08:21 AM

Hey ST! Thanks a lot for your help. Rest assured, this is the first and only place that I have gone to for help. Obviously, you have the hardest job in this situation, so I'll do my best to make it as easy as possible for you. Below are the reports you asked for:

OTM

========== PROCESSES ==========
========== FILES ==========
c:\documents and settings\pete mendoza\local settings\application data\{9980F341-B759-4E12-B172-5A81358A9786}\chrome\content folder moved successfully.
c:\documents and settings\pete mendoza\local settings\application data\{9980F341-B759-4E12-B172-5A81358A9786}\chrome folder moved successfully.
c:\documents and settings\pete mendoza\local settings\application data\{9980F341-B759-4E12-B172-5A81358A9786} folder moved successfully.
c:\windows\Kxikuwiviy.bin moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Pete Mendoza\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Pete Mendoza\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Pete Mendoza\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Pete Mendoza\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.18.0 log created on 05252011_073923


TDSSKiller

2011/05/25 07:47:23.0498 3368 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 07:47:24.0229 3368 ================================================================================
2011/05/25 07:47:24.0229 3368 SystemInfo:
2011/05/25 07:47:24.0229 3368
2011/05/25 07:47:24.0229 3368 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/25 07:47:24.0229 3368 Product type: Workstation
2011/05/25 07:47:24.0229 3368 ComputerName: VAIO
2011/05/25 07:47:24.0229 3368 UserName: Pete Mendoza
2011/05/25 07:47:24.0229 3368 Windows directory: C:\WINDOWS
2011/05/25 07:47:24.0229 3368 System windows directory: C:\WINDOWS
2011/05/25 07:47:24.0229 3368 Processor architecture: Intel x86
2011/05/25 07:47:24.0229 3368 Number of processors: 1
2011/05/25 07:47:24.0229 3368 Page size: 0x1000
2011/05/25 07:47:24.0229 3368 Boot type: Normal boot
2011/05/25 07:47:24.0229 3368 ================================================================================
2011/05/25 07:47:30.0458 3368 Initialize success
2011/05/25 07:47:35.0325 2812 ================================================================================
2011/05/25 07:47:35.0325 2812 Scan started
2011/05/25 07:47:35.0325 2812 Mode: Manual;
2011/05/25 07:47:35.0325 2812 ================================================================================
2011/05/25 07:47:40.0623 2812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/25 07:47:41.0394 2812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/25 07:47:44.0038 2812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/25 07:47:45.0369 2812 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/25 07:47:46.0321 2812 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/05/25 07:47:47.0613 2812 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/05/25 07:47:48.0554 2812 ALCXWDM (69df8a0318d189f761dfe08b3ac27b85) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/25 07:47:49.0646 2812 aliadwdm (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys
2011/05/25 07:47:52.0530 2812 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/25 07:47:53.0281 2812 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/05/25 07:47:54.0292 2812 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/25 07:47:55.0534 2812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/25 07:47:56.0135 2812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/25 07:47:57.0267 2812 ati2mtag (128a19aa296b44a4b010f47c7b72efad) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/25 07:47:58.0388 2812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/25 07:47:59.0420 2812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/25 07:48:01.0423 2812 AvgLdx86 (96e8aa914dae8ab817de504a7e75b5a5) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/05/25 07:48:02.0314 2812 AvgMfx86 (97a381475f5215c22931841a174f8e8d) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/05/25 07:48:03.0405 2812 AvgTdiX (f35c173dfd596dd3140506b5670ecdf5) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/05/25 07:48:04.0297 2812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/25 07:48:04.0487 2812 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
2011/05/25 07:48:05.0318 2812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/25 07:48:06.0129 2812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/25 07:48:06.0229 2812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/25 07:48:07.0792 2812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/25 07:48:09.0684 2812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/25 07:48:09.0935 2812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/25 07:48:12.0599 2812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/25 07:48:13.0069 2812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/25 07:48:13.0850 2812 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/05/25 07:48:14.0321 2812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/25 07:48:14.0401 2812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/25 07:48:14.0732 2812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/25 07:48:15.0673 2812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/25 07:48:16.0354 2812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/25 07:48:16.0504 2812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/25 07:48:17.0135 2812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/25 07:48:17.0225 2812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/25 07:48:17.0305 2812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/25 07:48:18.0026 2812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/25 07:48:18.0167 2812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/25 07:48:18.0377 2812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/25 07:48:18.0918 2812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/25 07:48:19.0679 2812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/25 07:48:19.0919 2812 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/25 07:48:20.0700 2812 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/25 07:48:20.0881 2812 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/25 07:48:21.0391 2812 HSFHWALI (8a6a7ffcade357615b2a594ebb38c10b) C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys
2011/05/25 07:48:21.0612 2812 HSF_DP (718bf33cc26ccf1d3e3a15293c492027) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/25 07:48:22.0373 2812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/25 07:48:22.0583 2812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/25 07:48:23.0434 2812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/25 07:48:23.0725 2812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/25 07:48:24.0215 2812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/25 07:48:24.0426 2812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/25 07:48:24.0566 2812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/25 07:48:25.0087 2812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/25 07:48:25.0307 2812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/25 07:48:25.0447 2812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/25 07:48:26.0248 2812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/25 07:48:26.0358 2812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/25 07:48:26.0459 2812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/25 07:48:27.0290 2812 LEX_AS_NIC_SERVICE_YNOS (92829711e6ec9d5eaea613e5b6ae6982) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
2011/05/25 07:48:28.0001 2812 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/25 07:48:28.0201 2812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/25 07:48:29.0112 2812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/25 07:48:29.0853 2812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/25 07:48:29.0944 2812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/25 07:48:30.0905 2812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/25 07:48:34.0009 2812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/25 07:48:35.0972 2812 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/25 07:48:36.0803 2812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/25 07:48:36.0904 2812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/25 07:48:37.0655 2812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/25 07:48:37.0705 2812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/25 07:48:37.0795 2812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/25 07:48:38.0556 2812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/25 07:48:38.0666 2812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/25 07:48:39.0407 2812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/25 07:48:39.0457 2812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/25 07:48:39.0507 2812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/25 07:48:39.0597 2812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/25 07:48:40.0328 2812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/25 07:48:40.0409 2812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/25 07:48:41.0320 2812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/25 07:48:41.0911 2812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/25 07:48:42.0201 2812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/25 07:48:42.0982 2812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/25 07:48:43.0072 2812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/25 07:48:43.0112 2812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/25 07:48:43.0203 2812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/25 07:48:43.0964 2812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/25 07:48:44.0054 2812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/25 07:48:44.0434 2812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/25 07:48:44.0905 2812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/25 07:48:45.0356 2812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/25 07:48:46.0157 2812 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/05/25 07:48:46.0678 2812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/25 07:48:46.0978 2812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/25 07:48:47.0058 2812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/25 07:48:47.0339 2812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/25 07:48:47.0839 2812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/25 07:48:48.0120 2812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/25 07:48:48.0230 2812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/25 07:48:48.0751 2812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/25 07:48:49.0051 2812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/25 07:48:49.0562 2812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/25 07:48:49.0652 2812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/25 07:48:49.0922 2812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/25 07:48:50.0513 2812 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/25 07:48:51.0044 2812 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/25 07:48:51.0885 2812 RTL8023 (c061a5d2cc6486b4b6caccde26c9f481) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
2011/05/25 07:48:52.0015 2812 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/25 07:48:52.0716 2812 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/25 07:48:53.0447 2812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/25 07:48:53.0608 2812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/25 07:48:54.0379 2812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/25 07:48:54.0559 2812 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\DRIVERS\SonyNC.sys
2011/05/25 07:48:55.0380 2812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/25 07:48:55.0460 2812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/25 07:48:56.0291 2812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/25 07:48:56.0692 2812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/25 07:48:57.0173 2812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/25 07:48:57.0703 2812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/25 07:48:58.0104 2812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/25 07:48:58.0575 2812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/25 07:48:58.0945 2812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/25 07:48:59.0416 2812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/25 07:48:59.0977 2812 tifmsony (968fa2a57462fad77655388cd6c7f9b9) C:\WINDOWS\system32\drivers\tifmsony.sys
2011/05/25 07:49:00.0878 2812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/25 07:49:02.0100 2812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/25 07:49:02.0641 2812 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/25 07:49:02.0961 2812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/25 07:49:03.0472 2812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/25 07:49:03.0782 2812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/25 07:49:04.0243 2812 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/25 07:49:04.0403 2812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/25 07:49:04.0643 2812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/25 07:49:05.0174 2812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/25 07:49:05.0294 2812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/25 07:49:05.0545 2812 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 07:49:05.0545 2812 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/25 07:49:05.0565 2812 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/25 07:49:06.0246 2812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/25 07:49:06.0706 2812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/25 07:49:07.0137 2812 winachsf (ad693d4d84a6d0bf5d574cfa42d1aeda) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/25 07:49:07.0558 2812 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/25 07:49:08.0098 2812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/25 07:49:08.0419 2812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/25 07:49:08.0970 2812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/25 07:49:09.0090 2812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/25 07:49:09.0210 2812 ================================================================================
2011/05/25 07:49:09.0210 2812 Scan finished
2011/05/25 07:49:09.0210 2812 ================================================================================
2011/05/25 07:49:09.0250 2976 Detected object count: 1
2011/05/25 07:49:09.0250 2976 Actual detected object count: 1
2011/05/25 07:49:50.0469 2976 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 07:49:50.0469 2976 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/25 07:49:54.0265 2976 Backup copy found, using it..
2011/05/25 07:49:54.0505 2976 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/05/25 07:49:54.0505 2976 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/05/25 07:51:01.0832 0888 Deinitialize success


OTL.Txt

OTL logfile created on: 5/25/2011 8:00:13 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Pete Mendoza\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 81.57 Mb Available Physical Memory | 18.25% Memory free
1.03 Gb Paging File | 0.71 Gb Available in Paging File | 68.81% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 37.80 Gb Free Space | 67.65% Space Free | Partition Type: NTFS

Computer Name: VAIO | User Name: Pete Mendoza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 07:59:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTL.exe
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/12/13 18:16:18 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes2\iTunesHelper.exe
PRC - [2010/10/16 11:40:37 | 000,488,968 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2010/10/16 11:40:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/12 23:01:24 | 000,098,304 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKServ.exe
PRC - [2004/02/12 23:00:22 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKWnd.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 07:59:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SeaPort)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/03/09 20:45:27 | 000,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/03/09 20:45:22 | 000,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - [2009/03/09 20:45:36 | 000,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/03/09 20:45:36 | 000,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/03/09 20:45:32 | 000,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 17:32:22 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/27 21:39:58 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/23 16:36:42 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/03/04 12:51:20 | 000,064,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2004/03/02 19:11:20 | 000,379,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2003/12/11 23:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/11 11:50:54 | 000,196,736 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/12/11 11:48:46 | 000,681,344 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/12/11 11:47:10 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/07 10:28:34 | 000,067,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/09/29 13:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/04/23 15:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2000/12/05 16:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 5D E5 AB 98 2C CB 01 [binary data]
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4da87b4c&i=23&tp=ab&nt=1&q="
FF - prefs.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/04/19 21:06:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/16 11:44:15 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/19 20:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:12:16 | 000,000,000 | ---D | M]

[2010/07/25 23:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Extensions
[2011/04/19 21:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles\uddi70g3.default\extensions
[2010/07/26 00:04:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles\uddi70g3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/26 04:46:48 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles\uddi70g3.default\extensions\DefaultManager@Microsoft
[2010/07/23 22:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles(2)\4llhz1dy.default\extensions
[2010/07/23 22:29:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles(2)\4llhz1dy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/04/19 21:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 22:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/07 16:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 11:44:15 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/12/04 05:15:36 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\PETE MENDOZA\APPLICATION DATA\MOVE NETWORKS
[2011/04/19 21:00:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/04/19 21:00:22 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2008/12/29 05:54:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/25 07:39:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes2\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1614895754-813497703-1343024091-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220677648125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220724568515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/05 23:39:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 07:59:20 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTL.exe
[2011/05/25 07:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Desktop\tdsskiller
[2011/05/25 07:39:23 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/25 07:37:05 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTM.exe
[2011/05/24 10:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/23 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Desktop\gmer
[2011/05/23 12:03:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pete Mendoza\Start Menu\Programs\Administrative Tools
[2011/05/23 12:03:00 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Pete Mendoza\Desktop\dds.scr
[2011/05/20 00:24:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/20 00:01:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe
[2011/05/19 21:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Application Data\Malwarebytes
[2011/05/19 21:46:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/19 21:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/19 21:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/19 21:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/19 21:44:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pete Mendoza\Desktop\zztoy.exe
[2011/05/13 21:10:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Pete Mendoza\Recent
[2011/05/13 21:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Start Menu\Programs\Windows XP Recovery
[2011/05/05 15:20:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/04/29 23:14:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/04/29 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/11/04 04:30:57 | 000,306,319 | ---- | C] (Mozilla) -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\Firefox Setup 3.5.4.exe
[2009/11/04 04:17:19 | 000,563,880 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\ChromeSetup.exe
[2009/11/04 04:04:54 | 000,563,880 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[63 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Pete Mendoza\My Documents\*.tmp files -> C:\Documents and Settings\Pete Mendoza\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 07:59:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTL.exe
[2011/05/25 07:55:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-1343024091-1003.job
[2011/05/25 07:55:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-1343024091-1003.job
[2011/05/25 07:55:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 07:53:41 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/25 07:53:40 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 07:53:39 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/05/25 07:53:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 07:46:42 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\tdsskiller.zip
[2011/05/25 07:39:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/25 07:37:13 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTM.exe
[2011/05/24 14:53:11 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/23 12:09:34 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\gmer.zip
[2011/05/23 12:03:02 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Pete Mendoza\Desktop\dds.scr
[2011/05/23 11:59:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\defogger_reenable
[2011/05/23 11:58:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Defogger.exe
[2011/05/21 05:11:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/20 00:50:07 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 00:32:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/19 21:46:23 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 21:44:06 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pete Mendoza\Desktop\zztoy.exe
[2011/05/13 21:01:53 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Windows XP Recovery.lnk
[2011/05/13 21:01:51 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18276132
[2011/05/13 21:01:50 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18276132r
[2011/05/13 20:58:41 | 000,000,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18276132
[2011/05/13 20:51:27 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pgujiv.dat
[2011/05/13 01:45:40 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[63 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Pete Mendoza\My Documents\*.tmp files -> C:\Documents and Settings\Pete Mendoza\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 07:46:31 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\tdsskiller.zip
[2011/05/23 12:09:30 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\gmer.zip
[2011/05/23 11:59:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\defogger_reenable
[2011/05/23 11:58:43 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Defogger.exe
[2011/05/20 00:50:07 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/19 21:46:23 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 21:01:53 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Windows XP Recovery.lnk
[2011/05/13 21:01:50 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18276132r
[2011/05/13 21:01:49 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18276132
[2011/05/13 20:58:40 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18276132
[2011/05/13 20:51:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pgujiv.dat
[2011/05/13 01:45:40 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/04/19 19:51:40 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 19:51:40 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/15 21:00:55 | 000,001,478 | -HS- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\g5qx2tpcjud266lm840m1c7310fod030x1d
[2011/04/15 21:00:55 | 000,001,478 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\g5qx2tpcjud266lm840m1c7310fod030x1d
[2011/04/09 15:11:45 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\17948468
[2011/04/09 10:04:16 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948468r
[2011/04/09 10:04:16 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948468
[2010/07/24 16:43:26 | 000,081,575 | -H-- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\Add-ons disabled 11 28 06.pdf
[2010/05/17 18:05:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/05 17:42:41 | 000,157,462 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/01/05 17:42:40 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009/08/22 03:44:00 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\fusioncache.dat
[2009/08/21 15:22:22 | 000,000,856 | -H-- | C] () -- C:\Documents and Settings\Pete Mendoza\Application Data\flashplayer.xpt
[2009/08/21 15:22:21 | 003,771,296 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Application Data\NPSWF32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/12 05:19:09 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/01/15 05:54:34 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2009/01/15 05:54:34 | 000,029,258 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/09/06 12:18:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/06 02:15:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/09/06 02:14:27 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/09/06 02:14:27 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/09/06 02:14:11 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/09/06 02:14:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/09/06 02:14:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/09/06 02:14:06 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/09/06 01:25:05 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/06 00:03:57 | 000,131,072 | ---- | C] () -- C:\WINDOWS\CheckModels.exe
[2008/09/06 00:01:04 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2008/09/05 23:56:39 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/09/05 23:56:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/09/05 23:51:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/09/05 23:42:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/05 23:35:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/05 18:25:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/05 18:23:58 | 000,233,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,650,988 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,152,080 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/05 02:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9418F3

< End of report >


Extras.txt

OTL Extras logfile created on: 5/25/2011 8:00:13 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Pete Mendoza\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 81.57 Mb Available Physical Memory | 18.25% Memory free
1.03 Gb Paging File | 0.71 Gb Available in Paging File | 68.81% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 37.80 Gb Free Space | 67.65% Space Free | Partition Type: NTFS

Computer Name: VAIO | User Name: Pete Mendoza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes2\iTunes.exe" = C:\Program Files\iTunes2\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F79C52-E264-44ab-ABC2-7BEA2962C70D}" = 5500Trb
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}" = 5500_Help
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C23496-A105-4b6f-B8F0-22523DFE4E4E}" = 5500
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}" = Dealio Toolbar v4.3
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDBFDD5B-50E0-4021-94AF-516B80509ABE}" = 5500Tour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E22CBAAC-77B9-43CA-9E0C-6A1D7E4A2066}" = Free FLV Player
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AskSBar Uninstall" = Ask Toolbar
"AT&&T Yahoo! Messenger" = AT&T Yahoo! Messenger
"ATI Display Driver" = ATI Display Driver
"Boggle®" = Boggle®
"CamStudio" = CamStudio
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8175104D" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Freecorder_1.0" = Freecorder 2.3 (with Skype Call Recording)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Image Zone 3.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"Poker Tournament Manager_is1" = Poker Tournament Manager 4.0
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SoundTap" = SoundTap Streaming Audio Recorder
"Vuze" = Vuze
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-813497703-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2011 7:36:04 AM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12758

Error - 5/24/2011 3:23:56 AM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/24/2011 3:23:56 AM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10044

Error - 5/24/2011 3:23:56 AM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10044

Error - 5/24/2011 3:24:07 AM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/24/2011 3:24:07 AM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22282

Error - 5/24/2011 3:24:07 AM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22282

Error - 5/24/2011 4:16:30 PM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/24/2011 4:16:30 PM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10035

Error - 5/24/2011 4:16:30 PM | Computer Name = VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10035

[ System Events ]
Error - 5/25/2011 8:53:38 AM | Computer Name = VAIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 5/25/2011 8:53:54 AM | Computer Name = VAIO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 5/25/2011 8:53:54 AM | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 5/25/2011 8:53:54 AM | Computer Name = VAIO | Source = Service Control Manager | ID = 7024
Description = The AVG Free8 WatchDog service terminated with service-specific error
3758161981 (0xE001003D).

Error - 5/25/2011 8:53:54 AM | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = The SeaPort service failed to start due to the following error: %%3

Error - 5/25/2011 8:53:56 AM | Computer Name = VAIO | Source = Service Control Manager | ID = 7001
Description = The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog
service which failed to start because of the following error: %%1066

Error - 5/25/2011 8:55:23 AM | Computer Name = VAIO | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/25/2011 8:55:23 AM | Computer Name = VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 5/25/2011 8:55:23 AM | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service SeaPort with arguments
"-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 5/25/2011 8:55:24 AM | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = The SeaPort service failed to start due to the following error: %%3


< End of report >



What issues are you currently experiencing with your computer?

The redirect seems to have gone away at least for now (after the TDSSKiller reboot), but the computer seems really slow. I'm not sure if the random audio is still occurring, as I've kept my speakers off for the last few days, but I'll let you know if I hear anything. Also, a lot of my icons appear to be faded out and transparent. That's been going on since the redirect virus started. Thanks again, ST.

Oh, and I get a bubble telling me that my computer may be at risk because I have no firewall turned on. But when I check the firewall, it says it's enabled. What's that about? Plus sometimes when I'm on the internet, it'll give me a message telling me that my computer is infected and that it needs to run a scan. I always close out of it; I know it's not real.

Edited by the_commercial, 25 May 2011 - 10:17 AM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:20 AM

Posted 25 May 2011 - 11:36 AM

Hi!

Also, a lot of my icons appear to be faded out and transparent. That's been going on since the redirect virus started.

We'll address this a little later in this post.

Oh, and I get a bubble telling me that my computer may be at risk because I have no firewall turned on. But when I check the firewall, it says it's enabled. What's that about? Plus sometimes when I'm on the internet, it'll give me a message telling me that my computer is infected and that it needs to run a scan. I always close out of it; I know it's not real.

You still have some malicious files on your computer. We'll address them shortly.

Hey ST! Thanks a lot for your help. Rest assured, this is the first and only place that I have gone to for help. Obviously, you have the hardest job in this situation, so I'll do my best to make it as easy as possible for you. Below are the reports you asked for:

You're Welcome!

The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/05/25 07:49:09.0250 2976 Detected object count: 1
2011/05/25 07:49:09.0250 2976 Actual detected object count: 1
2011/05/25 07:49:50.0469 2976 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 07:49:50.0469 2976 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/25 07:49:54.0265 2976 Backup copy found, using it..
2011/05/25 07:49:54.0505 2976 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/05/25 07:49:54.0505 2976 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/05/25 07:51:01.0832 0888 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (SeaPort)
    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    IE - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1614895754-813497703-1343024091-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [DXDllRegExe] File not found
    O4 - HKLM..\Run: [Mouse Suite 98 Daemon] File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    [2011/05/13 21:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Start Menu\Programs\Windows XP Recovery
    [2011/05/13 21:01:53 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Windows XP Recovery.lnk
    [2011/05/13 21:01:51 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18276132
    [2011/05/13 21:01:50 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18276132r
    [2011/05/13 20:58:41 | 000,000,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18276132
    [2011/05/13 20:51:27 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pgujiv.dat
    [2011/05/13 21:01:53 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Windows XP Recovery.lnk
    [2011/05/13 21:01:50 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18276132r
    [2011/05/13 21:01:49 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18276132
    [2011/05/13 20:58:40 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18276132
    [2011/05/13 20:51:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pgujiv.dat
    [2011/04/19 19:51:40 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 19:51:40 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/15 21:00:55 | 000,001,478 | -HS- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\g5qx2tpcjud266lm840m1c7310fod030x1d
    [2011/04/15 21:00:55 | 000,001,478 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\g5qx2tpcjud266lm840m1c7310fod030x1d
    [2011/04/09 15:11:45 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\17948468
    [2011/04/09 10:04:16 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948468r
    [2011/04/09 10:04:16 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17948468
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 the_commercial

the_commercial
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:20 AM

Posted 25 May 2011 - 02:19 PM

Okay, the OTL and the MBAM logs are below. Whatever you're doing seems to be helping and my hidden files are visible now, so thanks again.

What issues are you currently experiencing with your computer?

First of all, I haven't had a problem with the redirect virus or the random audio at all today... which is a first in a very long time.

I don't know if these minor things are related to the virus, but the only issues I'm having now are: 1) My laptop is "breathing" a lot and getting really hot really quickly now; and 2) I'm getting a lot of hour glasses on my mouse icon even when a program isn't running. But other than that, things are looking a lot better. Logs below:

OTL

========== SERVICES/DRIVERS ==========
========== OTL ==========
Service SeaPort stopped successfully!
Service SeaPort deleted successfully!
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
Registry value HKEY_USERS\S-1-5-21-1614895754-813497703-1343024091-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1614895754-813497703-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mouse Suite 98 Daemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Pete Mendoza\Start Menu\Programs\Windows XP Recovery folder moved successfully.
C:\Documents and Settings\Pete Mendoza\Desktop\Windows XP Recovery.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\~18276132 moved successfully.
C:\Documents and Settings\All Users\Application Data\~18276132r moved successfully.
C:\Documents and Settings\All Users\Application Data\18276132 moved successfully.
C:\WINDOWS\Pgujiv.dat moved successfully.
File C:\Documents and Settings\Pete Mendoza\Desktop\Windows XP Recovery.lnk not found.
File C:\Documents and Settings\All Users\Application Data\~18276132r not found.
File C:\Documents and Settings\All Users\Application Data\~18276132 not found.
File C:\Documents and Settings\All Users\Application Data\18276132 not found.
File C:\WINDOWS\Pgujiv.dat not found.
C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l moved successfully.
C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l moved successfully.
C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\g5qx2tpcjud266lm840m1c7310fod030x1d moved successfully.
C:\Documents and Settings\All Users\Application Data\g5qx2tpcjud266lm840m1c7310fod030x1d moved successfully.
C:\Documents and Settings\All Users\Application Data\17948468 moved successfully.
C:\Documents and Settings\All Users\Application Data\~17948468r moved successfully.
C:\Documents and Settings\All Users\Application Data\~17948468 moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Pete Mendoza\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Pete Mendoza\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 05252011_135259


MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6676

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2011 2:17:29 PM
mbam-log-2011-05-25 (14-17-29).txt

Scan type: Quick scan
Objects scanned: 151727
Time elapsed: 15 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\pete mendoza\local settings\temporary internet files\Content.IE5\O5C5V8LF\installsecuritycenter_717[1].exe (Rogue.SecurityCenter.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\pete mendoza\local settings\Temp\0.3684691184239519.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Edited by the_commercial, 25 May 2011 - 02:33 PM.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:20 AM

Posted 25 May 2011 - 02:36 PM

Okay.

Lets see where we are after these scans:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 the_commercial

the_commercial
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:20 AM

Posted 25 May 2011 - 03:45 PM

Before I do that, I think I should ask you (brace yourself, this is gonna sound dumb) if I even have any anti-virus programs. I see an AVG Free 8.0 icon on my desktop, but there's no AVG on my list of programs. And when I click on the icon, nothing happens. I think it's been removed.

If that's the case, should I download another version? Or I should ask, which anti-virus program do you recommend? You know... so all this chaos doesn't happen again.

I'll wait patiently for your reply before I do the ESET Online scan. Thank you.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:20 AM

Posted 25 May 2011 - 03:47 PM

If that's the case, should I download another version? Or I should ask, which anti-virus program do you recommend? You know... so all this chaos doesn't happen again.

I can recommend some good free Anti-Virus programs a little later, after you've run the ESET and SecurityCheck scans.

Edited by SweetTech, 25 May 2011 - 03:48 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 the_commercial

the_commercial
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:20 AM

Posted 25 May 2011 - 06:06 PM

Okay, here we go:

Security Check

Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 21
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Mozilla Firefox (3.6.8) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



ESETScan

C:\Documents and Settings\Pete Mendoza\Application Data\Adobe\plugs\mmc69926458.txt a variant of Win32/Kryptik.NTK trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\0\6685d300-26c6e3fd Java/Exploit.CVE-2010-4452.A trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\0\6804d000-413db1bf a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\10\5b43c10a-6191a70d multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\14\bcf490e-10a27cae a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\17\6486e391-4a062690 multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\17\7011a911-12ee6a37 a variant of Win32/Kryptik.NRY trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\20\331f3bd4-2746c248 multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\20\71921e54-7891127c multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\22\10dec256-27968c4f multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\22\3d5c0556-529002e0 a variant of Java/TrojanDownloader.Agent.NAA trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\24\394dca98-3260a472 multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\26\42df029a-3abf0aed multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\28\5451b59c-3d39f112 a variant of Java/Agent.BR trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\29\6b2b9ddd-37b72412 multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\32\4697cd20-179d37dc a variant of Java/Exploit.Agent.NAC trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\32\56ffd960-2e80690c multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\4\1b20c84-5132dc3b multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\46\32dcefee-5fff364d probably a variant of Win32/Agent.RPSVWU trojan
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\53\66f20c75-131204c0 multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\54\50cce1b6-616e8e45 multiple threats
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-6b07bfd9 multiple threats
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\bmg.exe multiple threats
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster(2).exe a variant of Win32/RegistryBooster application
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster(3).exe a variant of Win32/RegistryBooster application
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\Setup_FreeFlvConverterN.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\stsetupcnetst.exe probably a variant of Win32/Agent.BXUMFRS trojan
C:\Documents and Settings\Pete Mendoza\My Documents\My Music\iTunes\iTunes Music\the thumbprint killer.wma probably a variant of Win32/Agent.CFDFCZI trojan
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application
C:\WINDOWS\uhaveleriwesozo.dll a variant of Win32/Kryptik.OAB trojan
Operating memory a variant of Win32/Adware.Toolbar.Dealio application

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:20 AM

Posted 26 May 2011 - 10:09 AM

Hi!

These threats below are being detected because they contain adware components to them.

C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\Setup_FreeFlvConverterN.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\stsetupcnetst.exe probably a variant of Win32/Agent.BXUMFRS trojan
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application



Please run the AVG Removal tool:

AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.


NEXT:



No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network.
Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors
  • Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
  • avast! 6 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform.
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 3.6.17.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting Posted Image.

Please make sure that you Posted Image again after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\Pete Mendoza\Application Data\Adobe\plugs\
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\0\6685d300-26c6e3fd
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\0\6804d000-413db1bf
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\10\5b43c10a-6191a70d
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\14\bcf490e-10a27cae
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\17\6486e391-4a062690
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\17\7011a911-12ee6a37
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\20\331f3bd4-2746c248
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\20\71921e54-7891127c
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\22\10dec256-27968c4f
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\22\3d5c0556-529002e0
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\24\394dca98-3260a472
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\26\42df029a-3abf0aed
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\28\5451b59c-3d39f112
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\29\6b2b9ddd-37b72412
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\32\4697cd20-179d37dc
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\32\56ffd960-2e80690c
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\4\1b20c84-5132dc3b
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\46\32dcefee-5fff364d
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\53\66f20c75-131204c0
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\54\50cce1b6-616e8e45
    C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-6b07bfd9
    C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\bmg.exe
    C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster(2).exe
    C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster(3).exe
    C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster.exe
    C:\Documents and Settings\Pete Mendoza\My Documents\My Music\iTunes\iTunes Music\the thumbprint killer.wma
    C:\WINDOWS\uhaveleriwesozo.dll
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 the_commercial

the_commercial
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:20 AM

Posted 27 May 2011 - 11:27 AM

Hey ST...

About the outdated Firefox, I can't even open Firefox. It's weird. It shows up on my programs list, but it refuses to open. I only use IE anyway, but yeah I'm more than willing to part ways with Firefox.

During the first OTL scan, the computer oddly rebooted DURING the scan, and then the log was suddenly there when the screen booted up. The second OTL scan went scott free.

What outstanding issues (if any) are you still experiencing with your computer?

1) Unfortunately, I was redireted from my Google searches a couple of times today. Once after clicking a link to Facebook, and once after clickng a link to YouTube. Both times I was sent to a bogus "Congratulations" page claming that I'd won something.
2) I ended up downloading the Avira anti-virus, and twice it has prompted me that it found a rootkit file and asked me if I wanted it removed. I clicked remove both times. Is that okay?
3) This is probably unrelated (and you can ignore this if it's a waste of your time), but I've had a small problem for a long time that I failed to mention to you before. For several months, EVERY TIME my computer boots, I get this message:
Posted Image

It keeps popping up, and I don't know what it is. That's all. Logs below:




First OTL Log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Pete Mendoza\Application Data\Adobe\plugs folder moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\0\6685d300-26c6e3fd moved successfully.
File\Folder C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\0\6804d000-413db1bf not found.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\10\5b43c10a-6191a70d moved successfully.
File\Folder C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\14\bcf490e-10a27cae not found.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\17\6486e391-4a062690 moved successfully.
File\Folder C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\17\7011a911-12ee6a37 not found.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\20\331f3bd4-2746c248 moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\20\71921e54-7891127c moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\22\10dec256-27968c4f moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\22\3d5c0556-529002e0 moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\24\394dca98-3260a472 moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\26\42df029a-3abf0aed moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\28\5451b59c-3d39f112 moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\29\6b2b9ddd-37b72412 moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\32\4697cd20-179d37dc moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\32\56ffd960-2e80690c moved successfully.
File\Folder C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\4\1b20c84-5132dc3b not found.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\46\32dcefee-5fff364d moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\53\66f20c75-131204c0 moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\54\50cce1b6-616e8e45 moved successfully.
C:\Documents and Settings\Pete Mendoza\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-6b07bfd9 moved successfully.
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\bmg.exe moved successfully.
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster(2).exe moved successfully.
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster(3).exe moved successfully.
C:\Documents and Settings\Pete Mendoza\My Documents\Downloads\registrybooster.exe moved successfully.
C:\Documents and Settings\Pete Mendoza\My Documents\My Music\iTunes\iTunes Music\the thumbprint killer.wma moved successfully.
C:\WINDOWS\uhaveleriwesozo.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Pete Mendoza\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Pete Mendoza\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 69612 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 69612 bytes
->Temporary Internet Files folder emptied: 1455523 bytes

User: Pete Mendoza
->Temp folder emptied: 107531138 bytes
->Temporary Internet Files folder emptied: 31759273 bytes
->Java cache emptied: 68749470 bytes
->FireFox cache emptied: 35764989 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 12851182 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 11722225 bytes
%systemroot%\System32\dllcache .tmp files removed: 9508864 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3815937 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 168279362 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 18681018 bytes

Total Files Cleaned = 451.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Pete Mendoza
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05272011_104329

Files\Folders moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Documents and Settings\Pete Mendoza\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
File\Folder C:\Documents and Settings\Pete Mendoza\Local Settings\Temporary Internet Files\Content.IE5\RIRS1KQ3\page__p__2260662__fromsearch__1[1].htm not found!
C:\Documents and Settings\Pete Mendoza\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Second OTL Log

OTL logfile created on: 5/27/2011 10:59:03 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Pete Mendoza\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 213.74 Mb Available Physical Memory | 47.82% Memory free
1.03 Gb Paging File | 0.72 Gb Available in Paging File | 70.09% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 37.76 Gb Free Space | 67.56% Space Free | Partition Type: NTFS

Computer Name: VAIO | User Name: Pete Mendoza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 07:59:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTL.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/12/13 18:16:18 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes2\iTunesHelper.exe
PRC - [2010/10/16 11:40:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/12 23:01:24 | 000,098,304 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKServ.exe
PRC - [2004/02/12 23:00:22 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKWnd.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 07:59:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTL.exe
MOD - [2011/02/08 08:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/10/17 21:06:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\Sony Utilities\KeyHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 17:32:22 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/27 21:39:58 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/23 16:36:42 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/03/04 12:51:20 | 000,064,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2004/03/02 19:11:20 | 000,379,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2003/12/11 23:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/11 11:50:54 | 000,196,736 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/12/11 11:48:46 | 000,681,344 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/12/11 11:47:10 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/07 10:28:34 | 000,067,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/09/29 13:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/04/23 15:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2000/12/05 16:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 5D E5 AB 98 2C CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4da87b4c&i=23&tp=ab&nt=1&q="
FF - prefs.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/04/19 21:06:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/16 11:44:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/19 20:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:12:16 | 000,000,000 | ---D | M]

[2010/07/25 23:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Extensions
[2011/04/19 21:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles\uddi70g3.default\extensions
[2010/07/26 00:04:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles\uddi70g3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/26 04:46:48 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles\uddi70g3.default\extensions\DefaultManager@Microsoft
[2010/07/23 22:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles(2)\4llhz1dy.default\extensions
[2010/07/23 22:29:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pete Mendoza\Application Data\Mozilla\Firefox\Profiles(2)\4llhz1dy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/05/27 10:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 22:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/27 10:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/10/16 11:44:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/12/04 05:15:36 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\PETE MENDOZA\APPLICATION DATA\MOVE NETWORKS
[2011/04/19 21:00:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/04/19 21:00:22 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2011/05/27 10:13:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/27 10:13:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/27 10:43:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes2\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220677648125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220724568515 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/05 23:39:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/27 10:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/27 09:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/27 09:21:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/27 09:21:57 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/27 09:21:57 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/27 09:21:57 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/27 09:21:57 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/27 09:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/27 09:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/27 08:46:31 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Pete Mendoza\Desktop\avgremover.exe
[2011/05/25 16:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/25 13:52:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/25 07:59:20 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTL.exe
[2011/05/25 07:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Desktop\tdsskiller
[2011/05/25 07:39:23 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/25 07:37:05 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTM.exe
[2011/05/24 10:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/23 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Desktop\gmer
[2011/05/23 12:03:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pete Mendoza\Start Menu\Programs\Administrative Tools
[2011/05/23 12:03:00 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Pete Mendoza\Desktop\dds.scr
[2011/05/20 00:24:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2011/05/19 21:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Application Data\Malwarebytes
[2011/05/19 21:46:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/19 21:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/19 21:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/19 21:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/19 21:44:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pete Mendoza\Desktop\zztoy.exe
[2011/05/13 21:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete Mendoza\Recent
[2011/05/05 15:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/04/29 23:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/04/29 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/11/04 04:30:57 | 000,306,319 | ---- | C] (Mozilla) -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\Firefox Setup 3.5.4.exe
[2009/11/04 04:17:19 | 000,563,880 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\ChromeSetup.exe
[2009/11/04 04:04:54 | 000,563,880 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[1 C:\Documents and Settings\Pete Mendoza\My Documents\*.tmp files -> C:\Documents and Settings\Pete Mendoza\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/27 10:53:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/27 10:50:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-1343024091-1003.job
[2011/05/27 10:50:55 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-813497703-1343024091-1003.job
[2011/05/27 10:50:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 10:48:44 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/27 10:48:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/27 10:48:43 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/05/27 10:48:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/27 10:43:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/27 09:22:27 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/27 09:19:05 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Avira Anti-Virus.exe
[2011/05/27 08:46:31 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Pete Mendoza\Desktop\avgremover.exe
[2011/05/25 18:02:17 | 000,879,035 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\SecurityCheck.exe
[2011/05/25 13:29:58 | 000,606,104 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\unhide.exe
[2011/05/25 07:59:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTL.exe
[2011/05/25 07:46:42 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\tdsskiller.zip
[2011/05/25 07:37:13 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete Mendoza\Desktop\OTM.exe
[2011/05/23 12:09:34 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\gmer.zip
[2011/05/23 12:03:02 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Pete Mendoza\Desktop\dds.scr
[2011/05/23 11:59:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\defogger_reenable
[2011/05/23 11:58:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Defogger.exe
[2011/05/21 05:11:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/20 00:50:07 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Pete Mendoza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 00:32:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/19 21:46:23 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 21:44:06 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pete Mendoza\Desktop\zztoy.exe
[2011/05/13 01:45:40 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2011/05/05 15:20:14 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[1 C:\Documents and Settings\Pete Mendoza\My Documents\*.tmp files -> C:\Documents and Settings\Pete Mendoza\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/27 10:08:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-813497703-1343024091-1003.job
[2011/05/27 09:22:27 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/27 09:18:57 | 052,676,424 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Avira Anti-Virus.exe
[2011/05/25 18:02:15 | 000,879,035 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\SecurityCheck.exe
[2011/05/25 13:47:40 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/25 13:47:40 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/25 13:47:39 | 000,001,970 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/05/25 13:47:39 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/05/25 13:47:39 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2011/05/25 13:47:39 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/05/25 13:47:39 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/25 13:47:39 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/25 13:47:39 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/25 13:47:39 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/05/25 13:47:39 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2011/05/25 13:47:39 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2011/05/25 13:29:56 | 000,606,104 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\unhide.exe
[2011/05/25 07:46:31 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\tdsskiller.zip
[2011/05/23 12:09:30 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\gmer.zip
[2011/05/23 11:59:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\defogger_reenable
[2011/05/23 11:58:43 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Desktop\Defogger.exe
[2011/05/20 00:50:07 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/19 21:46:23 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 01:45:40 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2010/07/24 16:43:26 | 000,081,575 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\Add-ons disabled 11 28 06.pdf
[2010/05/17 18:05:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/05 17:42:41 | 000,157,462 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/01/05 17:42:40 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009/08/22 03:44:00 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\fusioncache.dat
[2009/08/21 15:22:22 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Application Data\flashplayer.xpt
[2009/08/21 15:22:21 | 003,771,296 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Application Data\NPSWF32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/12 05:19:09 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/01/15 05:54:34 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2009/01/15 05:54:34 | 000,029,258 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/09/06 12:18:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/06 02:15:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/09/06 02:14:27 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/09/06 02:14:27 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/09/06 02:14:11 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/09/06 02:14:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/09/06 02:14:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/09/06 02:14:06 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/09/06 01:25:05 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Pete Mendoza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/06 00:03:57 | 000,131,072 | ---- | C] () -- C:\WINDOWS\CheckModels.exe
[2008/09/06 00:01:04 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2008/09/05 23:56:39 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/09/05 23:56:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/09/05 23:51:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/09/05 23:42:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/05 23:35:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/05 18:25:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/05 18:23:58 | 000,233,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,650,988 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,152,080 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/03 17:58:30 | 000,061,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\nic1394.sys
[2004/01/05 02:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/19 20:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/09/06 02:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/04/15 12:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/19 20:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/09 19:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/16 06:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/06 04:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/02 00:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/15 10:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\Azureus
[2010/01/15 21:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\Dealio
[2010/09/24 17:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\DriverCure
[2009/11/16 07:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\FreeFLVConverter
[2009/08/25 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\iWin
[2009/11/17 23:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\LimeWire
[2009/09/25 21:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\NCH Swift Sound
[2010/09/24 17:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\ParetoLogic
[2011/04/19 21:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\Search Settings
[2011/04/13 14:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\Search Settings(2)
[2010/07/23 18:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\Uniblue
[2008/09/06 14:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\Windows Desktop Search
[2008/12/11 20:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete Mendoza\Application Data\Windows Search
[2011/05/27 10:48:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/05/27 10:48:43 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/07/22 21:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/07/22 21:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/07/22 21:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/07/22 21:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/07/22 21:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/07/22 21:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-20 08:03:39

< >

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9418F3

< End of report >

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:20 AM

Posted 27 May 2011 - 12:41 PM

Hi!

About the outdated Firefox, I can't even open Firefox. It's weird. It shows up on my programs list, but it refuses to open. I only use IE anyway, but yeah I'm more than willing to part ways with Firefox.

Have you tried to uninstall Firefox and then re-install it?

2) I ended up downloading the Avira anti-virus, and twice it has prompted me that it found a rootkit file and asked me if I wanted it removed. I clicked remove both times. Is that okay?

Yes, that's okay. What did it detect?

3) This is probably unrelated (and you can ignore this if it's a waste of your time), but I've had a small problem for a long time that I failed to mention to you before. For several months, EVERY TIME my computer boots, I get this message:

ApplySyncNotifier.exe is related to one of Apple's utilities.

I'll try removing the start-up entry and see if that stops the message from appearing on reboot.


NEXT


VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Browse button and search for the following file: C:\WINDOWS\System32\windrv.sys
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4da87b4c&i=23&tp=ab&nt=1&q="
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    [2011/05/27 08:46:31 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Pete Mendoza\Desktop\avgremover.exe
    [2011/04/19 20:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 the_commercial

the_commercial
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:20 AM

Posted 27 May 2011 - 01:02 PM

Two things:

1) How do I post the results from VirusTotal? It's not giving me a notepad log.
2) Do I need to re-download TDSSKiller, or can I use the one we already downloaded?

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:20 AM

Posted 27 May 2011 - 01:14 PM

1) How do I post the results from VirusTotal? It's not giving me a notepad log.

On the VirusTotal page, press Ctrl+A followed by Ctrl+C. This should place the contents of the webpage in your clipboard.

Please come back here and Ctrl+P (Right Click - Paste) the results in a new reply.

2) Do I need to re-download TDSSKiller, or can I use the one we already downloaded?

Yes, it's recently been updated.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 the_commercial

the_commercial
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:20 AM

Posted 27 May 2011 - 01:53 PM

I'm sending the VirusTotal report first, just in case I have to reboot again. I'll send the rest in my next reply:




VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼

VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT CommunitySafety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email
password
Keep me logged in
Sign in Signing in, please wait...
Login failed, please try again
Forgot your password? Create an account

Edit my profile
View my profile
Inbox

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: windrv.sys
Submission date: 2011-05-27 18:39:08 (UTC)
Current status: queued (#32) queued (#32) analysing finished


Result: 0/ 42 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.05.27.01 2011.05.27 -
AntiVir 7.11.8.160 2011.05.27 -
Antiy-AVL 2.0.3.7 2011.05.27 -
Avast 4.8.1351.0 2011.05.27 -
Avast5 5.0.677.0 2011.05.27 -
AVG 10.0.0.1190 2011.05.27 -
BitDefender 7.2 2011.05.27 -
CAT-QuickHeal 11.00 2011.05.27 -
ClamAV 0.97.0.0 2011.05.27 -
Commtouch 5.3.2.6 2011.05.27 -
Comodo 8857 2011.05.27 -
DrWeb 5.0.2.03300 2011.05.27 -
eSafe 7.0.17.0 2011.05.26 -
eTrust-Vet 36.1.8353 2011.05.27 -
F-Prot 4.6.2.117 2011.05.27 -
F-Secure 9.0.16440.0 2011.05.27 -
Fortinet 4.2.257.0 2011.05.27 -
GData 22 2011.05.27 -
Ikarus T3.1.1.104.0 2011.05.27 -
Jiangmin 13.0.900 2011.05.27 -
K7AntiVirus 9.104.4730 2011.05.27 -
Kaspersky 9.0.0.837 2011.05.27 -
McAfee 5.400.0.1158 2011.05.27 -
McAfee-GW-Edition 2010.1D 2011.05.27 -
Microsoft 1.6903 2011.05.27 -
NOD32 6159 2011.05.27 -
Norman 6.07.07 2011.05.26 -
nProtect 2011-05-27.01 2011.05.27 -
Panda 10.0.3.5 2011.05.27 -
PCTools 7.0.3.5 2011.05.19 -
Prevx 3.0 2011.05.27 -
Rising 23.59.04.03 2011.05.27 -
Sophos 4.65.0 2011.05.27 -
SUPERAntiSpyware 4.40.0.1006 2011.05.27 -
Symantec 20111.1.0.186 2011.05.27 -
TheHacker 6.7.0.1.211 2011.05.27 -
TrendMicro 9.200.0.1012 2011.05.27 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.27 -
VBA32 3.12.16.0 2011.05.27 -
VIPRE 9407 2011.05.27 -
ViRobot 2011.5.27.4482 2011.05.27 -
VirusBuster 13.6.373.0 2011.05.27 -
Additional informationShow all
MD5 : a45ad135b3fac97cf9057d0e85d2ca17
SHA1 : 63712d7a1a0ac8a3bf037854bbd644762ccfd097
SHA256: 8ff38f0967fe5a5a82e9c26d022214fdbfa1d6a30d4696a05900e5c5ef56a2ed
ssdeep: 24:ev1GS6GC1NlVvg1+V5luHipbfejci98J8YSc4POYAX+R7f6Bk7b0oIEPqUv:qVC1NzVzuHYb
feZ98uYr49kEPF
File size : 1152 bytes
First seen: 2011-05-27 17:47:31
Last seen : 2011-05-27 18:39:08
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
text -- strikethrough
text
-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware Malware Spam attachment/link
P2P download Propagating via IM Network worm
Drive-by-download



Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.

Preview commentEdit comment Post comment Posting comment...
Comment successfully posted







ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com- TOS & Privacy Policy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users