Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with HTML/Crypted Gen [virus] + TR/CryptXPACK Gen2 [trojan] + ?


  • This topic is locked This topic is locked
20 replies to this topic

#1 gnud

gnud

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 27 May 2011 - 03:56 PM

Yesterday while browsing on firefox, I noticed from time to time, new tabs opening up with random sites. I didn't click any links on the random pop-ups that I'm aware of. I tried to do some google searches about the sites that were popping up and any forum postings I tried to browse to, would go to a different unrelated site. I ran an "Avira AntiVir Personal" freeware scan and it didn't pick up anything, so i restarted the computer and went to bed.
Starting this morning starting at 9:04 am my Avira started detecting malware. The first being "HTML/Crypted Gen [virus]", then every 20min or so afterward 3 detections at a time of "TR/CryptXPACK Gen2 [trojan]" with different actions being recorded taken on said detections(allow access/deny access). When I woke up, I tried to look-up via google the malware but was again being randomly redirected. I remembered using bleepingcomputers before to help with a different malware problem and entered in the site manually and it worked.
While going through the preparation guide before making this post, I ran into one snag enabling my firewall. After attempting to enable my firewall/make sure it was running I got the message of "Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?" I clicked yes and then got this message, "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service." I went back to your tutorial on how to start up the firewall just to make sure I wasn't being a moron, with the same result. I also noticed my first go around with "Security Essentials" (which is how i first tried to get to my firewall before going to the tutorial) that it says "The security Center is currently unavailable because the "Security Center" service has not started or was stopped. Please close this window, restart the computer (or start the 'Security Center' service), and then open the Security Center again." Also when I did the gmer portion, when saved it ended up being 1.12mb and the max file size allowed to post is 512k. I have it, I just couldn't put it on the post as well. Everything else in the preparation guide worked and was completed before making this post.

Thank you for your time, your effort and your attention. It's a beautiful thing y'all do and I for one, appreciate it.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Drew Jenkins at 11:14:28 on 2011-05-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.939 [GMT -6:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe -k itlsvc
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Wireless Adapter\UI.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
D:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
d:\program files\avira\antivir desktop\avcenter.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\Drew Jenkins\My Documents\Downloads\Defogger.exe
D:\Documents and Settings\Drew Jenkins\Desktop\dds.scr
D:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - d:\program files\search toolbar\SearchToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - d:\program files\search toolbar\SearchToolbar.dll
uRun: [Steam] "d:\program files\steam\Steam.exe" -silent
uRun: [EADM] "d:\program files\electronic arts\eadm\EADMUI.exe"
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: d:\documents and settings\drew jenkins\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: d:\docume~1\drewje~1\startm~1\programs\startup\openof~1.lnk - d:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\54mwir~1.lnk - d:\program files\wireless adapter\UI.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
mASetup: {8A3D586A-C7FE-456E-A9E2-F96EEAF0C7B6} - rundll32.exe "d:\documents and settings\drew jenkins\application data\sun\kfb0.dll", UnregisterDll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\drew jenkins\application data\mozilla\firefox\profiles\40p3ribp.default\
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2011-1-15 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2011-1-15 136360]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2011-1-15 269480]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2011-1-15 61960]
R2 itlperf;Intel CPU;d:\windows\system32\svchost.exe -k itlsvc [2006-2-28 14336]
R3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;d:\windows\system32\drivers\lne100tx.sys [2011-1-15 70730]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> d:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;d:\windows\system32\drivers\rt2870.sys [2011-5-14 627072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-26 17:33:59 34816 ----a-w- d:\windows\system32\itlnfw32.dll
2011-05-26 17:33:59 215040 ----a-w- d:\windows\system32\itlpfw32.dll
2011-05-26 11:36:39 -------- d-----w- d:\program files\Search Toolbar
2011-05-25 01:20:06 -------- d-----w- d:\documents and settings\drew jenkins\local settings\application data\Ubisoft Game Launcher
2011-05-23 18:09:12 221184 ----a-w- d:\windows\system32\wmpns.dll
2011-05-21 01:24:04 26600 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-21 01:24:04 107368 ----a-w- d:\windows\system32\GEARAspi.dll
2011-05-21 01:20:53 -------- d-----w- d:\documents and settings\drew jenkins\local settings\application data\Apple
2011-05-21 01:19:53 -------- d-----w- d:\program files\Bonjour
2011-05-21 01:18:38 -------- d-----w- d:\documents and settings\drew jenkins\local settings\application data\Apple Computer
2011-05-16 06:30:35 -------- d-----w- d:\windows\system32\NtmsData
2011-05-15 23:10:34 -------- d-----w- d:\program files\Bullfrog
2011-05-15 23:09:32 305152 ----a-w- d:\windows\IsUninst.exe
2011-05-15 23:09:28 -------- d-----w- d:\documents and settings\drew jenkins\WINDOWS
2011-05-14 15:21:48 627072 ----a-w- d:\windows\system32\drivers\rt2870.sys
2011-05-14 15:21:48 221184 ----a-w- d:\windows\system32\RaCoInst.dll
2011-05-14 15:21:48 21419 ----a-w- d:\windows\system32\drivers\AegisP.sys
2011-05-14 15:21:39 -------- d-----w- d:\program files\Wireless Adapter
2011-05-12 23:46:57 -------- d-----w- d:\documents and settings\drew jenkins\local settings\application data\EA Games
2011-05-12 23:45:38 -------- d-----w- d:\documents and settings\all users\application data\Solidshield
2011-05-12 15:17:56 -------- d--h--w- d:\windows\msdownld.tmp
2011-05-12 15:16:56 -------- d-----w- d:\documents and settings\drew jenkins\application data\RIFT
2011-05-11 02:09:09 -------- d-----w- d:\program files\EA Games
2011-04-27 19:38:37 -------- d-----w- d:\documents and settings\all users\application data\FileCure
.
==================== Find3M ====================
.
2011-04-25 23:54:23 0 ----a-w- d:\windows\ativpsrm.bin
2011-04-06 22:20:16 91424 ----a-w- d:\windows\system32\dnssd.dll
2011-04-06 22:20:16 75040 ----a-w- d:\windows\system32\jdns_sd.dll
2011-04-06 22:20:16 197920 ----a-w- d:\windows\system32\dnssdX.dll
2011-04-06 22:20:16 107808 ----a-w- d:\windows\system32\dns-sd.exe
2011-03-14 23:55:08 447752 ----a-w- d:\windows\system32\vp6vfw.dll
2011-03-14 01:52:59 138056 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2011-03-14 01:52:59 138056 ----a-w- d:\documents and settings\drew jenkins\application data\PnkBstrK.sys
2011-03-14 01:52:45 189248 ----a-w- d:\windows\system32\PnkBstrB.exe
2011-03-14 01:52:36 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2011-03-14 01:52:36 2434856 ----a-w- d:\windows\system32\pbsvc_bc2.exe
2011-03-07 05:33:50 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- d:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- d:\windows\system32\win32k.sys
2011-03-01 07:20:22 2250024 ----a-w- d:\windows\system32\pbsvc.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDT722516DLA380 rev.V43OA91A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D354D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d3b7f0]; MOV EAX, [0x89d3b86c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DD6AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000064[0x89D853B8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DDBD98]
\Driver\atapi[0x89DD9810] -> IRP_MJ_CREATE -> 0x89D354D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D3531B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:15:42.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 02 June 2011 - 12:06 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 gnud

gnud
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 June 2011 - 05:20 PM

Thank you ST for replying to my topic and your willingness to help me clean up my computer. This is simply a fast reply to your post stating that I did in fact get your reply and will be in the process of following your instructions. Thanks again for your help and look forward to our interactions together.

Edited by gnud, 02 June 2011 - 05:21 PM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 02 June 2011 - 05:27 PM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 gnud

gnud
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 June 2011 - 05:28 PM

Step 1. I downloaded the RKUnhookerLE.EXE from the first link offered and ran it and immediately got a...
"Warning - Integrity checking"
"Rootkit Unhooker has detected parasite inside itself! It is recommended to remove parasite, okay?
Thread ID: 2980
Priority: 8
Thread start address: 0x77DF848A
Module: advapi32.dll"

Seems to be intuitive to go ahead and remove the parasite, but seeing as how I'm not 100% positive and it wasn't listed in the instructions and doesn't seem to be a typical warning, I thought I should stop and make sure with you before moving on.
"If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!"

#6 gnud

gnud
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 June 2011 - 05:33 PM

ha! reread the instructions, continuing on, ignoring the warning.

Edited by gnud, 02 June 2011 - 05:34 PM.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 02 June 2011 - 05:35 PM

haha! No worries, it happens. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 gnud

gnud
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 June 2011 - 05:50 PM

okay, so the unhooker report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9550000 D:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3891200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1CD000 D:\WINDOWS\System32\ati3duag.dll 3821568 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF572000 D:\WINDOWS\System32\ativvaxx.dll 2670592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 D:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 D:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF065000 D:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9E5B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 D:\WINDOWS\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAD1DF000 D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB947E000 D:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAD312000 D:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAA853000 D:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 D:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF182000 D:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBF9C6000 D:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAA1DF000 D:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAAAB3000 D:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E2E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA9BCA000 D:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAD24F000 D:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAD2C2000 D:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAD1B9000 D:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xAD29C000 D:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAD195000 D:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9504000 D:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB993B000 D:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9918000 D:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAD27A000 D:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 D:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9F11000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9E14000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAD155000 D:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EE8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB94ED000 D:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAAE00000 D:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xAA726000 D:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9528000 D:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB953C000 D:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAD36B000 D:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 D:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9906000 D:\WINDOWS\system32\DRIVERS\lne100tx.sys 73728 bytes (Linksys Group, Inc., Linksys LNE100TX NDIS 5.0 Driver)
0xB9EFF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB94DC000 D:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAA62B000 D:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA258000 D:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA278000 D:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA288000 D:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA268000 D:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA8FB000 D:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA198000 D:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA2E8000 D:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 D:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA298000 D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2B8000 D:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA168000 D:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA248000 D:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA2A8000 D:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA308000 D:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2D8000 D:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAA0AF000 D:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA188000 D:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2C8000 D:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA158000 D:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA238000 D:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA148000 D:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA450000 D:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA468000 D:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3E8000 D:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3F8000 D:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA438000 D:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 D:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA460000 D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3F0000 D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA418000 D:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA420000 D:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA458000 D:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBA440000 D:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3A0000 D:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA428000 D:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA448000 D:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA408000 D:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA410000 D:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA400000 D:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3E0000 D:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA498000 D:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA548000 D:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA58C000 D:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA578000 D:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4BC000 D:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9DE8000 D:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA57C000 D:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xB9DCC000 D:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x89DAE000 D:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA53C000 D:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA580000 D:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9DE4000 D:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5DE000 D:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBA5D2000 D:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5F2000 D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5D0000 D:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5D4000 D:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA66A000 D:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5D6000 D:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5CC000 D:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5CE000 D:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5A8000 D:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA78C000 D:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA795000 D:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA78B000 D:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xBA7B7000 D:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89D3531B ?_empty_? 3301 bytes
==============================================
>Stealth
==============================================
0xB9F31000 WARNING: suspicious driver modification [atapi.sys::0x89D3531B]

Then the OTL.txt:
OTL logfile created on: 6/2/2011 4:39:17 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Documents and Settings\Drew Jenkins\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.42% Memory free
3.85 Gb Paging File | 2.85 Gb Available in Paging File | 74.14% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 153.38 Gb Total Space | 152.69 Gb Free Space | 99.55% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 71.59 Gb Free Space | 30.74% Space Free | Partition Type: NTFS
Drive F: | 7.46 Gb Total Space | 0.15 Gb Free Space | 2.00% Space Free | Partition Type: FAT32

Computer Name: DREWSJ | User Name: Drew Jenkins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 16:38:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Drew Jenkins\Desktop\OTL.exe
PRC - [2011/04/30 07:13:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/28 19:14:52 | 017,529,856 | ---- | M] (Electronic Arts) -- D:\Program Files\Electronic Arts\EADM\EADMUI.exe
PRC - [2011/04/28 19:08:16 | 000,095,024 | ---- | M] (Electronic Arts) -- D:\Program Files\Electronic Arts\EADM\EACoreServer.exe
PRC - [2011/04/28 17:08:24 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/17 02:15:23 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/09 22:49:22 | 000,015,688 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Silverlight\4.0.60310.0\agcp.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/01/14 10:41:10 | 002,121,728 | ---- | M] () -- D:\Program Files\Wireless Adapter\UI.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 16:38:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Drew Jenkins\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (DAUpdaterSvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/05/26 11:33:59 | 000,215,040 | ---- | M] () [Auto | Running] -- D:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2011/04/28 17:08:24 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/17 02:15:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 02:15:24 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 09:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/02/11 01:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/28 16:52:36 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/11/01 21:02:54 | 000,166,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/11/01 21:01:50 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2001/08/17 08:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 06:12:24 | 000,070,730 | ---- | M] (Linksys Group, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lne100tx.sys -- (lne100tx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-1343024091-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-1343024091-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/05/26 03:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/05/20 19:22:34 | 000,000,000 | ---D | M]

[2011/01/15 18:38:39 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Drew Jenkins\Application Data\Mozilla\Extensions
[2011/06/01 18:38:26 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Drew Jenkins\Application Data\Mozilla\Firefox\Profiles\40p3ribp.default\extensions
[2011/02/28 23:01:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Drew Jenkins\Application Data\Mozilla\Firefox\Profiles\40p3ribp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 18:38:26 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/02/26 18:57:45 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 06:31:45 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/22 06:31:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/22 06:31:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/26 05:36:45 | 000,001,919 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

Hosts file not found
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - D:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - D:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - D:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - D:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1957994488-1343024091-839522115-1004..\Run: [EADM] D:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1957994488-1343024091-839522115-1004..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\54M Wireless USB Adapter.lnk = D:\Program Files\Wireless Adapter\UI.exe ()
O4 - Startup: D:\Documents and Settings\Drew Jenkins\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: D:\Documents and Settings\Drew Jenkins\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-1343024091-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - D:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - D:\WINDOWS\System32\itlnfw32.dll ()
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/15 17:51:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 16:38:06 | 000,580,096 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Drew Jenkins\Desktop\OTL.exe
[2011/05/28 17:08:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/27 11:56:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Local Settings\Application Data\PackageAware
[2011/05/27 11:19:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Desktop\gmer
[2011/05/27 11:14:28 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Drew Jenkins\My Documents\My Videos
[2011/05/27 11:14:28 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Videos
[2011/05/27 11:10:27 | 000,606,738 | R--- | C] (Swearware) -- D:\Documents and Settings\Drew Jenkins\Desktop\dds.scr
[2011/05/27 03:41:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/27 03:41:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/05/27 02:12:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/05/27 02:12:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Identities
[2011/05/27 02:04:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/27 02:04:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/26 15:58:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/26 15:58:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/26 05:36:39 | 000,000,000 | ---D | C] -- D:\Program Files\Search Toolbar
[2011/05/24 19:20:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Local Settings\Application Data\Ubisoft Game Launcher
[2011/05/24 19:19:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\My Documents\Settlers7
[2011/05/20 19:24:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Application Data\Apple Computer
[2011/05/20 19:24:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/20 19:24:04 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- D:\WINDOWS\System32\GEARAspi.dll
[2011/05/20 19:22:59 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2011/05/20 19:22:54 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2011/05/20 19:22:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/20 19:21:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/05/20 19:21:10 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime
[2011/05/20 19:21:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/05/20 19:20:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Local Settings\Application Data\Apple
[2011/05/20 19:20:47 | 000,000,000 | ---D | C] -- D:\Program Files\Apple Software Update
[2011/05/20 19:20:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\DRVSTORE
[2011/05/20 19:19:53 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2011/05/20 19:19:30 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Apple
[2011/05/20 19:19:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Apple
[2011/05/20 19:18:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Local Settings\Application Data\Apple Computer
[2011/05/16 00:30:35 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\NtmsData
[2011/05/15 17:10:34 | 000,000,000 | ---D | C] -- D:\Program Files\Bullfrog
[2011/05/15 17:09:32 | 000,305,152 | ---- | C] (InstallShield Software Corporation) -- D:\WINDOWS\IsUninst.exe
[2011/05/15 17:09:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\WINDOWS
[2011/05/14 09:21:48 | 000,627,072 | ---- | C] (Ralink Technology, Corp.) -- D:\WINDOWS\System32\drivers\rt2870.sys
[2011/05/14 09:21:48 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- D:\WINDOWS\System32\RaCoInst.dll
[2011/05/14 09:21:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Wireless Adapter
[2011/05/14 09:21:39 | 000,000,000 | ---D | C] -- D:\Program Files\Wireless Adapter
[2011/05/14 09:21:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Application Data\InstallShield
[2011/05/12 17:49:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\My Documents\EA Games
[2011/05/12 17:46:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Local Settings\Application Data\EA Games
[2011/05/12 17:45:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Solidshield
[2011/05/12 09:16:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Drew Jenkins\Application Data\RIFT
[2011/05/10 20:33:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\EA Games
[2011/05/10 20:09:09 | 000,000,000 | ---D | C] -- D:\Program Files\EA Games
[6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 16:44:30 | 000,001,324 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/06/02 16:38:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Drew Jenkins\Desktop\OTL.exe
[2011/06/01 21:20:02 | 000,013,732 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/06/01 21:19:51 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/05/27 11:18:23 | 000,293,775 | ---- | M] () -- D:\Documents and Settings\Drew Jenkins\Desktop\gmer.zip
[2011/05/27 11:12:29 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Drew Jenkins\defogger_reenable
[2011/05/27 11:11:27 | 000,050,477 | ---- | M] () -- D:\Documents and Settings\Drew Jenkins\Desktop\Defogger.exe
[2011/05/27 11:10:28 | 000,606,738 | R--- | M] (Swearware) -- D:\Documents and Settings\Drew Jenkins\Desktop\dds.scr
[2011/05/23 12:09:15 | 000,000,804 | ---- | M] () -- D:\Documents and Settings\Drew Jenkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/20 19:24:07 | 000,001,542 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/20 19:21:52 | 000,001,604 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/20 00:53:19 | 000,011,187 | ---- | M] () -- D:\Documents and Settings\Drew Jenkins\My Documents\blah.odt
[2011/05/16 14:34:06 | 000,000,025 | ---- | M] () -- D:\WINDOWS\popcinfot.dat
[2011/05/15 17:12:52 | 000,000,357 | ---- | M] () -- D:\WINDOWS\EReg072.dat
[2011/05/14 09:23:46 | 000,492,614 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/05/14 09:23:46 | 000,083,262 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/05/14 09:21:43 | 000,000,475 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\54M Wireless USB Adapter.lnk
[2011/05/14 09:21:43 | 000,000,463 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\54M Wireless USB Adapter.lnk
[2011/05/10 20:33:04 | 000,001,757 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Dead Space™ 2.lnk
[2011/05/07 18:57:14 | 000,004,608 | ---- | M] () -- D:\Documents and Settings\Drew Jenkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 15:15:20 | 000,000,796 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/27 11:18:22 | 000,293,775 | ---- | C] () -- D:\Documents and Settings\Drew Jenkins\Desktop\gmer.zip
[2011/05/27 11:12:29 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Drew Jenkins\defogger_reenable
[2011/05/27 11:11:27 | 000,050,477 | ---- | C] () -- D:\Documents and Settings\Drew Jenkins\Desktop\Defogger.exe
[2011/05/23 12:09:15 | 000,000,804 | ---- | C] () -- D:\Documents and Settings\Drew Jenkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/20 19:24:07 | 000,001,542 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/20 19:21:51 | 000,001,604 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/20 19:20:49 | 000,001,830 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/05/20 00:53:18 | 000,011,187 | ---- | C] () -- D:\Documents and Settings\Drew Jenkins\My Documents\blah.odt
[2011/05/15 17:12:52 | 000,000,357 | ---- | C] () -- D:\WINDOWS\EReg072.dat
[2011/05/15 00:52:52 | 000,000,025 | ---- | C] () -- D:\WINDOWS\popcinfot.dat
[2011/05/14 09:21:48 | 000,015,312 | ---- | C] () -- D:\WINDOWS\System32\RaCoInst.dat
[2011/05/14 09:21:43 | 000,000,475 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\54M Wireless USB Adapter.lnk
[2011/05/14 09:21:43 | 000,000,463 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\54M Wireless USB Adapter.lnk
[2011/05/10 20:33:04 | 000,001,757 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Dead Space™ 2.lnk
[2011/05/07 18:57:09 | 000,004,608 | ---- | C] () -- D:\Documents and Settings\Drew Jenkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 17:54:23 | 000,000,000 | ---- | C] () -- D:\WINDOWS\ativpsrm.bin
[2011/04/25 17:50:17 | 000,593,920 | ---- | C] () -- D:\WINDOWS\System32\ati2sgag.exe
[2011/03/13 19:52:36 | 002,434,856 | ---- | C] () -- D:\WINDOWS\System32\pbsvc_bc2.exe
[2011/03/08 11:29:11 | 000,000,010 | ---- | C] () -- D:\WINDOWS\WININIT.INI
[2011/03/01 01:20:43 | 000,138,056 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/03/01 01:20:42 | 000,138,056 | ---- | C] () -- D:\Documents and Settings\Drew Jenkins\Application Data\PnkBstrK.sys
[2011/03/01 01:20:24 | 000,189,248 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrB.exe
[2011/03/01 01:20:22 | 002,250,024 | ---- | C] () -- D:\WINDOWS\System32\pbsvc.exe
[2011/03/01 01:20:22 | 000,075,064 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrA.exe
[2011/01/29 00:35:34 | 000,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/25 04:26:22 | 000,130,184 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/22 00:03:23 | 000,354,816 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2011/01/21 21:17:17 | 000,001,324 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/01/15 18:38:34 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2011/01/15 17:52:42 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2011/01/15 17:48:56 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2011/01/15 10:13:12 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2011/01/15 10:12:09 | 000,122,136 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2010/02/10 22:12:00 | 003,107,788 | ---- | C] () -- D:\WINDOWS\System32\ativva5x.dat
[2010/02/10 22:12:00 | 000,887,724 | ---- | C] () -- D:\WINDOWS\System32\ativva6x.dat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,492,614 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,083,262 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2006/02/13 14:29:26 | 000,189,051 | ---- | C] () -- D:\WINDOWS\System32\atiicdxx.dat

< End of report >

And the Extras.Txt:
OTL Extras logfile created on: 6/2/2011 4:39:17 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Documents and Settings\Drew Jenkins\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.42% Memory free
3.85 Gb Paging File | 2.85 Gb Available in Paging File | 74.14% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 153.38 Gb Total Space | 152.69 Gb Free Space | 99.55% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 71.59 Gb Free Space | 30.74% Space Free | Partition Type: NTFS
Drive F: | 7.46 Gb Total Space | 0.15 Gb Free Space | 2.00% Space Free | Partition Type: FAT32

Computer Name: DREWSJ | User Name: Drew Jenkins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1957994488-1343024091-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\World of Warcraft\Launcher.exe" = C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\World of Warcraft\Launcher.patch.exe" = C:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\World of Warcraft\Blizzard Downloader.exe" = C:\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"D:\Program Files\Steam\steamapps\common\just cause 2\JustCause2.exe" = D:\Program Files\Steam\steamapps\common\just cause 2\JustCause2.exe:*:Enabled:Just Cause 2 -- (Avalanche Studios)
"D:\Program Files\Steam\steamapps\common\max payne\maxpayne.exe" = D:\Program Files\Steam\steamapps\common\max payne\maxpayne.exe:*:Enabled:Max Payne -- (Remedy Entertainment)
"D:\Program Files\Steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe" = D:\Program Files\Steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe:*:Enabled:Max Payne 2: The Fall of Max Payne -- (Remedy Entertainment)
"D:\Program Files\Steam\steamapps\common\europa universalis iii - complete\eu3game.exe" = D:\Program Files\Steam\steamapps\common\europa universalis iii - complete\eu3game.exe:*:Enabled:Europa Universalis III -- ()
"D:\Program Files\Steam\steamapps\common\hitman blood money\HitmanBloodMoney.exe" = D:\Program Files\Steam\steamapps\common\hitman blood money\HitmanBloodMoney.exe:*:Enabled:Hitman: Blood Money -- ()
"D:\Program Files\Steam\steamapps\common\hitman blood money\configure.exe" = D:\Program Files\Steam\steamapps\common\hitman blood money\configure.exe:*:Enabled:Hitman: Blood Money -- ()
"D:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe" = D:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect -- (BioWare)
"D:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm" = D:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect -- ()
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\Program Files\Steam\steamapps\common\mount and blade\runme.exe" = D:\Program Files\Steam\steamapps\common\mount and blade\runme.exe:*:Enabled:Mount & Blade -- ()
"D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"D:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe" = D:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater
"D:\Program Files\Steam\steamapps\common\fallout 3 goty\FalloutLauncher.exe" = D:\Program Files\Steam\steamapps\common\fallout 3 goty\FalloutLauncher.exe:*:Enabled:Fallout 3 - Game of the Year Edition -- (Bethesda Softworks)
"D:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe" = D:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV
"D:\Program Files\Steam\steamapps\common\trine\trine_launcher.exe" = D:\Program Files\Steam\steamapps\common\trine\trine_launcher.exe:*:Enabled:Trine -- ()
"D:\Program Files\Electronic Arts\Mass Effect™ 2\MassEffect2Launcher.exe" = D:\Program Files\Electronic Arts\Mass Effect™ 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 - Launcher
"D:\Program Files\Electronic Arts\Mass Effect™ 2\Binaries\EACoreServer.exe" = D:\Program Files\Electronic Arts\Mass Effect™ 2\Binaries\EACoreServer.exe:*:Enabled:EA Core Server Application
"D:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = D:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants vs. Zombies Demo -- ()
"D:\Program Files\Steam\steamapps\common\king arthur - the role-playing wargame\KingArthur.exe" = D:\Program Files\Steam\steamapps\common\king arthur - the role-playing wargame\KingArthur.exe:*:Enabled:King Arthur - The Role-playing Wargame -- (NeoCore Games)
"D:\Program Files\Steam\steamapps\common\king arthur - the role-playing wargame\KingArthurMulti.exe" = D:\Program Files\Steam\steamapps\common\king arthur - the role-playing wargame\KingArthurMulti.exe:*:Enabled:King Arthur - The Role-playing Wargame -- (NeoCore Games)
"D:\Program Files\Steam\steamapps\yllems\team fortress 2\hl2.exe" = D:\Program Files\Steam\steamapps\yllems\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"D:\Program Files\EA Games\Dead Space 2\deadspace2.exe" = D:\Program Files\EA Games\Dead Space 2\deadspace2.exe:*:Enabled:Dead Space™ 2 -- (Electronic Arts Inc.)
"D:\Program Files\Steam\steamapps\common\uplink\Uplink.exe" = D:\Program Files\Steam\steamapps\common\uplink\Uplink.exe:*:Enabled:Uplink -- ()
"D:\Documents and Settings\Drew Jenkins\Local Settings\Apps\2.0\GDGXR2RY.XNW\AVVQ04HZ.DWN\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = D:\Documents and Settings\Drew Jenkins\Local Settings\Apps\2.0\GDGXR2RY.XNW\AVVQ04HZ.DWN\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0
"D:\Program Files\Steam\steamapps\common\settlers 7 gold\Data\Base\_Dbg\Bin\Release\Settlers7R.exe" = D:\Program Files\Steam\steamapps\common\settlers 7 gold\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7: Paths to a Kingdom - Gold Edition -- (Blue Byte GmbH)
"D:\Program Files\Steam\steamapps\common\portal 2\portal2.exe" = D:\Program Files\Steam\steamapps\common\portal 2\portal2.exe:*:Enabled:Portal 2 -- ()
"D:\Program Files\Steam\steamapps\common\total war shogun 2\Shogun2.exe" = D:\Program Files\Steam\steamapps\common\total war shogun 2\Shogun2.exe:*:Enabled:Total War: SHOGUN 2 -- (The Creative Assembly Ltd)
"D:\Program Files\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html" = D:\Program Files\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html:*:Enabled:Total War: SHOGUN 2 -- ()
"D:\Program Files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat" = D:\Program Files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat:*:Enabled:Total War: SHOGUN 2 -- ()
"D:\Program Files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat" = D:\Program Files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat:*:Enabled:Total War: SHOGUN 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{297C7552-BA68-4F73-AB83-82510777421D}_is1" = Fallout 3 - Unofficial Fallout 3 Patch
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7C3D47C-0683-46EE-87EE-686D56A857ED}" = 54M Wireless USB Adapter
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"EADM" = EA Download Manager
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"PunkBusterSvc" = PunkBuster Services
"Search Toolbar" = Search Toolbar
"Steam App 12140" = Max Payne
"Steam App 12150" = Max Payne 2: The Fall of Max Payne
"Steam App 1510" = Uplink
"Steam App 17460" = Mass Effect
"Steam App 22100" = Mount & Blade
"Ste

Edited by SweetTech, 02 June 2011 - 06:03 PM.
removed extra information.--ST


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 02 June 2011 - 05:56 PM

Hi!

No worries, I've gotten what I need from the logs you posted.

Looks like we are dealing with a TDL infection.

Lets remove that now.

Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - [2011/05/26 11:33:59 | 000,215,040 | ---- | M] () [Auto | Running] -- D:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - D:\WINDOWS\System32\itlnfw32.dll ()
    O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - D:\WINDOWS\System32\itlnfw32.dll ()
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 gnud

gnud
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 June 2011 - 05:56 PM

okay, not sure what happened there, but I somehow have a dup message inside the first message and it actually posted the whole message the first time or something? dunno, confusing what happened.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 02 June 2011 - 06:04 PM

No worries, I've cleaned the one post up a bit, and have asked for the duplicate one to be removed. It was giving you issues because of the infection you have.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 gnud

gnud
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 June 2011 - 06:09 PM

After reboot TDSSKiller:
2011/06/02 17:05:05.0734 1348 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/02 17:05:06.0218 1348 ================================================================================
2011/06/02 17:05:06.0218 1348 SystemInfo:
2011/06/02 17:05:06.0218 1348
2011/06/02 17:05:06.0218 1348 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/02 17:05:06.0218 1348 Product type: Workstation
2011/06/02 17:05:06.0218 1348 ComputerName: DREWSJ
2011/06/02 17:05:06.0218 1348 UserName: Drew Jenkins
2011/06/02 17:05:06.0218 1348 Windows directory: D:\WINDOWS
2011/06/02 17:05:06.0218 1348 System windows directory: D:\WINDOWS
2011/06/02 17:05:06.0218 1348 Processor architecture: Intel x86
2011/06/02 17:05:06.0218 1348 Number of processors: 2
2011/06/02 17:05:06.0218 1348 Page size: 0x1000
2011/06/02 17:05:06.0218 1348 Boot type: Normal boot
2011/06/02 17:05:06.0218 1348 ================================================================================
2011/06/02 17:05:18.0984 1348 Initialize success
2011/06/02 17:05:21.0109 1448 ================================================================================
2011/06/02 17:05:21.0109 1448 Scan started
2011/06/02 17:05:21.0109 1448 Mode: Manual;
2011/06/02 17:05:21.0109 1448 ================================================================================
2011/06/02 17:05:24.0359 1448 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/02 17:05:24.0484 1448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/02 17:05:25.0015 1448 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
2011/06/02 17:05:25.0484 1448 AegisP (15e655baa989444f56787ef558823643) D:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/02 17:05:25.0890 1448 AFD (7618d5218f2a614672ec61a80d854a37) D:\WINDOWS\System32\drivers\afd.sys
2011/06/02 17:05:28.0000 1448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/02 17:05:28.0484 1448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/02 17:05:29.0750 1448 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/02 17:05:30.0000 1448 atinevxx (355922be5c5f9dce2008e1790bf630ea) D:\WINDOWS\system32\DRIVERS\atinevxx.sys
2011/06/02 17:05:30.0765 1448 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/02 17:05:32.0046 1448 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/02 17:05:32.0390 1448 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/02 17:05:33.0390 1448 avgntflt (47b879406246ffdced59e18d331a0e7d) D:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/02 17:05:35.0218 1448 avipbb (5fedef54757b34fb611b9ec8fb399364) D:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/02 17:05:38.0312 1448 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/06/02 17:05:40.0015 1448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/02 17:05:40.0828 1448 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) D:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/02 17:05:41.0328 1448 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/02 17:05:41.0500 1448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/02 17:05:42.0015 1448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/02 17:05:42.0515 1448 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/02 17:05:44.0203 1448 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
2011/06/02 17:05:44.0890 1448 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
2011/06/02 17:05:45.0687 1448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/06/02 17:05:45.0921 1448 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
2011/06/02 17:05:45.0984 1448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/02 17:05:46.0109 1448 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/02 17:05:46.0812 1448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/02 17:05:46.0859 1448 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
2011/06/02 17:05:46.0968 1448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/02 17:05:47.0296 1448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/02 17:05:48.0421 1448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/02 17:05:49.0500 1448 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/02 17:05:50.0578 1448 gameenum (065639773d8b03f33577f6cdaea21063) D:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/02 17:05:50.0812 1448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/02 17:05:51.0015 1448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/02 17:05:51.0250 1448 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/02 17:05:51.0546 1448 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/02 17:05:52.0453 1448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\drivers\i8042prt.sys
2011/06/02 17:05:52.0531 1448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/02 17:05:53.0171 1448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/02 17:05:53.0578 1448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/02 17:05:53.0906 1448 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/02 17:05:54.0140 1448 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/02 17:05:54.0328 1448 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/02 17:05:54.0453 1448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/02 17:05:54.0734 1448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/02 17:05:54.0890 1448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/02 17:05:55.0078 1448 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/02 17:05:55.0250 1448 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
2011/06/02 17:05:55.0562 1448 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/02 17:05:55.0953 1448 lne100tx (ffee99703cf26d2f5a511e3f363a90c9) D:\WINDOWS\system32\DRIVERS\lne100tx.sys
2011/06/02 17:05:56.0281 1448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/02 17:05:56.0406 1448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
2011/06/02 17:05:57.0109 1448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/02 17:05:57.0937 1448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/02 17:05:58.0625 1448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/02 17:05:58.0859 1448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/02 17:05:59.0000 1448 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/02 17:05:59.0156 1448 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
2011/06/02 17:05:59.0468 1448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/02 17:05:59.0609 1448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/02 17:06:00.0046 1448 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/02 17:06:00.0328 1448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/02 17:06:00.0703 1448 MSTEE (d5059366b361f0e1124753447af08aa2) D:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/02 17:06:01.0375 1448 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) D:\WINDOWS\system32\drivers\msmpu401.sys
2011/06/02 17:06:01.0796 1448 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys
2011/06/02 17:06:02.0578 1448 MVDCODEC (d181968825d24dbbe8c3ee6ec44a3062) D:\WINDOWS\system32\DRIVERS\atinmdxx.sys
2011/06/02 17:06:02.0812 1448 NABTSFEC (ac31b352ce5e92704056d409834beb74) D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/02 17:06:03.0718 1448 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
2011/06/02 17:06:05.0390 1448 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) D:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/02 17:06:06.0421 1448 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/02 17:06:06.0875 1448 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/02 17:06:06.0968 1448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/02 17:06:07.0171 1448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/02 17:06:07.0296 1448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/02 17:06:07.0453 1448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/02 17:06:07.0640 1448 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
2011/06/02 17:06:07.0859 1448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/02 17:06:08.0312 1448 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/06/02 17:06:08.0437 1448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/02 17:06:08.0500 1448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/02 17:06:08.0671 1448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/02 17:06:08.0812 1448 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/02 17:06:08.0953 1448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/02 17:06:09.0062 1448 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/02 17:06:09.0234 1448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/02 17:06:09.0359 1448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/02 17:06:09.0718 1448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/02 17:06:09.0875 1448 Processor (a32bebaf723557681bfc6bd93e98bd26) D:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/02 17:06:10.0046 1448 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/02 17:06:10.0250 1448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/02 17:06:10.0453 1448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/02 17:06:10.0656 1448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/02 17:06:10.0734 1448 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/02 17:06:11.0015 1448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/02 17:06:11.0218 1448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/02 17:06:11.0312 1448 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/02 17:06:11.0375 1448 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/02 17:06:11.0421 1448 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/02 17:06:11.0546 1448 rt2870 (326c012c7fe573829871fe9c9e41cf9b) D:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/06/02 17:06:11.0734 1448 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/02 17:06:11.0781 1448 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/02 17:06:11.0796 1448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/02 17:06:11.0906 1448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/02 17:06:11.0984 1448 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) D:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/02 17:06:12.0046 1448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
2011/06/02 17:06:12.0125 1448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/02 17:06:12.0218 1448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/02 17:06:12.0328 1448 ssmdrv (a36ee93698802cd899f98bfd553d8185) D:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/02 17:06:12.0375 1448 streamip (a9f9fd0212e572b84edb9eb661f6bc04) D:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/02 17:06:12.0421 1448 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/02 17:06:12.0453 1448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
2011/06/02 17:06:12.0531 1448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/02 17:06:12.0625 1448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/02 17:06:12.0671 1448 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/02 17:06:12.0703 1448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/02 17:06:12.0750 1448 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/02 17:06:12.0828 1448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
2011/06/02 17:06:13.0031 1448 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
2011/06/02 17:06:13.0140 1448 usbaudio (e919708db44ed8543a7c017953148330) D:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/02 17:06:13.0234 1448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/02 17:06:13.0265 1448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/02 17:06:13.0281 1448 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/02 17:06:13.0296 1448 usbohci (0daecce65366ea32b162f85f07c6753b) D:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/02 17:06:13.0359 1448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/02 17:06:13.0375 1448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
2011/06/02 17:06:13.0437 1448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/02 17:06:13.0468 1448 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/02 17:06:13.0562 1448 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/02 17:06:13.0750 1448 WSTCODEC (233cdd1c06942115802eb7ce6669e099) D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/02 17:06:13.0781 1448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/02 17:06:13.0843 1448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/02 17:06:13.0843 1448 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR4
2011/06/02 17:06:13.0875 1448 ================================================================================
2011/06/02 17:06:13.0875 1448 Scan finished
2011/06/02 17:06:13.0875 1448 ================================================================================
2011/06/02 17:06:13.0890 1576 Detected object count: 0
2011/06/02 17:06:13.0890 1576 Actual detected object count: 0

Before reboot:
2011/06/02 16:58:50.0569 3852 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/02 16:58:51.0084 3852 ================================================================================
2011/06/02 16:58:51.0084 3852 SystemInfo:
2011/06/02 16:58:51.0084 3852
2011/06/02 16:58:51.0084 3852 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/02 16:58:51.0084 3852 Product type: Workstation
2011/06/02 16:58:51.0084 3852 ComputerName: DREWSJ
2011/06/02 16:58:51.0084 3852 UserName: Drew Jenkins
2011/06/02 16:58:51.0084 3852 Windows directory: D:\WINDOWS
2011/06/02 16:58:51.0084 3852 System windows directory: D:\WINDOWS
2011/06/02 16:58:51.0084 3852 Processor architecture: Intel x86
2011/06/02 16:58:51.0084 3852 Number of processors: 2
2011/06/02 16:58:51.0084 3852 Page size: 0x1000
2011/06/02 16:58:51.0084 3852 Boot type: Normal boot
2011/06/02 16:58:51.0084 3852 ================================================================================
2011/06/02 16:58:54.0178 3852 Initialize success
2011/06/02 16:59:02.0850 1136 ================================================================================
2011/06/02 16:59:02.0850 1136 Scan started
2011/06/02 16:59:02.0850 1136 Mode: Manual;
2011/06/02 16:59:02.0850 1136 ================================================================================
2011/06/02 16:59:05.0069 1136 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/02 16:59:05.0147 1136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/02 16:59:05.0209 1136 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
2011/06/02 16:59:05.0287 1136 AegisP (15e655baa989444f56787ef558823643) D:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/02 16:59:05.0397 1136 AFD (7618d5218f2a614672ec61a80d854a37) D:\WINDOWS\System32\drivers\afd.sys
2011/06/02 16:59:05.0647 1136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/02 16:59:05.0678 1136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/02 16:59:06.0022 1136 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/02 16:59:06.0256 1136 atinevxx (355922be5c5f9dce2008e1790bf630ea) D:\WINDOWS\system32\DRIVERS\atinevxx.sys
2011/06/02 16:59:06.0319 1136 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/02 16:59:06.0381 1136 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/02 16:59:06.0522 1136 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/02 16:59:06.0553 1136 avgntflt (47b879406246ffdced59e18d331a0e7d) D:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/02 16:59:06.0615 1136 avipbb (5fedef54757b34fb611b9ec8fb399364) D:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/02 16:59:06.0678 1136 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/06/02 16:59:06.0725 1136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/02 16:59:06.0787 1136 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) D:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/02 16:59:06.0834 1136 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/02 16:59:06.0850 1136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/02 16:59:06.0897 1136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/02 16:59:07.0053 1136 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/02 16:59:07.0131 1136 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
2011/06/02 16:59:07.0225 1136 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
2011/06/02 16:59:07.0256 1136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/06/02 16:59:07.0303 1136 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
2011/06/02 16:59:07.0350 1136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/02 16:59:07.0397 1136 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/02 16:59:07.0475 1136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/02 16:59:07.0537 1136 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
2011/06/02 16:59:07.0553 1136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/02 16:59:07.0600 1136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/02 16:59:07.0615 1136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/02 16:59:07.0647 1136 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/02 16:59:07.0694 1136 gameenum (065639773d8b03f33577f6cdaea21063) D:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/02 16:59:07.0740 1136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/02 16:59:07.0803 1136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/02 16:59:07.0819 1136 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/02 16:59:07.0928 1136 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/02 16:59:08.0006 1136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\drivers\i8042prt.sys
2011/06/02 16:59:08.0022 1136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/02 16:59:08.0115 1136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/02 16:59:08.0147 1136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/02 16:59:08.0178 1136 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/02 16:59:08.0256 1136 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/02 16:59:08.0287 1136 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/02 16:59:08.0334 1136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/02 16:59:08.0381 1136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/02 16:59:08.0459 1136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/02 16:59:08.0475 1136 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/02 16:59:08.0600 1136 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
2011/06/02 16:59:08.0647 1136 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/02 16:59:08.0756 1136 lne100tx (ffee99703cf26d2f5a511e3f363a90c9) D:\WINDOWS\system32\DRIVERS\lne100tx.sys
2011/06/02 16:59:08.0803 1136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/02 16:59:08.0834 1136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
2011/06/02 16:59:09.0147 1136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/02 16:59:09.0225 1136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/02 16:59:09.0256 1136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/02 16:59:09.0303 1136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/02 16:59:09.0381 1136 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/02 16:59:09.0428 1136 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
2011/06/02 16:59:09.0490 1136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/02 16:59:09.0522 1136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/02 16:59:09.0537 1136 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/02 16:59:09.0584 1136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/02 16:59:09.0662 1136 MSTEE (d5059366b361f0e1124753447af08aa2) D:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/02 16:59:09.0725 1136 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) D:\WINDOWS\system32\drivers\msmpu401.sys
2011/06/02 16:59:09.0740 1136 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys
2011/06/02 16:59:09.0834 1136 MVDCODEC (d181968825d24dbbe8c3ee6ec44a3062) D:\WINDOWS\system32\DRIVERS\atinmdxx.sys
2011/06/02 16:59:09.0881 1136 NABTSFEC (ac31b352ce5e92704056d409834beb74) D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/02 16:59:09.0944 1136 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
2011/06/02 16:59:09.0990 1136 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) D:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/02 16:59:10.0022 1136 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/02 16:59:10.0069 1136 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/02 16:59:10.0084 1136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/02 16:59:10.0194 1136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/02 16:59:10.0256 1136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/02 16:59:10.0334 1136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/02 16:59:10.0428 1136 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
2011/06/02 16:59:10.0506 1136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/02 16:59:10.0600 1136 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/06/02 16:59:10.0647 1136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/02 16:59:10.0662 1136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/02 16:59:10.0678 1136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/02 16:59:10.0709 1136 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/02 16:59:10.0756 1136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/02 16:59:10.0787 1136 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/02 16:59:10.0850 1136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/02 16:59:10.0881 1136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/02 16:59:11.0069 1136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/02 16:59:11.0084 1136 Processor (a32bebaf723557681bfc6bd93e98bd26) D:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/02 16:59:11.0115 1136 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/02 16:59:11.0147 1136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/02 16:59:11.0287 1136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/02 16:59:11.0319 1136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/02 16:59:11.0334 1136 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/02 16:59:11.0350 1136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/02 16:59:11.0444 1136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/02 16:59:11.0475 1136 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/02 16:59:11.0522 1136 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/02 16:59:11.0584 1136 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/02 16:59:11.0678 1136 rt2870 (326c012c7fe573829871fe9c9e41cf9b) D:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/06/02 16:59:11.0772 1136 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/02 16:59:11.0834 1136 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/02 16:59:11.0897 1136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/02 16:59:11.0944 1136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/02 16:59:12.0022 1136 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) D:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/02 16:59:12.0084 1136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
2011/06/02 16:59:12.0162 1136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/02 16:59:12.0256 1136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/02 16:59:12.0412 1136 ssmdrv (a36ee93698802cd899f98bfd553d8185) D:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/02 16:59:12.0475 1136 streamip (a9f9fd0212e572b84edb9eb661f6bc04) D:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/02 16:59:12.0506 1136 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/02 16:59:12.0537 1136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
2011/06/02 16:59:12.0662 1136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/02 16:59:12.0772 1136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/02 16:59:12.0881 1136 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/02 16:59:12.0912 1136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/02 16:59:12.0975 1136 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/02 16:59:13.0053 1136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
2011/06/02 16:59:13.0147 1136 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
2011/06/02 16:59:13.0209 1136 usbaudio (e919708db44ed8543a7c017953148330) D:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/02 16:59:13.0287 1136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/02 16:59:13.0350 1136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/02 16:59:13.0412 1136 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/02 16:59:13.0490 1136 usbohci (0daecce65366ea32b162f85f07c6753b) D:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/02 16:59:13.0537 1136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/02 16:59:13.0553 1136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
2011/06/02 16:59:13.0631 1136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/02 16:59:13.0694 1136 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/02 16:59:13.0740 1136 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/02 16:59:13.0865 1136 WSTCODEC (233cdd1c06942115802eb7ce6669e099) D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/02 16:59:13.0897 1136 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/02 16:59:13.0912 1136 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/02 16:59:13.0928 1136 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/02 16:59:13.0944 1136 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR4
2011/06/02 16:59:13.0975 1136 ================================================================================
2011/06/02 16:59:13.0975 1136 Scan finished
2011/06/02 16:59:13.0975 1136 ================================================================================
2011/06/02 16:59:13.0990 0308 Detected object count: 1
2011/06/02 16:59:13.0990 0308 Actual detected object count: 1
2011/06/02 16:59:26.0444 0308 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/02 16:59:26.0444 0308 \Device\Harddisk0\DR0 - ok
2011/06/02 16:59:26.0444 0308 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/02 16:59:49.0928 1060 Deinitialize success

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 02 June 2011 - 06:15 PM

Please post the other logs when you finish running them. :)

Edited by SweetTech, 02 June 2011 - 06:15 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 gnud

gnud
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 June 2011 - 06:22 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service itlperf stopped successfully!
Service itlperf deleted successfully!
File D:\WINDOWS\system32\itlpfw32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32\ deleted successfully.
File D:\WINDOWS\System32\itlnfw32.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlntfy\ deleted successfully.
File D:\WINDOWS\System32\itlnfw32.dll not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Documents and Settings\Drew Jenkins\Desktop\cmd.bat deleted successfully.
D:\Documents and Settings\Drew Jenkins\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Drew Jenkins
->Temp folder emptied: 548815147 bytes
->Temporary Internet Files folder emptied: 109580679 bytes
->Java cache emptied: 2079133 bytes
->FireFox cache emptied: 49858672 bytes
->Flash cache emptied: 2919205 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 44102941 bytes
->Flash cache emptied: 66645 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 765360836 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 73229 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48724164 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 84859668 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1243064638 bytes

Total Files Cleaned = 2,767.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Drew Jenkins
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06022011_170955

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 gnud

gnud
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 June 2011 - 06:30 PM

Last but not least:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6756

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/2/2011 5:29:20 PM
mbam-log-2011-06-02 (17-29-20).txt

Scan type: Quick scan
Objects scanned: 144132
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A3D586A-C7FE-456E-A9E2-F96EEAF0C7B6} (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A3D586A-C7FE-456E-A9E2-F96EEAF0C7B6} (Trojan.Ambler) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users