Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.AVkillsvc.e/ backdoor.0access


  • This topic is locked This topic is locked
36 replies to this topic

#1 Uderr

Uderr

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 05 September 2011 - 12:20 PM

I took notice to a google redirect, that is how I knew I was infected. I usually can get rid of any virus but this one has me stumped. It killed my AVG, I was able to run Malwarebytes in safemode,it found and removed the backdoor.0access virus. Now something is keeping me from running Malwarebytes. I installed gmer and run the scan but as soon as it find the problem it shuts down and looses the specific path same as any other virus or malware remover I try. The only thing that finds win32.AVkillsvc.e is Spybot but it won't remove it. I got a dds log and otl log. I tried to run all 3 rkills listed and it still wouldn't allow for Malware to run. I found the specific files that Spybot show are infected but it won't allow me to delete them. I just ran spybot again it found something attached to my HKs of the windows securitycenter/firewall but when I went to view review reports it shut down and now can't find the specific path to run spybot again. It shut down my windowsfirewall. I haven't backed anything up yet. I am not sure if any other data if infected and don't want to carry the infection elsewhere.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by uriah at 12:55:36 on 2011-09-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2539 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\4224955072:1062022148.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ASUS\EPU\EPU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=16794S&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [TurboV] "c:\program files\asus\turbov\TurboV.exe"
mRun: [Ai Nap] "c:\program files\asus\ai suite\q-button\QButton.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [Six Engine] "c:\program files\asus\epu\EPU.exe" -r
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware1\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hp\digital imaging\bin\hposol08.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262448572015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 74.5.116.242 74.5.116.246
TCP: Interfaces\{D6912220-AC69-421E-B271-0A7820D31A36} : DhcpNameServer = 74.5.116.242 74.5.116.246
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\uriah\application data\mozilla\firefox\profiles\yl2wkm0y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW4&o=16794&locale=en_US&apn_uid=F3F6F417-2FF8-4B16-A2AE-CF8657E58528&apn_ptnrs=3M&apn_sauid=8772674E-7B48-4EF2-9EF0-C6C75A1B3374&apn_dtid=VIN008YYUS&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\uriah\application data\mozilla\firefox\profiles\yl2wkm0y.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\uriah\application data\mozilla\firefox\profiles\yl2wkm0y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2009-5-17 86016]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2011-4-10 33280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-4 22712]
S2 AODService;AODService;c:\program files\amd\overdrive\aodassist --> c:\program files\amd\overdrive\AODAssist [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware1\mbamservice.exe [2011-9-4 366640]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-8-11 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-17 1025352]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-12-15 23456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-2 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-2 8456]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-09-05 14:51:52 -------- d-----w- c:\documents and settings\uriah\application data\DriverCure
2011-09-05 14:51:51 -------- d-----w- c:\documents and settings\uriah\application data\SpeedMaxPc
2011-09-05 14:51:40 -------- d-----w- c:\program files\common files\SpeedMaxPc
2011-09-05 14:51:39 -------- d-----w- c:\program files\SpeedMaxPc
2011-09-05 14:51:39 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2011-09-04 15:06:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-04 15:06:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-04 15:06:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-09-04 14:36:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2011-09-04 13:58:16 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-09-04 13:50:28 -------- d-----w- c:\program files\Safer Networking
2011-09-04 13:28:30 -------- d-----w- C:\rei
2011-09-04 13:28:27 -------- d-----w- c:\program files\Reimage
2011-09-04 01:04:07 43408 --sha-w- c:\windows\system32\c_81785.nl_
2011-09-04 00:43:23 -------- d-----w- C:\RegBackup
2011-08-31 14:43:30 -------- d-----w- c:\program files\Registry Defragmentation
2011-08-30 21:52:23 526184 ----a-w- c:\windows\system32\XceedCry.dll
2011-08-30 21:52:23 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2011-08-30 21:52:23 1882104 ----a-w- c:\windows\system32\Codejock.Controls.v15.0.1.ocx
2011-08-30 21:52:23 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-08-30 21:52:23 132880 ----a-w- c:\windows\system32\Msinet.ocx
2011-08-30 21:52:23 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2011-08-30 21:52:22 -------- d-----w- c:\program files\Driver Magician
2011-08-27 17:09:00 -------- d-----w- c:\program files\KRyLack Burning Suite
2011-08-27 17:08:06 -------- d-----w- c:\documents and settings\uriah\application data\KRyLack Burning Suite
2011-08-25 23:12:02 -------- d-----w- c:\documents and settings\uriah\application data\RIFT
2011-08-25 23:11:58 -------- d-----w- c:\program files\RIFT Game
.
==================== Find3M ====================
.
2011-08-15 23:07:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 12:56:10.07 ===============


OTL logfile created on: 9/5/2011 12:52:29 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\uriah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 6015 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 1153.32 Gb Free Space | 82.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HHH-AEC44BD67A0
Current User Name: uriah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\4224955072:1062022148.exe File not found
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
PRC - C:\Documents and Settings\uriah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe ()
PRC - C:\Program Files\ASUS\EPU\EPU.exe ()
PRC - C:\Program Files\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)


========== Modules (SafeList) ==========

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\uriah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe File not found
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (6to4) -- C:\WINDOWS\System32\6to4v32.dll File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (AODService) -- C:\Program Files\AMD\OverDrive\AODAssist.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe ()
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (redbook) -- C:\WINDOWS\System32\DRIVERS\redbook.sys File not found
DRV - (Cdrom) -- C:\WINDOWS\System32\DRIVERS\cdrom.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (IOMap) -- C:\WINDOWS\system32\drivers\IOMap.sys (ASUSTeK Computer Inc.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16794S&l=dis
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW4&o=16794&locale=en_US&apn_uid=F3F6F417-2FF8-4B16-A2AE-CF8657E58528&apn_ptnrs=3M&apn_sauid=8772674E-7B48-4EF2-9EF0-C6C75A1B3374&apn_dtid=VIN008YYUS&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 08:56:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/29 08:29:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/09/04 09:58:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 11:38:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 11:26:57 | 000,000,000 | ---D | M]

[2009/08/24 10:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uriah\Application Data\Mozilla\Extensions
[2009/08/24 10:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uriah\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/08/03 17:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uriah\Application Data\Mozilla\Firefox\Profiles\yl2wkm0y.default\extensions
[2010/08/26 13:20:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\uriah\Application Data\Mozilla\Firefox\Profiles\yl2wkm0y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/03 17:03:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\uriah\Application Data\Mozilla\Firefox\Profiles\yl2wkm0y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2011/08/03 17:17:36 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\uriah\Application Data\Mozilla\Firefox\Profiles\yl2wkm0y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/07 00:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uriah\Application Data\Mozilla\Firefox\Profiles\yl2wkm0y.default\extensions\toolbar@ask.com
[2011/09/05 10:50:44 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\uriah\Application Data\Mozilla\Firefox\Profiles\yl2wkm0y.default\searchplugins\askcom.xml
[2011/09/03 12:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/01 11:38:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/05 14:54:46 | 001,152,488 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll
[2011/05/08 10:40:06 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/05 13:39:12 | 000,436,278 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15018 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU\EPU.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe File not found
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hp\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262448572015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.5.116.242 74.5.116.246
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/17 10:30:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 10:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uriah\Application Data\DriverCure
[2011/09/05 10:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uriah\Application Data\SpeedMaxPc
[2011/09/05 10:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedMaxPc
[2011/09/05 10:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedMaxPc
[2011/09/05 10:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2011/09/04 11:06:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/04 11:06:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/04 11:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware1
[2011/09/04 10:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2011/09/04 10:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AdwareandSpywareEradicatorDemo
[2011/09/04 09:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/09/04 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2011/09/04 09:28:30 | 000,000,000 | ---D | C] -- C:\rei
[2011/09/04 09:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/09/03 20:43:23 | 000,000,000 | ---D | C] -- C:\RegBackup
[2011/08/31 10:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Defragmentation
[2011/08/30 17:52:23 | 001,882,104 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.Controls.v15.0.1.ocx
[2011/08/30 17:52:23 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2011/08/30 17:52:23 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XCEEDZIP.DLL
[2011/08/30 17:52:23 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx
[2011/08/30 17:52:23 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx
[2011/08/30 17:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2011/08/27 13:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\KRyLack Burning Suite
[2011/08/27 13:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uriah\Application Data\KRyLack Burning Suite
[2011/08/25 19:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uriah\Application Data\RIFT
[2011/08/25 19:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\RIFT Game
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 12:42:51 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1682526488-682003330-1004.job
[2011/09/05 12:42:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/09/05 12:42:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4224955072
[2011/09/05 12:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/05 12:32:25 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\uriah\NTUSER.DAT
[2011/09/05 12:26:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\uriah\defogger_reenable
[2011/09/05 12:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/05 10:51:54 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job
[2011/09/05 10:51:44 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job
[2011/09/05 10:51:44 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Defrag.job
[2011/09/05 10:51:43 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc.job
[2011/09/05 10:49:46 | 000,000,353 | RHS- | M] () -- C:\boot.ini
[2011/09/05 10:49:45 | 000,000,806 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/09/05 10:49:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/09/04 11:21:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\uriah\ntuser.ini
[2011/09/04 11:20:17 | 000,043,408 | -HS- | M] () -- C:\WINDOWS\System32\c_81785.nl_
[2011/09/04 11:06:44 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 10:37:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\uriah\Local Settings\Application Data\prvlcl.dat
[2011/09/04 10:17:58 | 003,843,352 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\AdwareandSpywareEradicatorDemo.zip
[2011/09/04 09:29:24 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/09/04 09:29:13 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/09/04 09:01:06 | 000,003,098 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/09/04 08:58:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\uriah\Desktop\Shortcut to mbam.exe.lnk
[2011/09/04 08:00:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/03 21:02:05 | 003,767,154 | -H-- | M] () -- C:\Documents and Settings\uriah\Local Settings\Application Data\IconCache.db
[2011/09/03 18:15:33 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\uriah\Application Data\mcs.rma
[2011/09/03 18:15:33 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\uriah\Application Data\88CCD5
[2011/09/03 18:10:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/03 17:22:31 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\uriah\Desktop\Second frame.xls
[2011/09/03 16:51:20 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2011/09/03 16:01:07 | 000,006,341 | ---- | M] () -- C:\Documents and Settings\uriah\Desktop\images.jpg
[2011/09/02 20:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/29 19:33:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1682526488-682003330-1004.job
[2011/08/27 13:09:54 | 000,003,755 | ---- | M] () -- C:\Documents and Settings\uriah\Desktop\Reg keys.rtf
[2011/08/25 19:27:47 | 129,731,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/25 08:34:22 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2011/08/22 20:18:23 | 000,041,906 | ---- | M] () -- C:\Documents and Settings\uriah\Desktop\62392338.gif
[2011/08/22 20:16:21 | 000,023,943 | ---- | M] () -- C:\Documents and Settings\uriah\Desktop\62392344.gif
[2011/08/22 20:16:17 | 000,033,114 | ---- | M] () -- C:\Documents and Settings\uriah\Desktop\62392339.gif
[2011/08/15 19:07:22 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/11 03:01:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 03:04:59 | 000,501,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/08/10 03:04:59 | 000,441,106 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 03:04:59 | 000,071,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/09 08:56:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 12:50:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\uriah\Desktop\gmer.exe
[2011/09/05 12:26:59 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\uriah\defogger_disable.log
[2011/09/05 12:26:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\uriah\defogger_reenable
[2011/09/05 10:51:54 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job
[2011/09/05 10:51:44 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job
[2011/09/05 10:51:43 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Defrag.job
[2011/09/05 10:51:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc.job
[2011/09/04 11:06:44 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 10:17:58 | 003,843,352 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\AdwareandSpywareEradicatorDemo.zip
[2011/09/04 09:29:13 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/09/04 09:29:12 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/09/03 21:04:07 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_81785.nl_
[2011/09/03 16:01:04 | 000,006,341 | ---- | C] () -- C:\Documents and Settings\uriah\Desktop\images.jpg
[2011/08/30 17:52:23 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2011/08/26 03:53:51 | 000,003,098 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/25 21:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4224955072
[2011/08/22 20:16:21 | 000,023,943 | ---- | C] () -- C:\Documents and Settings\uriah\Desktop\62392344.gif
[2011/08/22 20:16:17 | 000,033,114 | ---- | C] () -- C:\Documents and Settings\uriah\Desktop\62392339.gif
[2011/08/22 20:16:11 | 000,041,906 | ---- | C] () -- C:\Documents and Settings\uriah\Desktop\62392338.gif
[2011/08/02 14:24:42 | 000,002,088 | -HS- | C] () -- C:\Documents and Settings\uriah\Local Settings\Application Data\i14hd64b6tya0k4h310mlao0s7ab2l6c26040jgm
[2011/08/02 14:24:42 | 000,002,088 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\i14hd64b6tya0k4h310mlao0s7ab2l6c26040jgm
[2011/03/05 14:54:49 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2011/03/05 14:09:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2011/03/05 13:58:32 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2011/03/05 13:58:32 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2011/02/10 17:10:09 | 000,000,086 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2011/02/02 21:44:20 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/02/02 21:44:20 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/02/02 21:44:20 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/02 18:03:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/14 17:14:16 | 000,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/05/06 18:42:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/03/05 17:32:18 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\uriah\Application Data\88CCD5
[2010/03/05 17:32:17 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\uriah\Application Data\mcs.rma
[2010/01/31 21:25:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/01/29 17:17:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\uriah\Local Settings\Application Data\prvlcl.dat
[2010/01/02 13:25:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2009/11/27 11:04:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2009/10/17 23:22:10 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/09/16 16:12:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\uriah\Local Settings\Application Data\fusioncache.dat
[2009/07/09 03:47:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/18 16:30:16 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/06/18 16:30:16 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\F874CC469E.sys
[2009/06/05 09:37:41 | 000,004,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/03 19:52:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/06/03 17:13:41 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\uriah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/01 15:28:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/20 21:38:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/17 12:05:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009/05/17 12:05:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009/05/17 12:05:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009/05/17 12:05:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009/05/17 12:05:01 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009/05/17 12:05:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009/05/17 12:05:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009/05/17 12:05:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009/05/17 12:05:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009/05/17 12:00:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/05/17 11:08:04 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/05/17 10:53:51 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/05/17 10:53:51 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/05/17 10:53:50 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/05/17 10:53:50 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/05/17 10:53:04 | 000,044,993 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/05/17 10:52:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/05/17 10:52:31 | 000,035,285 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/05/17 10:52:30 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\4224955072:1062022148.exe
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

Attached Files


Edited by Uderr, 05 September 2011 - 12:21 PM.


BC AdBot (Login to Remove)

 


#2 Uderr

Uderr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 06 September 2011 - 03:12 PM

Well not to be ignorant because I know everyone that works on here are volunteers but honestly it's been over 24 hours with no reply. I didn't even get a reply from the help bot. Well just to update you all I throw one of my old IDE HDs in and slaved out the SATA so I can connect to the internet and download a good copy of Malwarebytes. Between that and Mcafee it found more files infected with backdoor.0access and quarantined them. I am in teh process of running more scans to make sure that nothing else was missed. I will update soon with a final report.

EDIT: Please be patient. There are over 130 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~Budapest

Edited by Budapest, 06 September 2011 - 04:30 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 06 September 2011 - 08:05 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Uderr

Uderr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 September 2011 - 10:29 AM

Ok ran Malwarebytes 3 times, Mcafee 4 times and AVG 4 times. They are all showing a cleared system. I run combofix off a usb drive cause the computer still is not connecting to the internet. It will not fix an infections cause the computer doesn't have Recovery console installed. I can install it cause of no internet connection and the dvd/cd drives are not working. The only way I have to transfer anything is through the usb drive. Next step please.

Edited by Uderr, 07 September 2011 - 10:31 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 07 September 2011 - 10:35 AM

let me have the combofix report - move it to the usb if needed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Uderr

Uderr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 September 2011 - 11:18 AM

ComboFix 11-09-07.04 - uriah 09/07/2011 11:48:59.1.3 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2938 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\uriah\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\uriah\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\uriah\Local Settings\Application Data\ApplicationHistory\MBKInstaller.exe.7de71b57.ini
c:\documents and settings\uriah\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\uriah\Local Settings\Application Data\ApplicationHistory\TurbineInvoker.exe.64e0f46.ini
c:\documents and settings\uriah\Local Settings\Application Data\ApplicationHistory\TurbineInvoker.exe.ccffdf2c.ini
c:\documents and settings\uriah\Local Settings\Application Data\ApplicationHistory\TurbineLauncher.exe.55d819bc.ini
c:\documents and settings\uriah\Local Settings\Application Data\ApplicationHistory\TurbineLauncher.exe.b804356.ini
C:\Install.exe
c:\windows\$NtUninstallKB60598$\3442089183
c:\windows\$NtUninstallKB60598$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_NPF
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-08-07 to 2011-09-07 )))))))))))))))))))))))))))))))
.
.
2011-09-07 14:42 . 2011-09-07 14:42 -------- d-----w- C:\New Folder
2011-09-06 00:39 . 2008-04-14 04:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-09-06 00:39 . 2008-04-14 04:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-05 21:04 . 2011-09-05 21:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2011-09-05 21:03 . 2011-09-05 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-09-05 19:15 . 2011-09-05 19:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PMB Files
2011-09-05 14:51 . 2011-09-05 14:51 -------- d-----w- c:\documents and settings\uriah\Application Data\DriverCure
2011-09-05 14:51 . 2011-09-05 14:51 -------- d-----w- c:\documents and settings\uriah\Application Data\SpeedMaxPc
2011-09-05 14:51 . 2011-09-05 14:51 -------- d-----w- c:\program files\Common Files\SpeedMaxPc
2011-09-05 14:51 . 2011-09-05 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2011-09-05 14:51 . 2011-09-05 14:51 -------- d-----w- c:\program files\SpeedMaxPc
2011-09-04 15:06 . 2011-09-05 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-09-04 14:36 . 2011-09-04 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2011-09-04 13:50 . 2011-09-04 13:50 -------- d-----w- c:\program files\Safer Networking
2011-09-04 13:28 . 2011-09-05 18:56 -------- d-----w- C:\rei
2011-09-04 13:28 . 2011-09-04 13:28 -------- d-----w- c:\program files\Reimage
2011-09-04 13:26 . 2011-09-04 13:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-09-04 01:04 . 2011-09-05 19:10 50112 --sha-w- c:\windows\system32\c_81785.nl_
2011-08-31 14:43 . 2011-09-04 00:47 -------- d-----w- c:\program files\Registry Defragmentation
2011-08-30 21:52 . 2011-02-08 18:58 1882104 ----a-w- c:\windows\system32\Codejock.Controls.v15.0.1.ocx
2011-08-30 21:52 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2011-08-30 21:52 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2011-08-30 21:52 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2011-08-30 21:52 . 2004-03-09 04:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-08-30 21:52 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2011-08-30 21:52 . 2011-08-30 21:52 -------- d-----w- c:\program files\Driver Magician
2011-08-27 17:09 . 2011-08-27 17:09 -------- d-----w- c:\program files\KRyLack Burning Suite
2011-08-27 17:08 . 2011-08-27 17:08 -------- d-----w- c:\documents and settings\uriah\Application Data\KRyLack Burning Suite
2011-08-25 23:12 . 2011-08-26 20:54 -------- d-----w- c:\documents and settings\uriah\Application Data\RIFT
2011-08-25 23:11 . 2011-09-01 16:01 -------- d-----w- c:\program files\RIFT Game
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 23:07 . 2011-05-14 15:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-05-17 14:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-01 15:38 . 2011-05-08 14:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
.
c:\windows\System32\wuauclt.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2010-10-01 1290240]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-01-03 5381632]
"Ai Nap"="c:\program files\ASUS\Ai Suite\Q-Button\QButton.exe" [2009-01-06 1961472]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"Six Engine"="c:\program files\ASUS\EPU\EPU.exe" [2009-01-03 4067840]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-29 273544]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNzE0MTA2MDg4LVY3ODYrMS1YTzM2KzEtVEI5KzItTjFEKzEtUEwrOS1DSUE5MCsyLVRVRyszLUNJUCsyLUREVCswLUxTRCsy&prod=55&ver=10.0.1392" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^uriah^Start Menu^Programs^Startup^SpeedPlexer.lnk]
path=c:\documents and settings\uriah\Start Menu\Programs\Startup\SpeedPlexer.lnk
backup=c:\windows\pss\SpeedPlexer.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2009-05-13 15:12 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-08-17 15:50 483144 ----a-w- c:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 20:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-06-29 23:16 1373480 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2009-09-17 08:30 1933381 ----a-w- c:\program files\Software Informer\softinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 22:00 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\SpeedMaxPc\\SpeedMaxPc\\speedmaxpc.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\ReimageRepair.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\Reimage.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"58014:TCP"= 58014:TCP:Pando Media Booster
"58014:UDP"= 58014:UDP:Pando Media Booster
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [5/17/2009 10:53 AM 86016]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [4/10/2011 4:00 PM 33280]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2010 12:13 PM 1684736]
S3 cpuz134;cpuz134;\??\c:\docume~1\uriah\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\uriah\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/15/2010 10:49 AM 23456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2/2/2011 9:44 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2/2/2011 9:44 PM 8456]
S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2010-05-13 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8266077465.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
.
2011-09-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1682526488-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1682526488-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-04 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-08-17 10:32]
.
2011-09-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 17:29]
.
2011-09-05 c:\windows\Tasks\SpeedMaxPc Defrag.job
- c:\program files\SpeedMaxPc\SpeedMaxPc\speedmaxpc.exe [2011-08-02 22:27]
.
2011-09-05 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2010-11-02 18:09]
.
2011-09-05 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2010-11-02 18:09]
.
2011-09-05 c:\windows\Tasks\SpeedMaxPc.job
- c:\program files\SpeedMaxPc\SpeedMaxPc\speedmaxpc.exe [2011-08-02 22:27]
.
2011-09-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-18 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=16794S&l=dis
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uriah\Application Data\Mozilla\Firefox\Profiles\yl2wkm0y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e6383f8&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Cognac - c:\docume~1\uriah\LOCALS~1\Temp\b.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-Aim Plugin for QQ Games - c:\program files\Tencent\QQ Games\Plugin\Uninstall.EXE
AddRemove-QQ BlackJack - c:\program files\Tencent\QQ Games\QQ BlackJack\Uninstall.EXE
AddRemove-QQ Bubble Arena - c:\program files\Tencent\QQ Games\QQ Bubble Arena\Uninstall.EXE
AddRemove-QQ Chess - c:\program files\Tencent\QQ Games\QQ Chess\Uninstall.EXE
AddRemove-QQ Games - c:\program files\Tencent\QQ Games\Uninstall.EXE
AddRemove-QQ Gold Sweeper - c:\program files\Tencent\QQ Games\QQ Gold Sweeper\Uninstall.EXE
AddRemove-QQ Hearts - c:\program files\Tencent\QQ Games\QQ Hearts\Uninstall.EXE
AddRemove-QQ Mah-jong - c:\program files\Tencent\QQ Games\QQ Mah-jong\Uninstall.EXE
AddRemove-QQ Match Master - c:\program files\Tencent\QQ Games\QQ Match Master\Uninstall.EXE
AddRemove-QQ Pool - c:\program files\Tencent\QQ Games\QQ Pool\Uninstall.EXE
AddRemove-QQ Puzzle Dasher - c:\program files\Tencent\QQ Games\QQ PuzzleDasher\Uninstall.EXE
AddRemove-QQ Robo - c:\program files\Tencent\QQ Games\QQ Robo\Uninstall.EXE
AddRemove-QQ Texas Hold'em - c:\program files\Tencent\QQ Games\QQ Texas Holdem\Uninstall.EXE
AddRemove-QQ Treasure Hunter - c:\program files\Tencent\QQ Games\QQ Treasure Hunter\Uninstall.EXE
AddRemove-SpeedPlexer - c:\program files\SpeedPlexer\speedplexer_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-07 12:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.AFS2K]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.cdrom]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.redbook]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\HP\Digital Imaging\bin\hpoevm08.exe
c:\program files\HP\Digital Imaging\Bin\hpoSTS08.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-09-07 12:12:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-07 16:12
.
Pre-Run: 1,238,007,238,656 bytes free
Post-Run: 1,238,668,582,912 bytes free
.
- - End Of File - - EE9E6579DFBD41D260D2F5D7AE7A544C

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 07 September 2011 - 11:27 AM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CMD
  • click ok

copy and paste each line into the window and press enter after each line


NETSH INT IP RESET reset.log

netsh winsock reset catalog

if this does not work then check if it is only the wireless not working by plugging into the modem




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Uderr

Uderr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 September 2011 - 11:37 AM

I ran both resets and it didn't fix it. This computer doesn't run on wireless. What next?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 07 September 2011 - 11:53 AM

This computer doesn't run on wireless

it doesn't have wireless installed or it doesn't connect thru the modem
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Uderr

Uderr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 September 2011 - 12:05 PM

No wireless installed. Strictly hard wired.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 07 September 2011 - 12:12 PM

what is the make and model of the computer?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Uderr

Uderr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 September 2011 - 12:14 PM

Custom built. I put an Asus M4A79T motherboard in it. You need all the specs for it?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 07 September 2011 - 12:37 PM

the network card is built into it or is it seperate


I want to reinstall the drivers for it that is where I am going


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Uderr

Uderr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 September 2011 - 01:46 PM

On board LAN. I tried that by transferring the drivers over to the usb stick right after I ran the virus scans. I didn't try it after the combofix tho. I can put the usb stick back in and try it again,

#15 Uderr

Uderr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 September 2011 - 01:54 PM

Ok removed the driver and reinstalled it and still getting the same "Aquiring network address. I can try switching out the patch cable between the computer and router.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users