Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes installs, but can't run


  • This topic is locked This topic is locked
23 replies to this topic

#1 DenaliAK

DenaliAK

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 29 September 2011 - 11:53 PM

Hello, I had Malwarebytes installed and run many times on this system and I started to see flickering screens and a very busy system. I started to run all of my antispyware programs and MBAM would not launch. Tried reinstall and then started going through the procedures outlined in the forum, by renaming, etc. none have allowed be to launch malwarebytes. I ran GMER and DDS and TDSSKiller. nothing from TDSSKiller nothing from Kaspersky labs and I believe nothing from ESET. DDS did not complete. I have no log from it. Here is the GMER log. The screen flickering I thought was related to a failing graphics card, but it might be related. Thanks for your help.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-29 17:12:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: H:\DOCUME~1\Admin\LOCALS~1\Temp\kxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA93ED640]

---- Kernel code sections - GMER 1.0.15 ----

.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB56E93A0, 0x8A1A15, 0xE8000020]
init H:\WINDOWS\system32\drivers\Ambfilt.sys entry point in "init" section [0xA95D6830]
init H:\WINDOWS\System32\Drivers\driverx.sys entry point in "init" section [0xABDF66FE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ H:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 04 October 2011 - 11:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421217 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 10 October 2011 - 12:00 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 21 October 2011 - 12:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DenaliAK

DenaliAK
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 21 October 2011 - 09:20 AM

Hi gringo, it is me again. I infected the new XP op sys. I dont know if it was through the previous rootkit in the win2k system I had. I had to xfer a few files from the older system. I never connected the disks in the same system. here are hte logs. Thank You. I loaded and ran AVG. It had a problem with one file, an application, that I have run before and it tagged it as a Downloader.Generic11.ADTP trojan. Online searches say that this is sometimes a false positive. I wonder if they have found there way in through this?

OTL logfile created on: 10/21/2011 9:08:56 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = H:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.84% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.13% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 223.58 Gb Total Space | 108.05 Gb Free Space | 48.32% Space Free | Partition Type: NTFS

Computer Name: FTL18 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - H:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - H:\Documents and Settings\Admin\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Macrovision Europe Ltd.)
PRC - H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - H:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
PRC - H:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - H:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - H:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe (Creative Technology Ltd)
PRC - H:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - H:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - H:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - H:\WINDOWS\AMBDEF.EXE (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - H:\Documents and Settings\Admin\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~df394b.tmp ()
MOD - H:\Documents and Settings\Admin\Local Settings\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~de6248.tmp ()
MOD - H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - H:\WINDOWS\system32\AMBSPI.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- H:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (!SASCORE) -- H:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (nvUpdatusService) -- H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (avgwd) -- H:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CTAudSvcService) -- H:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (Avgrkx86) -- H:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- H:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- H:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgtdix) -- H:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- H:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- H:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- H:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- H:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- H:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SiWinAcc) -- H:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- H:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- H:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Si3124r5) -- H:\WINDOWS\system32\drivers\Si3124r5.sys (Silicon Image, Inc)
DRV - (mv61xx) -- H:\WINDOWS\system32\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- H:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AmbFilt) -- H:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (XilinxFirmwarePusb2Loader) -- H:\WINDOWS\system32\drivers\xusb_xp2.sys (Xilinx, Inc.)
DRV - (yukonwxp) -- H:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (speedfan) -- H:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (WinDriver6) -- H:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (XilinxPC4Driver) -- H:\WINDOWS\System32\drivers\XPC4DRVR.SYS (Xilinx, Inc.)
DRV - (MTsensor) -- H:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (MarvinBus) -- H:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2k) -- H:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (EZUSB) Cypress General Purpose USB Driver (ezusb.sys) -- H:\WINDOWS\system32\drivers\ezusb.sys (cypress semiconductor)
DRV - (DRVXUSB) -- H:\WINDOWS\system32\drivers\drvxusb.sys (Tetradyne Software, Inc.)
DRV - (PCLEPCI) -- H:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (ADIDILDR) -- H:\WINDOWS\system32\drivers\adidildr.sys (anchor chips)
DRV - (DriverX) -- H:\WINDOWS\System32\Drivers\driverx.sys (Microsoft Corporation)
DRV - (giveio) -- H:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/20 21:57:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AMBDef] H:\WINDOWS\AMBDEF.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSyncService] H:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] H:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [UpdReg] H:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] H:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D1B3E08-DCB1-429F-9BCB-5141F055F06B}: DhcpNameServer = 192.168.0.1 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{452F1CDD-20B7-49A9-9B97-F42EC5E0BD34}: NameServer = 192.168.0.1,0.0.0.0
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) -H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d6a814dd-cf6a-11e0-9838-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d6a814dd-cf6a-11e0-9838-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6a814dd-cf6a-11e0-9838-806d6172696f}\Shell\AutoRun\command - "" = G:\.\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 09:07:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/10/20 22:28:43 | 000,000,000 | -H-D | C] -- H:\$AVG
[2011/10/20 22:07:45 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Application Data\AVG2012
[2011/10/20 21:57:39 | 000,000,000 | -H-D | C] -- H:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/20 21:57:30 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/10/20 21:56:51 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/20 21:56:51 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\drivers\AVG
[2011/10/20 21:56:30 | 000,000,000 | ---D | C] -- H:\Program Files\AVG
[2011/10/20 21:51:51 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- H:\Documents and Settings\Admin\Desktop\tdsskiller.exe
[2011/10/20 21:48:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/20 21:17:33 | 000,607,260 | R--- | C] (Swearware) -- H:\Documents and Settings\Admin\Desktop\dds2.scr
[2011/09/29 16:37:43 | 000,607,260 | R--- | C] (Swearware) -- H:\Documents and Settings\Admin\Desktop\dds.scr
[2011/09/29 13:44:11 | 000,000,000 | RHSD | C] -- H:\cmdcons
[2011/09/29 13:42:01 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERDNT
[2011/09/29 13:41:54 | 000,000,000 | R--D | C] -- H:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2011/09/29 13:39:11 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Local Settings\Application Data\Google
[2011/09/29 13:39:11 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Application Data\Google
[2011/09/29 13:20:57 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2011/09/29 13:20:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/09/29 12:41:17 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Mal
[2011/09/29 12:41:14 | 000,000,000 | ---D | C] -- H:\Program Files\Mal
[2011/09/29 12:26:34 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/29 12:26:33 | 000,000,000 | ---D | C] -- H:\Program Files\CCleaner
[2011/09/29 12:25:44 | 000,000,000 | ---D | C] -- H:\Program Files\Google
[2011/09/29 12:25:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Google
[2011/09/27 08:58:50 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\Application Data\Canon
[2011/09/27 08:57:13 | 000,015,104 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\usbscan.sys
[2011/09/22 23:43:31 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\My Documents\compactflash ml401
[2011/09/21 20:15:28 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Admin\My Documents\hp16500A
[2011/09/21 15:10:25 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\XPSViewer
[2011/09/21 15:10:23 | 000,000,000 | ---D | C] -- H:\Program Files\MSBuild
[2011/09/21 15:10:19 | 000,000,000 | ---D | C] -- H:\Program Files\Reference Assemblies
[2011/09/21 15:09:35 | 000,117,760 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\prntvpt.dll
[2011/09/21 15:09:34 | 001,676,288 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\xpssvcs.dll
[2011/09/21 15:09:34 | 001,676,288 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/09/21 15:09:34 | 000,597,504 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/09/21 15:09:34 | 000,575,488 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/09/21 15:09:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/09/21 15:09:34 | 000,000,000 | ---D | C] -- H:\3c3930328a6058d7a92c0014b4
[2011/09/21 13:36:27 | 000,000,000 | ---D | C] -- H:\WINDOWS\Minidump
[3 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/21 09:08:20 | 107,005,122 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/21 09:07:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/10/21 09:04:42 | 000,000,896 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/21 09:04:37 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2011/10/20 23:26:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/20 21:57:30 | 000,000,702 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/20 21:51:57 | 000,000,145 | ---- | M] () -- H:\Documents and Settings\Admin\Desktop\rootkit problems - Help very much appreciated - Malwarebytes Forum.url
[2011/10/20 21:51:51 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- H:\Documents and Settings\Admin\Desktop\tdsskiller.exe
[2011/10/20 21:17:58 | 000,607,260 | R--- | M] (Swearware) -- H:\Documents and Settings\Admin\Desktop\dds2.scr
[2011/10/20 10:10:00 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2011/10/04 18:13:46 | 000,000,100 | -H-- | M] () -- H:\WINDOWS\mti_enc
[2011/10/04 18:13:46 | 000,000,007 | -H-- | M] () -- H:\WINDOWS\mti_enc2
[2011/10/04 18:13:46 | 000,000,001 | -H-- | M] () -- H:\WINDOWS\System32\m3.dll
[2011/09/29 23:41:08 | 000,000,000 | ---- | M] () -- H:\Documents and Settings\Admin\defogger_reenable
[2011/09/29 23:40:58 | 000,050,477 | ---- | M] () -- H:\Documents and Settings\Admin\Desktop\Defogger.exe
[2011/09/29 16:37:47 | 000,607,260 | R--- | M] (Swearware) -- H:\Documents and Settings\Admin\Desktop\dds.scr
[2011/09/29 14:34:13 | 000,294,216 | ---- | M] () -- H:\Documents and Settings\Admin\Desktop\gmer.zip
[2011/09/29 13:44:13 | 000,000,327 | RHS- | M] () -- H:\boot.ini
[2011/09/29 13:10:49 | 000,035,712 | ---- | M] () -- H:\WINDOWS\System32\drivers\BlackBox.sys
[2011/09/29 13:04:19 | 000,001,019 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/29 12:26:34 | 000,000,682 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/29 09:28:32 | 000,280,276 | ---- | M] () -- H:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/29 09:28:32 | 000,000,001 | ---- | M] () -- H:\WINDOWS\System32\nvdrssel.bin
[2011/09/29 09:28:18 | 000,280,276 | ---- | M] () -- H:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/27 08:54:36 | 000,001,783 | ---- | M] () -- H:\Documents and Settings\Admin\Desktop\CanoScan Toolbox 4.9.lnk
[2011/09/22 22:36:52 | 000,433,038 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2011/09/22 22:36:52 | 000,067,688 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2011/09/21 19:20:47 | 000,114,176 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[3 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 09:08:20 | 107,005,122 | ---- | C] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/20 21:57:30 | 000,000,702 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/20 21:51:57 | 000,000,145 | ---- | C] () -- H:\Documents and Settings\Admin\Desktop\rootkit problems - Help very much appreciated - Malwarebytes Forum.url
[2011/09/29 23:41:08 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Admin\defogger_reenable
[2011/09/29 23:40:49 | 000,050,477 | ---- | C] () -- H:\Documents and Settings\Admin\Desktop\Defogger.exe
[2011/09/29 14:34:30 | 000,302,592 | ---- | C] () -- H:\Documents and Settings\Admin\Desktop\gmer.exe
[2011/09/29 14:34:11 | 000,294,216 | ---- | C] () -- H:\Documents and Settings\Admin\Desktop\gmer.zip
[2011/09/29 13:44:13 | 000,260,272 | RHS- | C] () -- H:\cmldr
[2011/09/29 13:44:13 | 000,000,210 | ---- | C] () -- H:\Boot.bak
[2011/09/29 13:21:55 | 000,000,886 | ---- | C] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/29 13:10:49 | 000,035,712 | ---- | C] () -- H:\WINDOWS\System32\drivers\BlackBox.sys
[2011/09/29 12:26:34 | 000,000,682 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/29 12:26:21 | 000,000,896 | ---- | C] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 08:54:36 | 000,001,783 | ---- | C] () -- H:\Documents and Settings\Admin\Desktop\CanoScan Toolbox 4.9.lnk
[2011/08/30 20:40:16 | 000,021,504 | ---- | C] () -- H:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 20:16:09 | 000,502,784 | ---- | C] () -- H:\WINDOWS\x2.64.exe
[2011/08/30 20:16:09 | 000,240,128 | ---- | C] () -- H:\WINDOWS\System32\x.264.exe
[2011/08/30 20:16:09 | 000,217,073 | ---- | C] () -- H:\WINDOWS\meta4.exe
[2011/08/30 20:16:09 | 000,066,560 | ---- | C] () -- H:\WINDOWS\MOTA113.exe
[2011/08/30 20:16:09 | 000,027,648 | ---- | C] () -- H:\WINDOWS\System32\AVSredirect.dll
[2011/08/30 19:54:40 | 000,000,017 | ---- | C] () -- H:\WINDOWS\MovingPicture.ini
[2011/08/30 18:58:57 | 000,406,016 | ---- | C] () -- H:\WINDOWS\System32\PSDrvCheck.exe
[2011/08/30 18:56:57 | 000,000,063 | ---- | C] () -- H:\WINDOWS\PixieTool.INI
[2011/08/28 09:31:39 | 000,000,000 | ---- | C] () -- H:\WINDOWS\Bench32.INI
[2011/08/27 00:03:37 | 000,000,135 | ---- | C] () -- H:\WINDOWS\System32\AddPort.ini
[2011/08/27 00:03:35 | 000,003,399 | ---- | C] () -- H:\WINDOWS\System32\hptcpmon.ini
[2011/08/27 00:03:12 | 011,194,368 | ---- | C] () -- H:\WINDOWS\System32\zhhp_res.dll
[2011/08/27 00:03:12 | 000,749,568 | ---- | C] () -- H:\WINDOWS\System32\agissi.dll
[2011/08/27 00:03:12 | 000,352,256 | ---- | C] () -- H:\WINDOWS\System32\zshp2600.exe
[2011/08/27 00:03:12 | 000,299,008 | ---- | C] () -- H:\WINDOWS\System32\zhhp2600.exe
[2011/08/26 23:42:25 | 000,001,464 | ---- | C] () -- H:\WINDOWS\hpntwksetup.ini
[2011/08/26 10:06:53 | 000,000,001 | -H-- | C] () -- H:\WINDOWS\System32\m3.dll
[2011/08/26 01:02:37 | 000,280,276 | ---- | C] () -- H:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/26 01:02:37 | 000,280,276 | ---- | C] () -- H:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/26 01:02:37 | 000,000,001 | ---- | C] () -- H:\WINDOWS\System32\nvdrssel.bin
[2011/08/26 01:02:29 | 002,128,778 | ---- | C] () -- H:\WINDOWS\System32\nvdata.data
[2011/08/26 00:38:32 | 000,008,488 | R--- | C] () -- H:\WINDOWS\System32\CTSBAMB.INI
[2011/08/25 23:39:25 | 000,041,748 | ---- | C] () -- H:\WINDOWS\Ascd_log.ini
[2011/08/25 23:39:13 | 000,005,810 | R--- | C] () -- H:\WINDOWS\System32\drivers\ASACPI.sys
[2011/08/25 23:38:50 | 000,041,322 | ---- | C] () -- H:\WINDOWS\Ascd_tmp.ini
[2011/08/25 23:38:50 | 000,010,296 | ---- | C] () -- H:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/08/25 23:24:52 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat
[2011/08/25 23:19:33 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat
[2011/08/25 17:48:38 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2011/08/25 17:46:23 | 000,114,176 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/15 21:13:00 | 000,172,544 | ---- | C] () -- H:\WINDOWS\System32\AMBSPI.DLL
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- H:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,755,200 | ---- | C] () -- H:\WINDOWS\System32\ir50_32.dll
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- H:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,433,038 | ---- | C] () -- H:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,338,432 | ---- | C] () -- H:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- H:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- H:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 07:00:00 | 000,183,808 | ---- | C] () -- H:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 07:00:00 | 000,120,320 | ---- | C] () -- H:\WINDOWS\System32\ir41_qc.dll
[2008/04/14 07:00:00 | 000,067,688 | ---- | C] () -- H:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- H:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- H:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- H:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- H:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- H:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- H:\WINDOWS\System32\noise.dat
[2004/03/18 08:44:29 | 001,663,068 | ---- | C] () -- H:\WINDOWS\System32\libmmd.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- H:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

< >

< >

< End of report >

OTL Extras logfile created on: 10/21/2011 9:08:56 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = H:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.84% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.13% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 223.58 Gb Total Space | 108.05 Gb Free Space | 48.32% Space Free | Partition Type: NTFS

Computer Name: FTL18 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"H:\hp_printer_2600\SETUP.EXE" = H:\hp_printer_2600\SETUP.EXE:*:Enabled:Setup -- (Zenographics)
"H:\Xilinx8.1\java\nt\jre\bin\java.exe" = H:\Xilinx8.1\java\nt\jre\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"H:\Program Files\Java\jre6\bin\java.exe" = H:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"H:\Program Files\AVG\AVG2012\avgnsx.exe" = H:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG2012\avgdiagex.exe" = H:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG2012\avgmfapx.exe" = H:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG2012\avgemcx.exe" = H:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5E79C4-00C8-45F5-AA3F-5F1F1618D34A}" = uVision2
"{0B9545A0-22A4-11D4-979F-00A0CCE6D4BD}" = Cypress EZ-USB, FX, FX2, SX2, and EZ-811 Dev Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A94E148-9C8B-4FE9-99DD-93072F99BE20}" = Sound Blaster X-Fi MB
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{6D108FE5-A95B-47F8-9E2F-9267E4FCF5B3}" = DEPL Evaluation Software
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Hollywood FX" = Pinnacle Hollywood FX

"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MTI ModelSim XE III 6.0d Deinstall Key" = ModelSim XE III 6.0d
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QuickTime" = QuickTime
"SpeedFan" = SpeedFan (remove only)
"SUPER " = SUPER Version 2008.bld.33 (Sep 2, 2008)
"WinRAR archiver" = WinRAR archiver
"Xilinx ISE 8.1i" = Xilinx ISE 8.1i

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/13/2011 10:37:17 AM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application hotdog65install.exe, version 6.5.0.8, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2011 10:38:46 AM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application hotdog65install.exe, version 6.5.0.8, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2011 7:07:53 PM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application _pn.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2011 6:00:52 PM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application _pn.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2011 11:19:50 AM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application _pn.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2011 11:34:42 AM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application _pn.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2011 10:13:46 PM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application _pn.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2011 9:18:34 AM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application _pn.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/29/2011 10:01:32 AM | Computer Name = FTL18 | Source = Application Hang | ID = 1002
Description = Hanging application _pn.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/29/2011 2:45:03 PM | Computer Name = FTL18 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

[ System Events ]
Error - 9/15/2011 10:58:43 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/15/2011 10:58:43 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/15/2011 10:58:43 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/15/2011 10:58:43 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/15/2011 10:58:43 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/15/2011 11:00:53 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 9/15/2011 11:00:53 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7000
Description = The DriverX service failed to start due to the following error: %%2

Error - 9/15/2011 11:05:15 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 9/16/2011 1:35:29 AM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 9/17/2011 2:59:31 PM | Computer Name = FTL18 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2


< End of report >

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 21 October 2011 - 12:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DenaliAK

DenaliAK
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 21 October 2011 - 08:23 PM

I was unable to run combofix. I made sure that antivirus was turned off and I had installed AVG. I uninstalled AVG. and tried again no luck. I ran rkill and tried again still not able to run combofix.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 21 October 2011 - 09:22 PM

what does it do or what happens

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DenaliAK

DenaliAK
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 21 October 2011 - 11:22 PM

i'm sorry I realized I didn't explain completely. Combofix starts and gets to blue box and never completes any of the stages. I waited an hour and up to 1-1/2 hr to see if it would continue. It did a backup of registry. last message is ---> "however, scan times for baddly....". the computer will not stop or restart. I have to powercycle. Do I need to wait alot longer? Thanks.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 22 October 2011 - 02:55 AM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DenaliAK

DenaliAK
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 22 October 2011 - 08:45 AM

It ran, great. log file follows.

ComboFix 11-10-21.06 - Admin 10/22/2011 8:38.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1583 [GMT -5:00]
Running from: h:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: /nombr
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
h:\program files\Malwarebytes' Anti-Malware\dodo.bat
h:\program files\Malwarebytes' Anti-Malware\todo.bat
h:\windows\system32\m3.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-09-29 18:39 . 2011-09-29 18:39 -------- d-----w- h:\documents and settings\Admin\Local Settings\Application Data\Google
2011-09-29 18:20 . 2011-09-29 18:21 -------- d-----w- h:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-09-29 18:20 . 2011-09-29 18:21 -------- d-----w- h:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-09-29 18:10 . 2011-09-29 18:10 35712 ----a-w- h:\windows\system32\drivers\BlackBox.sys
2011-09-29 17:41 . 2011-09-29 17:42 -------- d-----w- h:\program files\Mal
2011-09-29 17:26 . 2011-09-29 17:26 -------- d-----w- h:\program files\CCleaner
2011-09-29 17:25 . 2011-09-29 17:26 -------- d-----w- h:\program files\Google
2011-09-29 14:57 . 2011-09-29 15:08 -------- d-----w- h:\documents and settings\Administrator
2011-09-27 13:58 . 2011-09-27 13:58 -------- d-----w- h:\documents and settings\Admin\Application Data\Canon
2011-09-27 13:57 . 2008-04-14 05:15 15104 -c--a-w- h:\windows\system32\dllcache\usbscan.sys
2011-09-27 13:57 . 2008-04-14 05:15 15104 ----a-w- h:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-11 22:30 . 2011-09-11 22:30 404640 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- h:\windows\system32\crypt32.dll
2011-08-26 13:11 . 2011-08-26 13:11 73728 ----a-w- h:\windows\system32\javacpl.cpl
2011-08-26 13:11 . 2011-08-26 13:11 472808 ----a-w- h:\windows\system32\deployJava1.dll
2011-08-26 05:38 . 2011-08-26 05:38 413696 ----a-w- h:\windows\system32\wrap_oal.dll
2011-08-26 05:38 . 2011-08-26 05:38 110592 ----a-w- h:\windows\system32\OpenAL32.dll
2011-08-03 11:49 . 2011-08-26 06:02 600680 ----a-w- h:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-08-26 06:02 54272 ----a-w- h:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-08-26 06:02 146024 ----a-w- h:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-08-26 06:02 145000 ----a-w- h:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-08-26 06:02 13892200 ----a-w- h:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-08-26 06:02 111208 ----a-w- h:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2011-08-26 06:02 61440 ----a-w- h:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-08-26 06:02 914024 ----a-w- h:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2011-08-26 06:02 875112 ----a-w- h:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2011-08-26 06:02 5427200 ----a-w- h:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-08-26 06:02 4210816 ----a-w- h:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2011-08-26 06:02 2404864 ----a-w- h:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-08-26 06:02 2387560 ----a-w- h:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-08-26 06:02 2090088 ----a-w- h:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-08-26 06:02 17186816 ----a-w- h:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-08-26 06:02 16191488 ----a-w- h:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2011-08-26 06:02 12542592 ----a-w- h:\windows\system32\drivers\nv4_mini.sys
2006-05-03 09:06 163328 --sh--r- h:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- h:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- h:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-21 4615552]
"swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="h:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]
"VolPanel"="h:\program files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-02-11 221288]
"AMBDef"="AMBDef.exe" [2008-01-24 53248]
"UpdReg"="h:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTSyncService"="h:\program files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe" [2008-04-17 1233196]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"nwiz"="h:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PinnacleDriverCheck"="h:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2011-08-31 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFFVEwtUVg0SlAtVDM5RE4tQTNDSlgtT1RQVzMtSQ&inst=NzYtOTUxNzExOTg3LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1831&mid=a407a4242d9347d1a86ed16b537c632f-e8ba9100b3bbcde0cc418dffd83e5fee137ede31" [?]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- h:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"h:\\hp_printer_2600\\SETUP.EXE"=
"h:\\Xilinx8.1\\java\\nt\\jre\\bin\\java.exe"=
"h:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R0 mv61xx;mv61xx;h:\windows\system32\drivers\mv61xx.sys [8/26/2011 12:36 AM 150568]
R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;h:\windows\system32\drivers\Si3124r5.sys [8/23/2011 9:44 AM 216616]
R0 SiWinAcc;SiWinAcc;h:\windows\system32\drivers\SiWinAcc.sys [8/23/2011 9:44 AM 17064]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;h:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 DriverX;DriverX;h:\windows\system32\drivers\Driverx.sys [6/11/2001 10:01 PM 52512]
R2 nvUpdatusService;NVIDIA Update Service Daemon;h:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/26/2011 1:03 AM 2255464]
R3 AmbFilt;AmbFilt;h:\windows\system32\drivers\Ambfilt.sys [8/26/2011 12:00 AM 1683712]
S2 EZUSB;Cypress General Purpose USB Driver (ezusb.sys);h:\windows\system32\drivers\ezusb.sys [9/17/2011 4:01 PM 27507]
S2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [9/29/2011 12:26 PM 136176]
S3 ADIDILDR;%SERVICEDESCR%;h:\windows\system32\drivers\adidildr.sys [3/18/2002 11:20 AM 15006]
S3 cpuz129;cpuz129;\??\h:\docume~1\Admin\LOCALS~1\Temp\cpuz_x32.sys --> h:\docume~1\Admin\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 DRVXUSB;DRVXUSB;h:\windows\system32\drivers\drvxusb.sys [9/5/2002 9:42 AM 348192]
S3 gupdatem;Google Update Service (gupdatem);h:\program files\Google\Update\GoogleUpdate.exe [9/29/2011 12:26 PM 136176]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;h:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [8/26/2011 12:36 AM 79360]
S3 XilinxFirmwarePusb2Loader;XilinxFirmwarePusb2Loader;h:\windows\system32\drivers\xusb_xp2.sys [8/30/2011 12:33 AM 17920]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 17:26]
.
2011-10-22 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 17:26]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - h:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: Interfaces\{452F1CDD-20B7-49A9-9B97-F42EC5E0BD34}: NameServer = 192.168.0.1,0.0.0.0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 08:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AMBDef = AMBDef.exe?|?????$?|U$?|???????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
h:\program files\SUPERAntiSpyware\SASWINLO.DLL
h:\windows\system32\WININET.dll
.
Completion time: 2011-10-22 08:41:11
ComboFix-quarantined-files.txt 2011-10-22 13:41
.
Pre-Run: 116,129,591,296 bytes free
Post-Run: 116,825,554,944 bytes free
.
- - End Of File - - FA9DD5A0CC820ABA95CA31A9B411CD0B

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 22 October 2011 - 12:18 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DenaliAK

DenaliAK
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 22 October 2011 - 03:06 PM

Here it is> Thank You.

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements
Adobe Reader X (10.1.1)
Adobe SVG Viewer
Canon CanoScan Toolbox 4.9
CCleaner
Color LaserJet 2600n
Creative MediaSource 5
Cypress EZ-USB, FX, FX2, SX2, and EZ-811 Dev Kit
DEPL Evaluation Software
Google Toolbar for Internet Explorer
Google Update Helper
Hollywood FX 5.5 Additional Effects
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java Auto Updater
Java™ 6 Update 27
Malwarebytes' Anti-Malware version 1.51.1.1800
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
ModelSim XE III 6.0d
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 280.26
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA nView 135.94
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.4.28
NVIDIA Update Components
Pinnacle Hollywood FX
Pinnacle Hollywood FX for Studio
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SmartSound Quicktracks Plugin
Sound Blaster X-Fi MB
SoundMAX
SpeedFan (remove only)
Studio 9
Studio 9 Content CD/DVD
SUPER Version 2008.bld.33 (Sep 2, 2008)
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uVision2
WebFldrs XP
Windows Internet Explorer 8
WinRAR archiver
Xilinx ISE 8.1i

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 22 October 2011 - 03:51 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 DenaliAK

DenaliAK
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 22 October 2011 - 05:10 PM

MBAM would not run after doing the TFC. Tried icon and under programs. IE 8 has a weird scolling thing going. might be something else or from some reset of IE8, asked me If I wanted to make IE my default browser. It already was though?

I did the Hijackthis and here is the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:05:36 PM, on 10/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Creative\Shared Files\CTAudSvc.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
H:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\DOCUME~1\Admin\LOCALS~1\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\SUPERAntiSpyware\SASCORE.EXE
H:\WINDOWS\system32\CTsvcCDA.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\msiexec.exe
H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VolPanel] "H:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AMBDef] AMBDef.exe
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSyncService] "H:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe" /StartRunKey
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] H:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFFVEwtUVg0SlAtVDM5RE4tQTNDSlgtT1RQVzMtSQ"&"inst=NzYtOTUxNzExOTg3LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=a407a4242d9347d1a86ed16b537c632f-e8ba9100b3bbcde0cc418dffd83e5fee137ede31
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{452F1CDD-20B7-49A9-9B97-F42EC5E0BD34}: NameServer = 192.168.0.1,0.0.0.0
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - H:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - H:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - H:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe

--
End of file - 6869 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users