Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with rootkit/malware combination


  • This topic is locked This topic is locked
48 replies to this topic

#1 BradRHS08

BradRHS08

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 17 February 2012 - 04:43 PM

This all started happening about a week ago. Some of these things seem to have stopped, but I'll list them here anyway, in case they come back.

- Both Firefox and IE frequently crashed.
- Sometimes I could not update or use MBAM or SuperAntiSpyware. AVG I could use, but it would constantly prompt me to restart to update it but it would never do any good. When I tried to remove it from my computer, it wouldn't let me until I used a special remover program. Same thing with DivX setup.
- Any anti-virus program I used, the threats would just regenerate themselves. Hundreds of Adware Tracking Cookies and quite a few Trojans among them. I imagine the rootkits figure in here as well
- A few times, after using SAS, I could not reboot my computer in order to complete the process- I had to manually turn it off
- A few other times, I couldn't even get into IE or Firefox, getting messages that "the file is missing or corrupt"
- Even though I removed AVG from my computer, I cannot remove the Secure Search
I'm sure there are others, but those are the main ones I worry about
If you have any questions about any of this, let me know and I'll try to give some more specific examples

Here's my DDS log, and the other two logs are attached

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 0:39:22 on 2012-02-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.187 [GMT -6:00]
.
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{13CF7D48-E5EF-4AF9-A393-1239010E9764} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\39mw2217.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcc098e&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-15 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-15 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-2-15 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-15 74640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-12 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-8 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-12 136176]
.
=============== Created Last 30 ================
.
2012-02-17 03:53:49 -------- d-----w- c:\program files\VS Revo Group
2012-02-16 06:22:28 -------- d-----w- c:\windows\system32\NtmsData
2012-02-16 05:56:55 -------- d-----w- c:\documents and settings\owner\application data\AskToolbar
2012-02-16 05:54:28 -------- d-----w- c:\documents and settings\owner\application data\AVG2012
2012-02-16 04:05:36 -------- d-----w- c:\documents and settings\owner\application data\Avira
2012-02-16 04:03:24 -------- d-----w- c:\program files\Ask.com
2012-02-16 04:03:18 -------- d-----w- c:\documents and settings\owner\local settings\application data\AskToolbar
2012-02-16 04:02:16 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-16 04:02:15 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-16 04:02:05 -------- d-----w- c:\program files\Avira
2012-02-16 04:02:05 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-02-16 01:57:16 -------- d-----w- c:\program files\ESET
2012-02-16 01:26:20 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 01:26:20 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 02:59:27 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-02-15 02:59:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-15 02:59:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 02:59:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-15 01:35:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-14 20:59:20 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-14 20:59:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-14 20:59:18 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-14 20:59:18 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-14 20:59:18 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-14 20:59:18 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-14 20:59:17 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-14 20:59:17 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-14 20:59:17 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-14 20:59:17 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-14 20:59:16 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-14 20:59:16 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-11 23:47:20 -------- d-----w- c:\documents and settings\owner\application data\TeamViewer
2012-02-11 23:19:40 -------- d-----w- c:\documents and settings\all users\Application DataMicrosoftProvisioning
2012-02-11 23:19:40 -------- d-----w- c:\documents and settings\all users\Application DataMicrosoft
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 0:40:31.25 ===============

Attached Files


Edited by BradRHS08, 17 February 2012 - 05:03 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 19 February 2012 - 01:19 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 19 February 2012 - 09:09 PM

OK, will do

#4 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 20 February 2012 - 04:58 AM

Here's the ComboFix log. It gave me a spot of trouble after it was done, disabling both my Firewall and Internet connection. I restarted several times to no avail, I re-ran CF once more (it told me to do that if rebooting didn't work) and even futilely deleted CF from my computer. I started panicking until I remembered System Restore. Dummy me.

Anyway, here ya go:

Attached Files



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 20 February 2012 - 11:59 AM

I'm not sure I understand - Did you run System Restore after you ran ComboFix?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 20 February 2012 - 02:20 PM

Yes, that's right. Should I not have done that?

#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 20 February 2012 - 05:43 PM

It shouldn't have hurt anything, but it may have restored the malware that ComboFix removed. Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt log and paste it into your next post, (I don't need to see Extras.txt).
Please include the following in your next post:
  • TDSSKiller log
  • OTL.txt log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 20 February 2012 - 07:50 PM

Oh OK. There just didn't seem to be any other way to turn my firewall and Internet connection back on.

I already have TDSSKiller, but I'll download the other thing and do them both now

#9 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 20 February 2012 - 08:14 PM

TDSSKiller log (if this isn't the right one let me know, there's four others)

18:54:53.0826 3900 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
18:54:54.0310 3900 ============================================================
18:54:54.0310 3900 Current date / time: 2012/02/20 18:54:54.0310
18:54:54.0310 3900 SystemInfo:
18:54:54.0310 3900
18:54:54.0310 3900 OS Version: 5.1.2600 ServicePack: 3.0
18:54:54.0326 3900 Product type: Workstation
18:54:54.0326 3900 ComputerName: PCHOME
18:54:54.0326 3900 UserName: Owner
18:54:54.0326 3900 Windows directory: C:\WINDOWS
18:54:54.0326 3900 System windows directory: C:\WINDOWS
18:54:54.0326 3900 Processor architecture: Intel x86
18:54:54.0326 3900 Number of processors: 1
18:54:54.0326 3900 Page size: 0x1000
18:54:54.0326 3900 Boot type: Normal boot
18:54:54.0326 3900 ============================================================
18:54:55.0420 3900 Drive \Device\Harddisk0\DR0 - Size: 0x1296055200 (74.34 Gb), SectorSize: 0x200, Cylinders: 0x25E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:54:55.0420 3900 \Device\Harddisk0\DR0:
18:54:55.0420 3900 MBR used
18:54:55.0420 3900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94AC3A9
18:54:55.0576 3900 Initialize success
18:54:55.0576 3900 ============================================================
18:55:01.0716 3444 ============================================================
18:55:01.0716 3444 Scan started
18:55:01.0716 3444 Mode: Manual; TDLFS;
18:55:01.0716 3444 ============================================================
18:55:02.0529 3444 .avgtdix - ok
18:55:02.0685 3444 Abiosdsk - ok
18:55:02.0716 3444 abp480n5 - ok
18:55:02.0810 3444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:55:02.0810 3444 ACPI - ok
18:55:02.0841 3444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:55:02.0841 3444 ACPIEC - ok
18:55:02.0873 3444 adpu160m - ok
18:55:02.0935 3444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:55:02.0935 3444 aec - ok
18:55:02.0998 3444 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:55:03.0013 3444 AFD - ok
18:55:03.0138 3444 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:55:03.0154 3444 AgereSoftModem - ok
18:55:03.0170 3444 Aha154x - ok
18:55:03.0185 3444 aic78u2 - ok
18:55:03.0201 3444 aic78xx - ok
18:55:03.0232 3444 AliIde - ok
18:55:03.0326 3444 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
18:55:03.0341 3444 Ambfilt - ok
18:55:03.0373 3444 amsint - ok
18:55:03.0451 3444 AR5211 (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ar5211.sys
18:55:03.0466 3444 AR5211 - ok
18:55:03.0591 3444 asc - ok
18:55:03.0623 3444 asc3350p - ok
18:55:03.0654 3444 asc3550 - ok
18:55:03.0763 3444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:55:03.0763 3444 AsyncMac - ok
18:55:03.0810 3444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:55:03.0810 3444 atapi - ok
18:55:03.0826 3444 Atdisk - ok
18:55:03.0966 3444 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:55:03.0998 3444 ati2mtag - ok
18:55:04.0045 3444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:55:04.0045 3444 Atmarpc - ok
18:55:04.0170 3444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:55:04.0170 3444 audstub - ok
18:55:04.0232 3444 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:55:04.0232 3444 avgntflt - ok
18:55:04.0310 3444 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:55:04.0310 3444 avipbb - ok
18:55:04.0341 3444 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:55:04.0341 3444 avkmgr - ok
18:55:04.0373 3444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:55:04.0373 3444 Beep - ok
18:55:04.0451 3444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:55:04.0451 3444 cbidf2k - ok
18:55:04.0466 3444 cd20xrnt - ok
18:55:04.0498 3444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:55:04.0498 3444 Cdaudio - ok
18:55:04.0560 3444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:55:04.0560 3444 Cdfs - ok
18:55:04.0623 3444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:55:04.0638 3444 Cdrom - ok
18:55:04.0654 3444 Changer - ok
18:55:04.0685 3444 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:55:04.0685 3444 CmBatt - ok
18:55:04.0701 3444 CmdIde - ok
18:55:04.0732 3444 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:55:04.0732 3444 Compbatt - ok
18:55:04.0763 3444 Cpqarray - ok
18:55:04.0795 3444 dac2w2k - ok
18:55:04.0810 3444 dac960nt - ok
18:55:04.0826 3444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:55:04.0841 3444 Disk - ok
18:55:04.0904 3444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:55:04.0920 3444 dmboot - ok
18:55:04.0951 3444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:55:04.0951 3444 dmio - ok
18:55:05.0123 3444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:55:05.0123 3444 dmload - ok
18:55:05.0185 3444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:55:05.0185 3444 DMusic - ok
18:55:05.0201 3444 dpti2o - ok
18:55:05.0232 3444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:55:05.0232 3444 drmkaud - ok
18:55:05.0295 3444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:55:05.0295 3444 Fastfat - ok
18:55:05.0373 3444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:55:05.0373 3444 Fdc - ok
18:55:05.0404 3444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:55:05.0404 3444 Fips - ok
18:55:05.0420 3444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:55:05.0420 3444 Flpydisk - ok
18:55:05.0498 3444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:55:05.0498 3444 FltMgr - ok
18:55:05.0513 3444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:55:05.0513 3444 Fs_Rec - ok
18:55:05.0529 3444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:55:05.0545 3444 Ftdisk - ok
18:55:05.0623 3444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:55:05.0623 3444 Gpc - ok
18:55:05.0779 3444 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:55:05.0779 3444 HDAudBus - ok
18:55:05.0841 3444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:55:05.0841 3444 HidUsb - ok
18:55:05.0873 3444 hpn - ok
18:55:05.0951 3444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:55:05.0951 3444 HTTP - ok
18:55:05.0982 3444 i2omgmt - ok
18:55:05.0998 3444 i2omp - ok
18:55:06.0045 3444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:55:06.0045 3444 i8042prt - ok
18:55:06.0107 3444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:55:06.0107 3444 Imapi - ok
18:55:06.0138 3444 ini910u - ok
18:55:06.0545 3444 IntcAzAudAddService (e8656858d8b2da7c9cf59fb4e5ce32ed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:55:06.0607 3444 IntcAzAudAddService - ok
18:55:06.0638 3444 IntelIde - ok
18:55:06.0654 3444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:55:06.0654 3444 intelppm - ok
18:55:06.0701 3444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:55:06.0701 3444 Ip6Fw - ok
18:55:06.0810 3444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:55:06.0810 3444 IpFilterDriver - ok
18:55:06.0873 3444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:55:06.0888 3444 IpInIp - ok
18:55:06.0935 3444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:55:06.0935 3444 IpNat - ok
18:55:06.0951 3444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:55:06.0951 3444 IPSec - ok
18:55:06.0998 3444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:55:06.0998 3444 IRENUM - ok
18:55:07.0060 3444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:55:07.0060 3444 isapnp - ok
18:55:07.0107 3444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:55:07.0107 3444 Kbdclass - ok
18:55:07.0185 3444 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:55:07.0185 3444 kbdhid - ok
18:55:07.0248 3444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:55:07.0263 3444 kmixer - ok
18:55:07.0357 3444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:55:07.0357 3444 KSecDD - ok
18:55:07.0388 3444 lbrtfdc - ok
18:55:07.0435 3444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:55:07.0435 3444 mnmdd - ok
18:55:07.0560 3444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:55:07.0560 3444 Modem - ok
18:55:07.0685 3444 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
18:55:07.0701 3444 Monfilt - ok
18:55:07.0716 3444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:55:07.0716 3444 Mouclass - ok
18:55:07.0779 3444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:55:07.0779 3444 mouhid - ok
18:55:07.0795 3444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:55:07.0795 3444 MountMgr - ok
18:55:07.0810 3444 mraid35x - ok
18:55:07.0841 3444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:55:07.0841 3444 MRxDAV - ok
18:55:07.0935 3444 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:55:07.0951 3444 MRxSmb - ok
18:55:07.0982 3444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:55:07.0982 3444 Msfs - ok
18:55:08.0029 3444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:55:08.0029 3444 MSKSSRV - ok
18:55:08.0060 3444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:55:08.0060 3444 MSPCLOCK - ok
18:55:08.0170 3444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:55:08.0170 3444 MSPQM - ok
18:55:08.0201 3444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:55:08.0201 3444 mssmbios - ok
18:55:08.0263 3444 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:55:08.0263 3444 Mup - ok
18:55:08.0310 3444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:55:08.0310 3444 NDIS - ok
18:55:08.0357 3444 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:55:08.0357 3444 NdisTapi - ok
18:55:08.0388 3444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:55:08.0388 3444 Ndisuio - ok
18:55:08.0404 3444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:55:08.0404 3444 NdisWan - ok
18:55:08.0451 3444 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:55:08.0451 3444 NDProxy - ok
18:55:08.0466 3444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:55:08.0482 3444 NetBIOS - ok
18:55:08.0529 3444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:55:08.0529 3444 NetBT - ok
18:55:08.0591 3444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:55:08.0591 3444 Npfs - ok
18:55:08.0654 3444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:55:08.0654 3444 Ntfs - ok
18:55:08.0748 3444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:55:08.0748 3444 Null - ok
18:55:08.0779 3444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:55:08.0795 3444 NwlnkFlt - ok
18:55:08.0873 3444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:55:08.0873 3444 NwlnkFwd - ok
18:55:08.0935 3444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:55:08.0935 3444 Parport - ok
18:55:08.0951 3444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:55:08.0951 3444 PartMgr - ok
18:55:08.0998 3444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:55:08.0998 3444 ParVdm - ok
18:55:09.0123 3444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:55:09.0123 3444 PCI - ok
18:55:09.0185 3444 PCIDump - ok
18:55:09.0232 3444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:55:09.0232 3444 PCIIde - ok
18:55:09.0263 3444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:55:09.0263 3444 Pcmcia - ok
18:55:09.0279 3444 PDCOMP - ok
18:55:09.0295 3444 PDFRAME - ok
18:55:09.0310 3444 PDRELI - ok
18:55:09.0326 3444 PDRFRAME - ok
18:55:09.0341 3444 perc2 - ok
18:55:09.0357 3444 perc2hib - ok
18:55:09.0435 3444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:55:09.0435 3444 PptpMiniport - ok
18:55:09.0466 3444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:55:09.0466 3444 PSched - ok
18:55:09.0482 3444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:55:09.0482 3444 Ptilink - ok
18:55:09.0560 3444 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:55:09.0560 3444 PxHelp20 - ok
18:55:09.0576 3444 ql1080 - ok
18:55:09.0591 3444 Ql10wnt - ok
18:55:09.0607 3444 ql12160 - ok
18:55:09.0623 3444 ql1240 - ok
18:55:09.0638 3444 ql1280 - ok
18:55:09.0670 3444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:55:09.0670 3444 RasAcd - ok
18:55:09.0701 3444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:55:09.0701 3444 Rasl2tp - ok
18:55:09.0732 3444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:55:09.0748 3444 RasPppoe - ok
18:55:09.0795 3444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:55:09.0795 3444 Raspti - ok
18:55:09.0857 3444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:55:09.0857 3444 Rdbss - ok
18:55:09.0873 3444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:55:09.0873 3444 RDPCDD - ok
18:55:09.0951 3444 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:55:09.0951 3444 RDPWD - ok
18:55:10.0013 3444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:55:10.0029 3444 redbook - ok
18:55:10.0138 3444 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:55:10.0138 3444 rtl8139 - ok
18:55:10.0295 3444 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:55:10.0295 3444 SASDIFSV - ok
18:55:10.0310 3444 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:55:10.0310 3444 SASKUTIL - ok
18:55:10.0388 3444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:55:10.0388 3444 Secdrv - ok
18:55:10.0498 3444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:55:10.0498 3444 Serial - ok
18:55:10.0591 3444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:55:10.0591 3444 Sfloppy - ok
18:55:10.0623 3444 Simbad - ok
18:55:10.0638 3444 Sparrow - ok
18:55:10.0701 3444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:55:10.0701 3444 splitter - ok
18:55:10.0779 3444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:55:10.0779 3444 sr - ok
18:55:10.0873 3444 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:55:10.0873 3444 Srv - ok
18:55:10.0998 3444 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:55:10.0998 3444 ssmdrv - ok
18:55:11.0076 3444 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
18:55:11.0076 3444 StarOpen - ok
18:55:11.0185 3444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:55:11.0185 3444 swenum - ok
18:55:11.0248 3444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:55:11.0263 3444 swmidi - ok
18:55:11.0279 3444 symc810 - ok
18:55:11.0295 3444 symc8xx - ok
18:55:11.0310 3444 sym_hi - ok
18:55:11.0326 3444 sym_u3 - ok
18:55:11.0357 3444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:55:11.0357 3444 sysaudio - ok
18:55:11.0451 3444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:55:11.0451 3444 Tcpip - ok
18:55:11.0498 3444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:55:11.0498 3444 TDPIPE - ok
18:55:11.0591 3444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:55:11.0591 3444 TDTCP - ok
18:55:11.0638 3444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:55:11.0654 3444 TermDD - ok
18:55:11.0685 3444 TosIde - ok
18:55:11.0779 3444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:55:11.0779 3444 Udfs - ok
18:55:11.0841 3444 ultra - ok
18:55:11.0935 3444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:55:11.0935 3444 Update - ok
18:55:12.0013 3444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:55:12.0013 3444 usbccgp - ok
18:55:12.0060 3444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:55:12.0060 3444 usbehci - ok
18:55:12.0091 3444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:55:12.0091 3444 usbhub - ok
18:55:12.0138 3444 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:55:12.0138 3444 usbohci - ok
18:55:12.0216 3444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:55:12.0216 3444 USBSTOR - ok
18:55:12.0263 3444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:55:12.0263 3444 VgaSave - ok
18:55:12.0310 3444 ViaIde - ok
18:55:12.0357 3444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:55:12.0357 3444 VolSnap - ok
18:55:12.0420 3444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:55:12.0420 3444 Wanarp - ok
18:55:12.0435 3444 WDICA - ok
18:55:12.0498 3444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:55:12.0498 3444 wdmaud - ok
18:55:12.0623 3444 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:55:12.0623 3444 WS2IFSL - ok
18:55:12.0716 3444 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:55:12.0716 3444 WudfPf - ok
18:55:12.0748 3444 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:55:12.0748 3444 WudfRd - ok
18:55:12.0810 3444 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:55:13.0060 3444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:55:13.0060 3444 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:55:13.0060 3444 Boot (0x1200) (20a322baf30abaa7c05be817caee125e) \Device\Harddisk0\DR0\Partition0
18:55:13.0076 3444 \Device\Harddisk0\DR0\Partition0 - ok
18:55:13.0076 3444 ============================================================
18:55:13.0076 3444 Scan finished
18:55:13.0076 3444 ============================================================
18:55:13.0091 2760 Detected object count: 1
18:55:13.0091 2760 Actual detected object count: 1
18:55:18.0373 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:55:18.0373 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:55:23.0545 2876 Deinitialize success

OTL log

OTL logfile created on: 2/20/2012 7:03:57 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.04 Mb Total Physical Memory | 323.39 Mb Available Physical Memory | 46.06% Memory free
1.31 Gb Paging File | 0.90 Gb Available in Paging File | 68.72% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 55.84 Gb Free Space | 75.12% Space Free | Partition Type: NTFS

Computer Name: PCHOME | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 19:02:57 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/02/17 03:33:46 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/12/22 20:08:58 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 12:08:37 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 20:30:16 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/22 20:08:58 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/23 12:08:37 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - [2012/02/16 00:14:20 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/22 20:08:50 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/22 20:08:50 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/08 22:52:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/03/08 22:51:57 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2011/03/08 22:51:56 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 16:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006/03/03 20:29:50 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/01 22:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/15 00:49:52 | 000,468,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dcc098e&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 21:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 03:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 03:35:03 | 000,000,000 | ---D | M]

[2011/03/08 23:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/02/15 22:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\39mw2217.default\extensions
[2011/06/17 12:59:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\39mw2217.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/15 23:49:38 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\39mw2217.default\extensions\toolbar@ask.com
[2012/02/14 15:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/14 14:59:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/14 14:59:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 14:59:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Default = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/02/20 02:38:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13CF7D48-E5EF-4AF9-A393-1239010E9764}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/08 22:14:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 19:02:56 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/20 03:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/20 03:48:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/20 03:42:54 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
[2012/02/20 02:15:25 | 000,000,000 | ---D | C] -- C:\cmdcons
[2012/02/20 02:12:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/20 02:12:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/17 19:30:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/17 03:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RealNetworks
[2012/02/17 03:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/02/17 03:34:01 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/02/17 03:33:49 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/02/17 03:33:49 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/02/17 00:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2012/02/17 00:39:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/02/16 21:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/02/16 21:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
[2012/02/16 21:48:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/02/16 00:22:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/02/15 23:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AskToolbar
[2012/02/15 23:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2012/02/15 22:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2012/02/15 22:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/02/15 22:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/02/15 22:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2012/02/15 22:02:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/02/15 22:02:16 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/02/15 22:02:16 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/02/15 22:02:15 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/02/15 22:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/02/15 22:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/02/15 19:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/14 22:23:25 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/02/14 22:07:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2012/02/14 20:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/02/14 20:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/14 20:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/14 20:59:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/14 20:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/14 19:35:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/14 19:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2012/02/12 14:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2012/02/12 14:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/02/11 17:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2012/02/11 17:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMicrosoftProvisioning
[2012/02/11 17:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMicrosoft
[2012/02/11 14:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts
[2012/02/11 14:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2012/02/11 13:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/02/11 13:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/02/10 16:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real

========== Files - Modified Within 30 Days ==========

[2012/02/20 19:08:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/02/20 19:06:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 19:02:57 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/20 18:57:37 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-308236825-1177238915-1006.job
[2012/02/20 18:57:25 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 18:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 18:52:10 | 002,041,519 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/02/20 18:49:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-308236825-1177238915-1006UA.job
[2012/02/20 13:49:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-308236825-1177238915-1006Core.job
[2012/02/20 02:38:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/19 17:11:38 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-308236825-1177238915-1006.job
[2012/02/19 14:11:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/17 16:04:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/17 03:37:08 | 001,667,748 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ABCBEONE.ram
[2012/02/17 03:34:57 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/02/17 03:34:01 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/02/17 03:33:49 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/02/17 03:33:49 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/02/17 03:33:48 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/02/17 00:42:51 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/02/17 00:39:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/02/17 00:37:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/02/17 00:36:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/02/16 21:53:49 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2012/02/16 03:40:27 | 004,568,381 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Taylor Dayne - I'll Wait.mp3
[2012/02/16 00:14:20 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/02/15 23:44:04 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 23:42:17 | 000,458,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/15 23:42:17 | 000,079,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 22:04:34 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/02/15 19:20:15 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/02/15 19:20:15 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/02/15 16:46:45 | 000,014,804 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Folder.jpg
[2012/02/15 16:46:45 | 000,014,804 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{D9DA9547-E371-4D0A-8172-291CA8101A18}_Large.jpg
[2012/02/15 16:46:45 | 000,003,402 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArtSmall.jpg
[2012/02/15 16:46:45 | 000,003,402 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{D9DA9547-E371-4D0A-8172-291CA8101A18}_Small.jpg
[2012/02/14 22:32:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/02/14 22:23:25 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/02/14 22:07:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2012/02/14 20:59:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 19:25:17 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MiniToolBox.exe
[2012/02/14 17:51:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/28 18:01:09 | 009,742,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\80's - Cindy Lauper - Time After Time.mp3
[2012/01/28 17:59:06 | 000,010,787 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{0E6DA411-B945-4E98-8DF2-06538FBD61B7}_Large.jpg
[2012/01/28 17:59:05 | 000,002,597 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{0E6DA411-B945-4E98-8DF2-06538FBD61B7}_Small.jpg
[2012/01/28 05:24:36 | 003,664,582 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\80s - Cyndi Lauper - Girls Just Wanna Have Fun.mp3
[2012/01/28 05:14:42 | 000,012,742 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{39C12552-2475-475F-90A5-2B55A129911B}_Large.jpg
[2012/01/28 05:14:41 | 000,003,337 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{39C12552-2475-475F-90A5-2B55A129911B}_Small.jpg
[2012/01/22 19:49:27 | 004,109,419 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Breathe - Hands To Heaven.mp3
[2012/01/22 18:57:36 | 000,008,652 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{6F624125-5259-4E70-B568-460CD1E2E458}_Large.jpg
[2012/01/22 18:57:35 | 000,002,355 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{6F624125-5259-4E70-B568-460CD1E2E458}_Small.jpg

========== Files Created - No Company Name ==========

[2012/02/20 02:15:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/20 02:15:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/17 03:34:57 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/02/17 00:42:50 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/02/17 00:37:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/02/17 00:36:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/02/16 21:53:49 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2012/02/15 22:04:34 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/02/15 22:03:42 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/02/15 19:26:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 19:26:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/15 16:46:45 | 000,014,804 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{D9DA9547-E371-4D0A-8172-291CA8101A18}_Large.jpg
[2012/02/15 16:46:45 | 000,003,402 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{D9DA9547-E371-4D0A-8172-291CA8101A18}_Small.jpg
[2012/02/14 22:32:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/02/14 20:59:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 19:29:50 | 002,041,519 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/02/14 19:25:11 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MiniToolBox.exe
[2012/02/14 14:59:59 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/28 17:59:07 | 000,010,787 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{0E6DA411-B945-4E98-8DF2-06538FBD61B7}_Large.jpg
[2012/01/28 17:59:07 | 000,002,597 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{0E6DA411-B945-4E98-8DF2-06538FBD61B7}_Small.jpg
[2012/01/28 05:14:44 | 000,012,742 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{39C12552-2475-475F-90A5-2B55A129911B}_Large.jpg
[2012/01/28 05:14:43 | 000,003,337 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{39C12552-2475-475F-90A5-2B55A129911B}_Small.jpg
[2012/01/27 02:49:23 | 000,189,948 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IMG_20070216_0037o.jpg
[2012/01/27 02:49:23 | 000,185,053 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IMG_20070216_0035two.jpg
[2012/01/27 02:49:23 | 000,128,340 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IMG_20070216_0158o.jpg
[2012/01/22 18:57:36 | 000,008,652 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{6F624125-5259-4E70-B568-460CD1E2E458}_Large.jpg
[2012/01/22 18:57:36 | 000,002,355 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\AlbumArt_{6F624125-5259-4E70-B568-460CD1E2E458}_Small.jpg
[2011/12/31 17:21:12 | 000,001,016 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\bto736sy0jyu46qo6o482w8gssmul1hu5kdvk
[2011/12/31 17:21:12 | 000,001,016 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bto736sy0jyu46qo6o482w8gssmul1hu5kdvk
[2011/12/24 19:17:13 | 000,001,246 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\l33s63666d5jiy6vk2oa014
[2011/12/24 19:17:13 | 000,001,246 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l33s63666d5jiy6vk2oa014
[2011/12/22 19:58:47 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hpymvn0d5qgg3vgn7qps5c318q5p
[2011/12/22 19:58:47 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hpymvn0d5qgg3vgn7qps5c318q5p
[2011/12/21 22:27:47 | 000,001,484 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7a24sn6j37j311
[2011/12/21 22:27:47 | 000,001,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7a24sn6j37j311
[2011/12/20 22:13:37 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\0k36wd1q26c384
[2011/12/20 22:13:37 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0k36wd1q26c384
[2011/12/19 14:22:39 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hxhomu2v0jat6wav2ymb8q376h6m
[2011/12/19 14:22:39 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hxhomu2v0jat6wav2ymb8q376h6m
[2011/12/17 14:56:51 | 000,001,510 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\6n52nt1d48d174
[2011/12/17 14:56:51 | 000,001,510 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6n52nt1d48d174
[2011/12/16 12:12:21 | 000,001,414 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qppmdm4s2ppv2enw6xwj2s200x6w
[2011/12/16 12:12:21 | 000,001,414 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qppmdm4s2ppv2enw6xwj2s200x6w
[2011/12/14 17:08:29 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
[2011/12/14 17:08:29 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s
[2011/12/14 10:17:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/14 09:45:12 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\652400e0l875q556u474a6ojs2m2
[2011/12/14 09:45:12 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\652400e0l875q556u474a6ojs2m2
[2011/12/12 14:24:10 | 000,001,450 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\466854s6s482j726v103v8aqt4l4
[2011/12/12 14:24:10 | 000,001,450 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\466854s6s482j726v103v8aqt4l4
[2011/07/31 13:00:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/03/16 02:25:54 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 15:59:58 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/03/09 15:50:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/09 09:54:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/03/08 23:28:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/08 23:06:05 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2011/03/08 23:06:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2011/03/08 23:06:05 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2011/03/08 23:06:05 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2011/03/08 22:59:48 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2011/03/08 22:17:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/08 22:11:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/08 16:05:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/08 16:03:27 | 000,175,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========


< %systemroot%\*. /rp /s >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 20 February 2012 - 10:20 PM

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
    [2011/12/31 17:21:12 | 000,001,016 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\bto736sy0jyu46qo6o482w8gssmul1hu5kdvk
    [2011/12/31 17:21:12 | 000,001,016 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bto736sy0jyu46qo6o482w8gssmul1hu5kdvk
    [2011/12/24 19:17:13 | 000,001,246 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\l33s63666d5jiy6vk2oa014
    [2011/12/24 19:17:13 | 000,001,246 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l33s63666d5jiy6vk2oa014
    [2011/12/22 19:58:47 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hpymvn0d5qgg3vgn7qps5c318q5p
    [2011/12/22 19:58:47 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hpymvn0d5qgg3vgn7qps5c318q5p
    [2011/12/21 22:27:47 | 000,001,484 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7a24sn6j37j311
    [2011/12/21 22:27:47 | 000,001,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7a24sn6j37j311
    [2011/12/20 22:13:37 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\0k36wd1q26c384
    [2011/12/20 22:13:37 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0k36wd1q26c384
    [2011/12/19 14:22:39 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hxhomu2v0jat6wav2ymb8q376h6m
    [2011/12/19 14:22:39 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hxhomu2v0jat6wav2ymb8q376h6m
    [2011/12/17 14:56:51 | 000,001,510 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\6n52nt1d48d174
    [2011/12/17 14:56:51 | 000,001,510 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6n52nt1d48d174
    [2011/12/16 12:12:21 | 000,001,414 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qppmdm4s2ppv2enw6xwj2s200x6w
    [2011/12/16 12:12:21 | 000,001,414 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qppmdm4s2ppv2enw6xwj2s200x6w
    [2011/12/14 17:08:29 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
    [2011/12/14 17:08:29 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s
    [2011/12/14 10:17:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/14 09:45:12 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\652400e0l875q556u474a6ojs2m2
    [2011/12/14 09:45:12 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\652400e0l875q556u474a6ojs2m2
    [2011/12/12 14:24:10 | 000,001,450 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\466854s6s482j726v103v8aqt4l4
    [2011/12/12 14:24:10 | 000,001,450 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\466854s6s482j726v103v8aqt4l4
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Please download Listparts
  • Run the tool, click Scan and post the log (Result.txt) it makes.
Please include the following in your next post:
  • OTL Fix log
  • ListParts log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 21 February 2012 - 03:43 AM

Gotcha

#12 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 21 February 2012 - 03:57 PM

I'm not sure OTL was the right move. It's given me a lot of trouble

When I ran it last night, it made my entire desktop disappear. Finally I figured it had frozen so I decided to just turn it off and run it again tomorrow (today). When I turned my computer back on today, it had disabled my Internet connection. So I did what worked for me last time: System Restore. However, when it was done restoring, OTL had been deleted from my computer and when I tried to download it again so I could try it again, Avira blocked it saying it was malware. I think either I or it may have screwed things up pretty badly. Any advice?

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 21 February 2012 - 05:28 PM

OK, please do this next:

Posted Image Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    [2011/12/31 17:21:12 | 000,001,016 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\bto736sy0jyu46qo6o482w8gssmul1hu5kdvk
    [2011/12/31 17:21:12 | 000,001,016 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bto736sy0jyu46qo6o482w8gssmul1hu5kdvk
    [2011/12/24 19:17:13 | 000,001,246 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\l33s63666d5jiy6vk2oa014
    [2011/12/24 19:17:13 | 000,001,246 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l33s63666d5jiy6vk2oa014
    [2011/12/22 19:58:47 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hpymvn0d5qgg3vgn7qps5c318q5p
    [2011/12/22 19:58:47 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hpymvn0d5qgg3vgn7qps5c318q5p
    [2011/12/21 22:27:47 | 000,001,484 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7a24sn6j37j311
    [2011/12/21 22:27:47 | 000,001,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7a24sn6j37j311
    [2011/12/20 22:13:37 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\0k36wd1q26c384
    [2011/12/20 22:13:37 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0k36wd1q26c384
    [2011/12/19 14:22:39 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hxhomu2v0jat6wav2ymb8q376h6m
    [2011/12/19 14:22:39 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hxhomu2v0jat6wav2ymb8q376h6m
    [2011/12/17 14:56:51 | 000,001,510 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\6n52nt1d48d174
    [2011/12/17 14:56:51 | 000,001,510 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6n52nt1d48d174
    [2011/12/16 12:12:21 | 000,001,414 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qppmdm4s2ppv2enw6xwj2s200x6w
    [2011/12/16 12:12:21 | 000,001,414 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qppmdm4s2ppv2enw6xwj2s200x6w
    [2011/12/14 17:08:29 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
    [2011/12/14 17:08:29 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s
    [2011/12/14 10:17:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/14 09:45:12 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\652400e0l875q556u474a6ojs2m2
    [2011/12/14 09:45:12 | 000,001,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\652400e0l875q556u474a6ojs2m2
    [2011/12/12 14:24:10 | 000,001,450 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\466854s6s482j726v103v8aqt4l4
    [2011/12/12 14:24:10 | 000,001,450 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\466854s6s482j726v103v8aqt4l4
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Please download Listparts
  • Run the tool, click Scan and post the log (Result.txt) it makes.
Please include the following in your next post:
  • FSS log
  • OTL Fix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 BradRHS08

BradRHS08
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northwest Arkansas
  • Local time:08:43 PM

Posted 21 February 2012 - 06:34 PM

When I tried to re-download OTL, Avira gave me the same warning:

Warning
In order not to compromise your security, this page will not be accessed
The requested URL has been identified as a potentially dangerous website.
Further information as to why this page was blocked can be found here. A description of how to remove the block for this page is available here.



Requested URL: http://oldtimer.geekstogo.com/OTL.exe
Category/categories: Malware


Should I just ignore it?

Edited by BradRHS08, 21 February 2012 - 07:10 PM.


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 21 February 2012 - 07:13 PM

Yes, that is a false positive.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users