TechSpot

Gmer found something

By chena87
Nov 15, 2010
  1. gmer found rootkit on 8 step can you please advise.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5117

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18975

    11/15/2010 2:53:48 PM
    mbam-log-2010-11-15 (14-53-48).txt

    Scan type: Quick scan
    Objects scanned: 141538
    Time elapsed: 7 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-11-15 18:18:47
    Windows 6.0.6001 Service Pack 1
    Running: test.exe; Driver: C:\Users\Sabrina\AppData\Local\Temp\pxldrfob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B00F340, 0x3FA057, 0xE8000020]
    ? C:\Users\Sabrina\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[324] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2588] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Services - GMER 1.0.15 ----

    Service C:\Windows\system32\svchost.exe (*** hidden *** ) [AUTO] pyqtzbhw <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw@DisplayName Manager System
    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw@Type 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw@Start 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw@ErrorControl 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw@ObjectName LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw@Description Provides user experience theme management.
    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\pyqtzbhw\Parameters@ServiceDll C:\Windows\system32\brjhw.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw@DisplayName Manager System
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw@Type 32
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw@Start 2
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw@ErrorControl 0
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw@ObjectName LocalSystem
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw@Description Provides user experience theme management.
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\pyqtzbhw\Parameters@ServiceDll C:\Windows\system32\brjhw.dll

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-11-03.01) - NTFSx86
    Run by Sabrina at 17:31:34.76 on Mon 11/15/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.219 [GMT -8:00]

    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Sabrina\Desktop\dds.scr
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\AIM6\aolsoftware.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = <local>
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mPolicies-explorer: NoResolveTrack = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\sabrina\appdata\roaming\mozilla\firefox\profiles\a1gj7tyv.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

    ============= SERVICES / DRIVERS ===============

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-15 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-15 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-15 60936]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 pyqtzbhw;Manager System;c:\windows\system32\svchost.exe -k netsvcs [2008-7-7 21504]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-18 38224]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-11-15 23:02:57 -------- d-----w- c:\users\sabrina\appdata\roaming\Avira
    2010-11-15 22:56:38 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-15 22:56:35 -------- d-----w- c:\program files\Avira
    2010-11-15 22:56:35 -------- d-----w- c:\progra~2\Avira
    2010-11-15 03:22:25 -------- d-----w- c:\program files\Sophos
    2010-11-15 03:07:21 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-11-15 03:00:25 -------- d-----w- c:\users\sabrina\appdata\local\temp
    2010-11-15 02:47:57 98816 ----a-w- c:\windows\sed.exe
    2010-11-15 02:47:57 89088 ----a-w- c:\windows\MBR.exe
    2010-11-15 02:47:57 256512 ----a-w- c:\windows\PEV.exe
    2010-11-15 02:47:57 161792 ----a-w- c:\windows\SWREG.exe
    2010-11-15 02:47:48 -------- d-----w- C:\ComboFix
    2010-11-11 01:30:15 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-10-27 01:38:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 01:38:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    ==================== Find3M ====================

    2010-09-20 09:25:01 231936 ----a-w- c:\windows\system32\msshsq.dll
    2010-09-10 16:37:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:24:40 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:23:14 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-08-31 15:41:42 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:41:42 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:40:26 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:39:46 2037248 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:07:25 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-26 16:01:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:01:33 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:01:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:01:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-20 15:21:02 866816 ----a-w- c:\windows\system32\wmpmde.dll
    2009-05-15 04:02:10 3392872 ----a-w- c:\program files\common files\adlmint_libFNP.dll
    2009-05-15 04:02:10 3298152 ----a-w- c:\program files\common files\adlmint.dll

    ============= FINISH: 17:34:24.46 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-03.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/28/2007 12:26:43 PM
    System Uptime: 11/15/2010 5:29:11 PM (0 hours ago)

    Motherboard: Quanta | | 30CF
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket S1 | 1800/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 141 GiB total, 64.89 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 1.813 GiB free.
    E: is CDROM (UDF)
    F: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================


    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8
    AIM 6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    CCleaner (remove only)
    Combined Community Codec Pack 2009-09-09
    Conexant HD Audio
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    ESU for Microsoft Vista
    Family Feud (remove only)
    Google Talk (remove only)
    HDAUDIO Soft Data Fax Modem with SmartCP
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Doc Viewer
    HP User Guides 0057
    HPAsset component for HP Active Support Library
    ImgBurn
    iTunes
    Java(TM) SE Runtime Environment 6
    LightScribe System Software 1.14.17.1
    LimeWire 5.1.4
    Malwarebytes' Anti-Malware
    Maya 2010
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mIRC
    MobileMe Control Panel
    Mozilla Firefox (3.6.8)
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySpaceIM
    Nero 7 Essentials
    neroxml
    NVIDIA Drivers
    Orion 7.6
    QuickTime
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    SC Ver 2.57
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    SmartAudio
    StepMania (remove only)
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.762
    Viewpoint Media Player
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update

    ==== End Of File ===========================
    ]
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    What are your computer actual issues?

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. chena87

    chena87 TS Rookie Topic Starter

    ComboFix 10-11-16.02 - Sabrina 11/16/2010 13:37:59.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.250 [GMT -8:00]
    Running from: c:\users\Sabrina\Desktop\ComboFix.exe
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\program files\Common Files\Microsoft Service
    c:\program files\Common Files\Microsoft Service\S-1-5-21-5939576529-1476309113-6583654236-6686\updatesvr.log

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
    .

    2010-11-16 21:49 . 2010-11-16 21:50 -------- d-----w- c:\users\Sabrina\AppData\Local\temp
    2010-11-16 21:49 . 2010-11-16 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-15 23:02 . 2010-11-15 23:02 -------- d-----w- c:\users\Sabrina\AppData\Roaming\Avira
    2010-11-15 22:56 . 2010-08-03 00:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-11-15 22:56 . 2010-08-03 00:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-15 22:56 . 2010-11-15 22:56 -------- d-----w- c:\programdata\Avira
    2010-11-15 22:56 . 2010-11-15 22:56 -------- d-----w- c:\program files\Avira
    2010-11-15 03:22 . 2010-11-15 22:43 -------- d-----w- c:\program files\Sophos
    2010-11-11 01:30 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2010-10-27 01:38 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 01:38 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-20 09:25 . 2010-10-14 10:01 231936 ----a-w- c:\windows\system32\msshsq.dll
    2010-09-10 16:37 . 2010-10-14 03:11 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 06:01 . 2010-10-14 03:11 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57 . 2010-10-14 03:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57 . 2010-10-14 03:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56 . 2010-10-14 03:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56 . 2010-10-14 03:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04 . 2010-10-14 03:11 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26 . 2010-10-14 03:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25 . 2010-10-14 03:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:24 . 2010-10-14 03:11 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:23 . 2010-10-14 03:11 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-09-06 14:13 . 2010-10-14 03:11 303616 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-09-06 14:12 . 2010-10-14 03:11 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-09-06 14:12 . 2010-10-14 03:11 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-31 15:41 . 2010-10-14 03:10 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:41 . 2010-10-14 03:10 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:40 . 2010-10-14 03:10 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:39 . 2010-10-14 03:10 2037248 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:07 . 2010-10-14 03:11 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-26 16:01 . 2010-10-27 01:38 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:01 . 2010-10-27 01:38 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:01 . 2010-10-27 01:38 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:01 . 2010-10-27 01:38 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-20 15:21 . 2010-10-14 03:10 866816 ----a-w- c:\windows\system32\wmpmde.dll
    2009-05-15 04:02 . 2009-05-15 04:02 3392872 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
    2009-05-15 04:02 . 2009-05-15 04:02 3298152 ----a-w- c:\program files\Common Files\adlmint.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3093776565-2197326357-1051833201-1000]
    "EnableNotificationsRef"=dword:00000002

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 pyqtzbhw;Manager System;c:\windows\system32\svchost.exe [2008-01-19 21504]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\56C.tmp [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-03 135336]


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    pyqtzbhw

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-15 c:\windows\Tasks\User_Feed_Synchronization-{DEA12275-7A1F-4714-B9E6-20CC85D9A9E6}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    FF - ProfilePath - c:\users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\a1gj7tyv.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-16 13:50
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\56C.tmp"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pyqtzbhw]
    "ServiceDll"="c:\windows\system32\brjhw.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-11-16 13:54:30
    ComboFix-quarantined-files.txt 2010-11-16 21:54

    Pre-Run: 68,866,932,736 bytes free
    Post-Run: 68,528,140,288 bytes free

    - - End Of File - - 187AB7CEFE56FE6D07E85285A0E23D61
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    pyqtzbhw
    
    NetSvc::
    NetSvc
    
    DDS::
    uInternet Settings,ProxyOverride = <local>
    
    Registry::
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pyqtzbhw]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  5. chena87

    chena87 TS Rookie Topic Starter

    ComboFix 10-11-16.02 - Sabrina 11/16/2010 16:35:30.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.266 [GMT -8:00]
    Running from: c:\users\Sabrina\Desktop\ComboFix.exe
    Command switches used :: c:\users\Sabrina\Desktop\CFScript.txt
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_pyqtzbhw


    ((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
    .

    2010-11-17 00:45 . 2010-11-17 01:08 -------- d-----w- c:\users\Sabrina\AppData\Local\temp
    2010-11-17 00:45 . 2010-11-17 00:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-11-17 00:45 . 2010-11-17 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-15 23:02 . 2010-11-15 23:02 -------- d-----w- c:\users\Sabrina\AppData\Roaming\Avira
    2010-11-15 22:56 . 2010-08-03 00:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-11-15 22:56 . 2010-08-03 00:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-15 22:56 . 2010-11-15 22:56 -------- d-----w- c:\programdata\Avira
    2010-11-15 22:56 . 2010-11-15 22:56 -------- d-----w- c:\program files\Avira
    2010-11-15 03:22 . 2010-11-15 22:43 -------- d-----w- c:\program files\Sophos
    2010-11-11 01:30 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2010-10-27 01:38 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 01:38 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-20 09:25 . 2010-10-14 10:01 231936 ----a-w- c:\windows\system32\msshsq.dll
    2010-09-10 16:37 . 2010-10-14 03:11 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 06:01 . 2010-10-14 03:11 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57 . 2010-10-14 03:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57 . 2010-10-14 03:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56 . 2010-10-14 03:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56 . 2010-10-14 03:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04 . 2010-10-14 03:11 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26 . 2010-10-14 03:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25 . 2010-10-14 03:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:24 . 2010-10-14 03:11 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:23 . 2010-10-14 03:11 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-09-06 14:13 . 2010-10-14 03:11 303616 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-09-06 14:12 . 2010-10-14 03:11 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-09-06 14:12 . 2010-10-14 03:11 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-31 15:41 . 2010-10-14 03:10 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:41 . 2010-10-14 03:10 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:40 . 2010-10-14 03:10 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:39 . 2010-10-14 03:10 2037248 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:07 . 2010-10-14 03:11 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-26 16:01 . 2010-10-27 01:38 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:01 . 2010-10-27 01:38 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:01 . 2010-10-27 01:38 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:01 . 2010-10-27 01:38 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-20 15:21 . 2010-10-14 03:10 866816 ----a-w- c:\windows\system32\wmpmde.dll
    2009-05-15 04:02 . 2009-05-15 04:02 3392872 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
    2009-05-15 04:02 . 2009-05-15 04:02 3298152 ----a-w- c:\program files\Common Files\adlmint.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3093776565-2197326357-1051833201-1000]
    "EnableNotificationsRef"=dword:00000002

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\56C.tmp [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-03 135336]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-17 c:\windows\Tasks\User_Feed_Synchronization-{DEA12275-7A1F-4714-B9E6-20CC85D9A9E6}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    FF - ProfilePath - c:\users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\a1gj7tyv.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-16 17:09
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\56C.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3524)
    c:\windows\System32\SyncCenter.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\System32\rundll32.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\AIM6\aolsoftware.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-16 17:14:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-17 01:14
    ComboFix2.txt 2010-11-16 21:54

    Pre-Run: 67,277,209,600 bytes free
    Post-Run: 66,922,856,448 bytes free

    - - End Of File - - DFADBA3B31906E142F21F83647F37724
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. chena87

    chena87 TS Rookie Topic Starter

    OTL logfile created on: 11/16/2010 5:39:10 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sabrina\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 42.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.62 Gb Total Space | 62.49 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
    Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
    Drive E: | 7.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 1.88 Gb Total Space | 1.86 Gb Free Space | 98.77% Space Free | Partition Type: FAT

    Computer Name: SABRINA-PC | User Name: Sabrina | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/16 17:36:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe
    PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/06/19 09:51:30 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
    PRC - [2007/10/08 13:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
    PRC - [2007/09/15 01:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/16 17:36:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe
    MOD - [2010/08/31 07:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
    SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/05/20 04:45:08 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\56C.tmp -- (MEMSWEEP2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/01/18 21:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/10/12 22:50:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
    DRV - [2007/10/12 22:50:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2007/09/15 01:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/07/10 05:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 02:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 02:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/06/20 02:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/04/11 18:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/03/06 20:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2007/02/24 06:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/02/16 15:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/01/23 09:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/01/23 08:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/30 09:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/01 23:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/10/18 18:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2006/06/28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 18:21:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 18:21:22 | 000,000,000 | ---D | M]

    [2010/08/11 18:21:45 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Extensions
    [2009/07/12 13:22:08 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/08/11 18:31:28 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\a1gj7tyv.default\extensions
    [2010/08/11 18:31:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\a1gj7tyv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/11 18:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/11/16 17:08:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Sabrina\Pictures\990E.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Sabrina\Pictures\990E.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/04 03:08:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O32 - Unable to obtain root file information for disk F:\
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - File not found
    Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/16 17:38:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe
    [2010/11/16 17:14:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/11/16 17:14:24 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\temp
    [2010/11/16 17:08:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2010/11/16 16:33:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/11/16 13:29:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/11/16 13:29:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/11/16 13:29:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/11/15 15:02:57 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Avira
    [2010/11/15 14:56:39 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/11/15 14:56:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2010/11/15 14:56:38 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2010/11/15 14:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/11/15 14:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/11/14 19:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2010/11/14 18:47:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/11/14 18:47:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2009/05/14 20:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
    [2009/05/14 20:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
    [1 C:\Users\Sabrina\Documents\*.tmp files -> C:\Users\Sabrina\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/16 17:38:31 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/11/16 17:38:27 | 000,620,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/16 17:38:27 | 000,109,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/16 17:36:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe
    [2010/11/16 17:35:01 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/11/16 17:33:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/16 17:33:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/16 17:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/16 17:33:22 | 162,515,088 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/16 17:08:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/11/16 16:06:19 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DEA12275-7A1F-4714-B9E6-20CC85D9A9E6}.job
    [2010/11/16 13:24:26 | 000,000,293 | ---- | M] () -- C:\Users\Sabrina\Desktop\ComboFix - Shortcut.lnk
    [2010/11/16 13:23:28 | 003,910,384 | R--- | M] () -- C:\Users\Sabrina\Desktop\ComboFix.exe
    [2010/11/15 14:57:06 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/15 14:50:50 | 053,123,856 | ---- | M] () -- C:\Users\Sabrina\Desktop\avira_antivir_personal_en.exe
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
    [2010/11/03 15:27:54 | 000,628,736 | ---- | M] () -- C:\Users\Sabrina\Desktop\dds.scr
    [2010/11/03 15:27:30 | 000,294,912 | ---- | M] () -- C:\Users\Sabrina\Desktop\test.exe
    [2010/11/02 19:44:59 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [1 C:\Users\Sabrina\Documents\*.tmp files -> C:\Users\Sabrina\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/16 13:29:19 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/11/16 13:29:18 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/11/16 13:29:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/11/16 13:29:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/11/16 13:29:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/11/16 13:24:56 | 003,910,384 | R--- | C] () -- C:\Users\Sabrina\Desktop\ComboFix.exe
    [2010/11/16 13:24:02 | 000,000,293 | ---- | C] () -- C:\Users\Sabrina\Desktop\ComboFix - Shortcut.lnk
    [2010/11/15 17:27:34 | 000,628,736 | ---- | C] () -- C:\Users\Sabrina\Desktop\dds.scr
    [2010/11/15 14:57:06 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/15 14:50:50 | 053,123,856 | ---- | C] () -- C:\Users\Sabrina\Desktop\avira_antivir_personal_en.exe
    [2010/11/14 18:24:28 | 000,294,912 | ---- | C] () -- C:\Users\Sabrina\Desktop\test.exe
    [2010/09/23 16:52:33 | 000,006,144 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/05 03:04:37 | 000,028,029 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/03/05 03:04:37 | 000,028,029 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/12/10 03:05:33 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009/05/22 13:52:10 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
    [2009/05/22 13:52:10 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
    [2009/03/24 19:19:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/03/04 23:12:08 | 000,000,600 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\PUTTY.RND
    [2008/04/11 00:37:09 | 000,000,027 | ---- | C] () -- C:\Windows\KA.INI
    [2008/02/20 18:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/02/20 18:03:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2008/01/08 05:29:13 | 000,001,356 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\d3d9caps.dat
    [2007/12/25 02:11:26 | 000,027,525 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\nvModes.001
    [2007/12/25 02:11:25 | 000,027,525 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\nvModes.dat
    [2007/12/25 02:04:00 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\QSwitch.txt
    [2007/12/25 02:04:00 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\DSwitch.txt
    [2007/12/25 02:04:00 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\AtStart.txt
    [2007/08/04 02:53:27 | 000,001,321 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/02/05 16:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/05/07 04:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    ========== LOP Check ==========

    [2008/07/29 20:51:08 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\acccore
    [2010/05/20 04:52:35 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Autodesk
    [2007/12/29 23:25:50 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\FlashFXP
    [2009/12/31 23:11:20 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\ImgBurn
    [2010/10/31 14:21:30 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\LimeWire
    [2010/11/16 17:29:56 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/11/16 16:06:19 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DEA12275-7A1F-4714-B9E6-20CC85D9A9E6}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/08/04 03:08:39 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2008/01/18 23:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2010/11/16 17:14:22 | 000,011,173 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/04/11 00:37:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/07/29 20:50:50 | 000,000,353 | -H-- | M] () -- C:\IPH.PH
    [2008/04/11 00:37:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/11/16 17:33:24 | 1319,292,928 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/14 19:09:14 | 000,057,654 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_14.11.2010_19.07.56_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 04:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 13:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/09 19:52:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2009/05/22 13:52:10 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/04/04 14:47:30 | 000,000,286 | -HS- | M] () -- C:\Users\Sabrina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/15 14:50:50 | 053,123,856 | ---- | M] () -- C:\Users\Sabrina\Desktop\avira_antivir_personal_en.exe
    [2010/11/16 13:23:28 | 003,910,384 | R--- | M] () -- C:\Users\Sabrina\Desktop\ComboFix.exe
    [2010/11/16 17:36:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe
    [2010/11/03 15:27:30 | 000,294,912 | ---- | M] () -- C:\Users\Sabrina\Desktop\test.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2009/05/14 20:02:10 | 003,298,152 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
    [2009/05/14 20:02:10 | 003,392,872 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/12/26 03:42:09 | 000,000,402 | -HS- | M] () -- C:\Users\Sabrina\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/03/06 12:34:53 | 000,001,321 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/11/16 17:38:31 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2009/05/22 13:52:10 | 000,000,608 | -H-- | M] () -- C:\ProgramData\T2

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  8. chena87

    chena87 TS Rookie Topic Starter

    OTL Extras logfile created on: 11/16/2010 5:39:10 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sabrina\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 42.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.62 Gb Total Space | 62.49 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
    Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
    Drive E: | 7.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 1.88 Gb Total Space | 1.86 Gb Free Space | 98.77% Space Free | Partition Type: FAT

    Computer Name: SABRINA-PC | User Name: Sabrina | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3093776565-2197326357-1051833201-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{35A5AF39-6C9C-4DBE-BC65-F3357E8A82F5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{587AC427-F1DB-4525-9FE2-8AF774B60F82}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
    "{7967AA8A-01E9-46DA-9FB4-816AB56B63BE}" = lport=7618 | protocol=6 | dir=in | name=sexgchxs |
    "{A7FBC944-6671-4F59-8A78-3C29EAB0846B}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01669B7C-17D2-443A-8124-198AFB36FB1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{05F6F3EF-B25C-4001-8372-FE26E6D1B328}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{0BD5B143-2A62-4048-8A88-E0088031E6FB}" = protocol=17 | dir=in | app=c:\users\sabrina\appdata\local\microsoft\windows\temporary internet files\content.ie5\ybpqofti\wowclient-downloader[1].exe |
    "{1522F853-94FE-4B18-8CA8-BFCCE6ED703F}" = protocol=6 | dir=in | app=c:\users\sabrina\appdata\local\microsoft\windows\temporary internet files\content.ie5\ybpqofti\wowclient-downloader[1].exe |
    "{2880F3E5-BFA7-4978-B8BD-EBC574595AF7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{28E9E017-5726-43E6-9EC2-83B639A67047}" = protocol=6 | dir=in | app=c:\users\sabrina\appdata\local\microsoft\windows\temporary internet files\content.ie5\hiz3c4hv\wowclient-downloader[1].exe |
    "{2AFD0F31-758E-474F-BD04-709457D41F44}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{2BB90403-6EF4-4968-955C-D8A38AB78B49}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{53C625B3-9FDB-485A-B18B-6737BE888434}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{566BC5AB-6394-4E5A-89B7-E432A4758828}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{733F98FA-7A7A-4C8A-B6C3-39496680357B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{8F007D4D-E3DC-4219-AE0E-FB4889821187}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{93FEFC92-5847-41E3-8476-9526DEDC0E99}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{A033D27B-0F29-47C3-A29D-3DBA3B5C68EB}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{AA5C57E2-AFC8-45B3-BC1D-E54BD71D59D7}" = protocol=17 | dir=in | app=c:\users\sabrina\appdata\local\microsoft\windows\temporary internet files\content.ie5\hiz3c4hv\wowclient-downloader[1].exe |
    "{B1114E86-9526-4A62-AC7B-BF983235DD8B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B6D6418D-0827-411C-A10D-79068E9FCF29}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{B8B7AA53-FE0B-4BAF-B3EB-5CFE3AD3E758}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{BBD292DF-AAC3-4152-BB28-A1E1C8B6F65A}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{C46680E0-5FBA-4FDB-BAAB-C3971EEC7D6F}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{DF94E264-88D6-45A1-96D2-917897A0D033}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F238082B-3978-480D-B122-CF2A1C1231A2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{FEDDC1BE-654F-4E06-BEE7-4BE680FE3F31}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{FEDF72C2-CDC2-4F31-923B-9CB5D8CCBED2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{72126EF8-31B3-4EAE-9771-236996706D30}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{8DA9FE82-0488-4DF7-AA1C-D1CD6A306A7F}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
    "TCP Query User{91884B43-E6F8-4A2A-A945-F1B5574B08FA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{F327C1D7-603A-4254-89C0-6CE3E0FAD7C5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
    "TCP Query User{FC5715CB-B918-45D0-88E5-A7EC42D05343}C:\program files\autodesk\maya2010\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2010\bin\maya.exe |
    "UDP Query User{457147CE-FC4E-4153-A235-2C0C082BCE08}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
    "UDP Query User{7A6E197E-51B6-4C57-91E4-D0E28EAA9976}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{AB3C74A3-3743-4E7D-905F-CEFE86E84B06}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
    "UDP Query User{B0F45189-44E9-4DD5-A4EF-C38EFA05B693}C:\program files\autodesk\maya2010\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2010\bin\maya.exe |
    "UDP Query User{ED915FCF-5AD3-4023-858E-F66F91AC0D2F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{310AFA6B-094D-45DA-8389-4712074B6A22}" = Maya 2010
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DB0BA61A-8295-4211-85F7-184FC2591033}" = Nero 7 Essentials
    "{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
    "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AIM_6" = AIM 6
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HijackThis" = HijackThis 2.0.2
    "ImgBurn" = ImgBurn
    "LimeWire" = LimeWire 5.1.4
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "mIRC" = mIRC
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MySpaceIM" = MySpaceIM
    "NVIDIA Drivers" = NVIDIA Drivers
    "Orion_is1" = Orion 7.6
    "Rhapsody" = Rhapsody
    "SmartAudio" = SmartAudio
    "Super Card_is1" = SC Ver 2.57
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

     
  10. chena87

    chena87 TS Rookie Topic Starter

    its running fine now thank you
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)
    Let me go through your OTL logs...
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
      O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [1 C:\Users\Sabrina\Documents\*.tmp files -> C:\Users\Sabrina\Documents\*.tmp -> ]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. chena87

    chena87 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Users\Sabrina\Documents\~WRL0681.tmp deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sabrina
    ->Temp folder emptied: 4285364 bytes
    ->Temporary Internet Files folder emptied: 2128326 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Sabrina
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11162010_182452

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFC6AB.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFC6B6.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFC796.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFC7A1.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFC7ED.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFC7F8.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFC8E6.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFC8F1.tmp not found!

    Registry entries deleted on Reboot...
     
  14. chena87

    chena87 TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 1 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.12.36
    Adobe Reader 8
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  15. chena87

    chena87 TS Rookie Topic Starter

    running online scan now
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We'll need to remember to install SP2, when you're done with Eset.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
  17. chena87

    chena87 TS Rookie Topic Starter

    eset found no threats, sp2 installed, acrobat removed.
    thank you for your help
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  19. chena87

    chena87 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sabrina
    ->Temp folder emptied: 1996925 bytes
    ->Temporary Internet Files folder emptied: 3339363 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 23287 bytes
    RecycleBin emptied: 556655713 bytes

    Total Files Cleaned = 536.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Sabrina
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.17.3 log created on 11172010_192017

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFF8B8.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFF8BD.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFFB74.tmp not found!
    File\Folder C:\Users\Sabrina\AppData\Local\Temp\~DFFE20.tmp not found!

    Registry entries deleted on Reboot...
     
  20. chena87

    chena87 TS Rookie Topic Starter

    after sp2 update i get cpu spikes. from 4% to 15% at times. hardrive light seems to be flickering all the time. is this normal? other than that its running good
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    The issue seems to be resolved.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...