TechSpot

Massive slowdown/anti-malware won't even run

Inactive
By jhoward218
Nov 17, 2011
Topic Status:
Not open for further replies.
  1. So my roommate recently received this computer for free from his Mother recently and within a couple seconds of my using it, I realize that it has a very, very noticable slowdown and upon further investigation I have come to the conclusion that it has been infected with most likely a massive amount of malware and (most likely) viruses.

    I ran an Ad-Aware scan and it returned a few results, which I promptly deleted, used Panda ActiveScan, which brought up a few problems but of course didn't fix them.

    I've looked up numerous threads on this site and as I am at my wits end with trying to solve this problem on my own, plead with you to help me eliminate this issue.

    By the way, I'm pretty certain a full system restore isn't an option, as the hidden file that contains the windows installation has either been permanently deleted or is stifled by whatever is plaguing this PC.

    Anyway, when following the instructions on your 5-step thread, as mentioned I used Panda ActiveScan yesterday and it yielded a couple threats, but nothing major.

    I installed MBAM and the program won't run, most likely it is being blocked by the crud on here. I tried pretty much all of the "fixes" available, renaming the file, ect, and none have worked.

    GMER worked and I will include the log after my ramblings, but every time I try to run DDS it freezes up after a couple of minutes. I left it up and running for a good half hour and it still didn't complete. I'm assuming I really need this log so I'm curious as to how you guys could help me without it.

    I appreciate your time and help and hope someone can aid me in fixing this PC.


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-17 01:51:20
    Windows 5.1.2600 Service Pack 3
    Running: juko1io4.exe; Driver: H:\DOCUME~1\David\LOCALS~1\Temp\fwkdapoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----


    EDIT: After more research I downloaded Super AntiSpyware and ran a full scan, it returned a massive amount of spyware files (over 100!) Although, they were all classified as "tracking cookies." MBAM is still refusing to open though, so I'm assuming there's still some nasties lurking under the radar.
  2. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    20:10:17.0921 2428 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    20:10:17.0937 2428 ============================================================
    20:10:17.0937 2428 Current date / time: 2011/11/17 20:10:17.0937
    20:10:17.0937 2428 SystemInfo:
    20:10:17.0937 2428
    20:10:17.0937 2428 OS Version: 5.1.2600 ServicePack: 3.0
    20:10:17.0937 2428 Product type: Workstation
    20:10:17.0937 2428 ComputerName: DAVID-066421D8F
    20:10:17.0937 2428 UserName: David
    20:10:17.0937 2428 Windows directory: H:\WINDOWS
    20:10:17.0937 2428 System windows directory: H:\WINDOWS
    20:10:17.0937 2428 Processor architecture: Intel x86
    20:10:17.0937 2428 Number of processors: 1
    20:10:17.0937 2428 Page size: 0x1000
    20:10:17.0937 2428 Boot type: Normal boot
    20:10:17.0937 2428 ============================================================
    20:10:19.0687 2428 Initialize success
    20:10:22.0843 1020 ============================================================
    20:10:22.0843 1020 Scan started
    20:10:22.0843 1020 Mode: Manual;
    20:10:22.0843 1020 ============================================================
    20:10:24.0843 1020 Abiosdsk - ok
    20:10:24.0921 1020 abp480n5 - ok
    20:10:24.0968 1020 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:10:24.0984 1020 ACPI - ok
    20:10:25.0015 1020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys
    20:10:25.0015 1020 ACPIEC - ok
    20:10:25.0046 1020 adpu160m - ok
    20:10:25.0078 1020 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
    20:10:25.0078 1020 aec - ok
    20:10:25.0140 1020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys
    20:10:25.0156 1020 AFD - ok
    20:10:25.0171 1020 AFGMp50 - ok
    20:10:25.0187 1020 AFGSp50 - ok
    20:10:25.0203 1020 Aha154x - ok
    20:10:25.0218 1020 aic78u2 - ok
    20:10:25.0234 1020 aic78xx - ok
    20:10:25.0359 1020 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) H:\WINDOWS\system32\drivers\ALCXWDM.SYS
    20:10:25.0421 1020 ALCXWDM - ok
    20:10:25.0437 1020 AliIde - ok
    20:10:25.0453 1020 amsint - ok
    20:10:25.0515 1020 Arp1394 (b5b8a80875c1dededa8b02765642c32f) H:\WINDOWS\system32\DRIVERS\arp1394.sys
    20:10:25.0515 1020 Arp1394 - ok
    20:10:25.0531 1020 asc - ok
    20:10:25.0562 1020 asc3350p - ok
    20:10:25.0578 1020 asc3550 - ok
    20:10:25.0625 1020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:10:25.0625 1020 AsyncMac - ok
    20:10:25.0671 1020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
    20:10:25.0671 1020 atapi - ok
    20:10:25.0687 1020 Atdisk - ok
    20:10:25.0843 1020 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    20:10:25.0984 1020 ati2mtag - ok
    20:10:26.0031 1020 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:10:26.0046 1020 Atmarpc - ok
    20:10:26.0093 1020 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
    20:10:26.0093 1020 audstub - ok
    20:10:26.0171 1020 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
    20:10:26.0171 1020 Beep - ok
    20:10:26.0203 1020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
    20:10:26.0203 1020 cbidf2k - ok
    20:10:26.0250 1020 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    20:10:26.0250 1020 CCDECODE - ok
    20:10:26.0265 1020 cd20xrnt - ok
    20:10:26.0296 1020 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
    20:10:26.0296 1020 Cdaudio - ok
    20:10:26.0343 1020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
    20:10:26.0343 1020 Cdfs - ok
    20:10:26.0390 1020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:10:26.0390 1020 Cdrom - ok
    20:10:26.0406 1020 Changer - ok
    20:10:26.0437 1020 CmdIde - ok
    20:10:26.0468 1020 Cpqarray - ok
    20:10:26.0484 1020 dac2w2k - ok
    20:10:26.0500 1020 dac960nt - ok
    20:10:26.0531 1020 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
    20:10:26.0546 1020 Disk - ok
    20:10:26.0593 1020 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys
    20:10:26.0640 1020 dmboot - ok
    20:10:26.0671 1020 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys
    20:10:26.0671 1020 dmio - ok
    20:10:26.0703 1020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
    20:10:26.0718 1020 dmload - ok
    20:10:26.0750 1020 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
    20:10:26.0750 1020 DMusic - ok
    20:10:26.0781 1020 dpti2o - ok
    20:10:26.0796 1020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
    20:10:26.0796 1020 drmkaud - ok
    20:10:26.0906 1020 eeCtrl (08035db1987412cced1d4201263776ed) H:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    20:10:26.0906 1020 eeCtrl - ok
    20:10:26.0953 1020 EraserUtilRebootDrv (d5ea4a605147eeaaaa09fef41f007eb0) H:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    20:10:26.0953 1020 EraserUtilRebootDrv - ok
    20:10:27.0031 1020 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
    20:10:27.0031 1020 Fastfat - ok
    20:10:27.0078 1020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\drivers\Fdc.sys
    20:10:27.0078 1020 Fdc - ok
    20:10:27.0109 1020 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys
    20:10:27.0125 1020 Fips - ok
    20:10:27.0156 1020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\drivers\Flpydisk.sys
    20:10:27.0156 1020 Flpydisk - ok
    20:10:27.0187 1020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
    20:10:27.0187 1020 FltMgr - ok
    20:10:27.0250 1020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:10:27.0250 1020 Fs_Rec - ok
    20:10:27.0312 1020 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:10:27.0312 1020 Ftdisk - ok
    20:10:27.0359 1020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:10:27.0359 1020 Gpc - ok
    20:10:27.0390 1020 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:10:27.0390 1020 HidUsb - ok
    20:10:27.0421 1020 hpn - ok
    20:10:27.0484 1020 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
    20:10:27.0484 1020 HTTP - ok
    20:10:27.0515 1020 i2omgmt - ok
    20:10:27.0531 1020 i2omp - ok
    20:10:27.0562 1020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) H:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:10:27.0562 1020 i8042prt - ok
    20:10:27.0593 1020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys
    20:10:27.0593 1020 Imapi - ok
    20:10:27.0640 1020 ini910u - ok
    20:10:27.0656 1020 IntelIde - ok
    20:10:27.0687 1020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
    20:10:27.0687 1020 Ip6Fw - ok
    20:10:27.0734 1020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:10:27.0734 1020 IpFilterDriver - ok
    20:10:27.0765 1020 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:10:27.0765 1020 IpInIp - ok
    20:10:27.0796 1020 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:10:27.0812 1020 IpNat - ok
    20:10:27.0828 1020 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:10:27.0828 1020 IPSec - ok
    20:10:27.0859 1020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
    20:10:27.0859 1020 IRENUM - ok
    20:10:27.0906 1020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:10:27.0906 1020 isapnp - ok
    20:10:27.0953 1020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:10:27.0953 1020 Kbdclass - ok
    20:10:27.0984 1020 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
    20:10:27.0984 1020 kmixer - ok
    20:10:28.0015 1020 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
    20:10:28.0031 1020 KSecDD - ok
    20:10:28.0062 1020 Lbd (336abe8721cbc3110f1c6426da633417) H:\WINDOWS\system32\DRIVERS\Lbd.sys
    20:10:28.0062 1020 Lbd - ok
    20:10:28.0078 1020 lbrtfdc - ok
    20:10:28.0171 1020 LMIInfo - ok
    20:10:28.0218 1020 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) H:\WINDOWS\system32\DRIVERS\lmimirr.sys
    20:10:28.0218 1020 lmimirr - ok
    20:10:28.0234 1020 LMIRfsClientNP - ok
    20:10:28.0281 1020 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) H:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    20:10:28.0296 1020 LMIRfsDriver - ok
    20:10:28.0343 1020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
    20:10:28.0343 1020 mnmdd - ok
    20:10:28.0406 1020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys
    20:10:28.0406 1020 Modem - ok
    20:10:28.0437 1020 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) H:\WINDOWS\system32\drivers\MODEMCSA.sys
    20:10:28.0437 1020 MODEMCSA - ok
    20:10:28.0484 1020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:10:28.0484 1020 Mouclass - ok
    20:10:28.0531 1020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) H:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:10:28.0531 1020 mouhid - ok
    20:10:28.0593 1020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
    20:10:28.0593 1020 MountMgr - ok
    20:10:28.0609 1020 mraid35x - ok
    20:10:28.0640 1020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:10:28.0640 1020 MRxDAV - ok
    20:10:28.0703 1020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:10:28.0718 1020 MRxSmb - ok
    20:10:28.0750 1020 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
    20:10:28.0750 1020 Msfs - ok
    20:10:28.0781 1020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:10:28.0781 1020 MSKSSRV - ok
    20:10:28.0812 1020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:10:28.0812 1020 MSPCLOCK - ok
    20:10:28.0843 1020 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
    20:10:28.0843 1020 MSPQM - ok
    20:10:28.0875 1020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:10:28.0875 1020 mssmbios - ok
    20:10:28.0921 1020 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys
    20:10:28.0921 1020 MSTEE - ok
    20:10:28.0984 1020 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
    20:10:28.0984 1020 Mup - ok
    20:10:29.0031 1020 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    20:10:29.0031 1020 NABTSFEC - ok
    20:10:29.0078 1020 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
    20:10:29.0078 1020 NDIS - ok
    20:10:29.0109 1020 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
    20:10:29.0109 1020 NdisIP - ok
    20:10:29.0171 1020 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:10:29.0171 1020 NdisTapi - ok
    20:10:29.0187 1020 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:10:29.0187 1020 Ndisuio - ok
    20:10:29.0234 1020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:10:29.0234 1020 NdisWan - ok
    20:10:29.0265 1020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
    20:10:29.0281 1020 NDProxy - ok
    20:10:29.0296 1020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
    20:10:29.0312 1020 NetBIOS - ok
    20:10:29.0343 1020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
    20:10:29.0343 1020 NetBT - ok
    20:10:29.0375 1020 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) H:\WINDOWS\system32\DRIVERS\nic1394.sys
    20:10:29.0390 1020 NIC1394 - ok
    20:10:29.0406 1020 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
    20:10:29.0406 1020 Npfs - ok
    20:10:29.0437 1020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
    20:10:29.0453 1020 Ntfs - ok
    20:10:29.0500 1020 NuidFltr (cf7e041663119e09d2e118521ada9300) H:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    20:10:29.0500 1020 NuidFltr - ok
    20:10:29.0531 1020 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
    20:10:29.0531 1020 Null - ok
    20:10:29.0625 1020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:10:29.0625 1020 NwlnkFlt - ok
    20:10:29.0656 1020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:10:29.0656 1020 NwlnkFwd - ok
    20:10:29.0703 1020 ohci1394 (ca33832df41afb202ee7aeb05145922f) H:\WINDOWS\system32\DRIVERS\ohci1394.sys
    20:10:29.0703 1020 ohci1394 - ok
    20:10:29.0765 1020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\DRIVERS\parport.sys
    20:10:29.0765 1020 Parport - ok
    20:10:29.0781 1020 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
    20:10:29.0781 1020 PartMgr - ok
    20:10:29.0828 1020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys
    20:10:29.0828 1020 ParVdm - ok
    20:10:29.0875 1020 pavboot (3adb8bd6154a3ef87496e8fce9c22493) H:\WINDOWS\system32\drivers\pavboot.sys
    20:10:29.0875 1020 pavboot - ok
    20:10:29.0890 1020 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys
    20:10:29.0906 1020 PCI - ok
    20:10:29.0921 1020 PCIDump - ok
    20:10:29.0937 1020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys
    20:10:29.0937 1020 PCIIde - ok
    20:10:29.0968 1020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys
    20:10:29.0968 1020 Pcmcia - ok
    20:10:29.0984 1020 PDCOMP - ok
    20:10:30.0000 1020 PDFRAME - ok
    20:10:30.0031 1020 PDRELI - ok
    20:10:30.0046 1020 PDRFRAME - ok
    20:10:30.0062 1020 perc2 - ok
    20:10:30.0078 1020 perc2hib - ok
    20:10:30.0140 1020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:10:30.0140 1020 PptpMiniport - ok
    20:10:30.0156 1020 Processor (a32bebaf723557681bfc6bd93e98bd26) H:\WINDOWS\system32\DRIVERS\processr.sys
    20:10:30.0171 1020 Processor - ok
    20:10:30.0187 1020 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
    20:10:30.0187 1020 PSched - ok
    20:10:30.0218 1020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:10:30.0218 1020 Ptilink - ok
    20:10:30.0250 1020 ql1080 - ok
    20:10:30.0265 1020 Ql10wnt - ok
    20:10:30.0281 1020 ql12160 - ok
    20:10:30.0296 1020 ql1240 - ok
    20:10:30.0312 1020 ql1280 - ok
    20:10:30.0328 1020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:10:30.0328 1020 RasAcd - ok
    20:10:30.0375 1020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:10:30.0375 1020 Rasl2tp - ok
    20:10:30.0390 1020 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:10:30.0406 1020 RasPppoe - ok
    20:10:30.0406 1020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
    20:10:30.0406 1020 Raspti - ok
    20:10:30.0437 1020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:10:30.0437 1020 Rdbss - ok
    20:10:30.0453 1020 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:10:30.0453 1020 RDPCDD - ok
    20:10:30.0515 1020 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) H:\WINDOWS\system32\drivers\RDPWD.sys
    20:10:30.0515 1020 RDPWD - ok
    20:10:30.0562 1020 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys
    20:10:30.0562 1020 redbook - ok
    20:10:30.0609 1020 rtl8139 (d507c1400284176573224903819ffda3) H:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    20:10:30.0609 1020 rtl8139 - ok
    20:10:30.0656 1020 RTL8192su (b29eeb1ea7971bd83069eb2e2258d224) H:\WINDOWS\system32\DRIVERS\RTL8192su.sys
    20:10:30.0671 1020 RTL8192su - ok
    20:10:30.0765 1020 SASDIFSV (39763504067962108505bff25f024345) H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    20:10:30.0765 1020 SASDIFSV - ok
    20:10:30.0796 1020 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    20:10:30.0796 1020 SASKUTIL - ok
    20:10:30.0859 1020 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:10:30.0859 1020 Secdrv - ok
    20:10:30.0921 1020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\drivers\Serial.sys
    20:10:30.0921 1020 Serial - ok
    20:10:30.0968 1020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
    20:10:30.0968 1020 Sfloppy - ok
    20:10:31.0000 1020 Simbad - ok
    20:10:31.0015 1020 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
    20:10:31.0015 1020 SLIP - ok
    20:10:31.0031 1020 smserial - ok
    20:10:31.0062 1020 Sparrow - ok
    20:10:31.0093 1020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
    20:10:31.0093 1020 splitter - ok
    20:10:31.0125 1020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys
    20:10:31.0125 1020 sr - ok
    20:10:31.0171 1020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys
    20:10:31.0171 1020 Srv - ok
    20:10:31.0250 1020 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
    20:10:31.0250 1020 streamip - ok
    20:10:31.0281 1020 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
    20:10:31.0281 1020 swenum - ok
    20:10:31.0312 1020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
    20:10:31.0312 1020 swmidi - ok
    20:10:31.0359 1020 symc810 - ok
    20:10:31.0375 1020 symc8xx - ok
    20:10:31.0421 1020 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) H:\WINDOWS\System32\Drivers\SYMDNS.SYS
    20:10:31.0421 1020 SYMDNS - ok
    20:10:31.0484 1020 SymEvent (06b95820df51502099a8a15c93e87986) H:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    20:10:31.0484 1020 SymEvent - ok
    20:10:31.0515 1020 SYMFW (a131d8360b01044517aa44529e2137d6) H:\WINDOWS\System32\Drivers\SYMFW.SYS
    20:10:31.0515 1020 SYMFW - ok
    20:10:31.0531 1020 SYMIDS (2b77868f02dae02103380b824431b798) H:\WINDOWS\System32\Drivers\SYMIDS.SYS
    20:10:31.0531 1020 SYMIDS - ok
    20:10:31.0640 1020 SYMIDSCO (37e37be6c101e602acc3eee9261e88d6) H:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070108.003\SymIDSCo.sys
    20:10:31.0656 1020 SYMIDSCO - ok
    20:10:31.0671 1020 SYMNDIS (799282f4a913ca51197c9cdd34d403d6) H:\WINDOWS\System32\Drivers\SYMNDIS.SYS
    20:10:31.0671 1020 SYMNDIS - ok
    20:10:31.0687 1020 SYMREDRV (394b2368212114d538316812af60fddd) H:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    20:10:31.0687 1020 SYMREDRV - ok
    20:10:31.0750 1020 SYMTDI (d46676bb414c7531bdffe637a33f5033) H:\WINDOWS\System32\Drivers\SYMTDI.SYS
    20:10:31.0750 1020 SYMTDI - ok
    20:10:31.0765 1020 sym_hi - ok
    20:10:31.0781 1020 sym_u3 - ok
    20:10:31.0828 1020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
    20:10:31.0828 1020 sysaudio - ok
    20:10:31.0906 1020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:10:31.0906 1020 Tcpip - ok
    20:10:31.0953 1020 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
    20:10:31.0953 1020 TDPIPE - ok
    20:10:31.0984 1020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
    20:10:31.0984 1020 TDTCP - ok
    20:10:32.0015 1020 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
    20:10:32.0015 1020 TermDD - ok
    20:10:32.0046 1020 TosIde - ok
    20:10:32.0078 1020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
    20:10:32.0093 1020 Udfs - ok
    20:10:32.0109 1020 ultra - ok
    20:10:32.0140 1020 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
    20:10:32.0156 1020 Update - ok
    20:10:32.0187 1020 usbaudio (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys
    20:10:32.0187 1020 usbaudio - ok
    20:10:32.0250 1020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:10:32.0250 1020 usbccgp - ok
    20:10:32.0281 1020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:10:32.0281 1020 usbehci - ok
    20:10:32.0312 1020 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:10:32.0312 1020 usbhub - ok
    20:10:32.0343 1020 usbohci (0daecce65366ea32b162f85f07c6753b) H:\WINDOWS\system32\DRIVERS\usbohci.sys
    20:10:32.0343 1020 usbohci - ok
    20:10:32.0375 1020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:10:32.0375 1020 usbscan - ok
    20:10:32.0406 1020 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:10:32.0406 1020 usbstor - ok
    20:10:32.0453 1020 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) H:\WINDOWS\system32\Drivers\usbvideo.sys
    20:10:32.0453 1020 usbvideo - ok
    20:10:32.0484 1020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
    20:10:32.0484 1020 VgaSave - ok
    20:10:32.0500 1020 ViaIde - ok
    20:10:32.0546 1020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys
    20:10:32.0546 1020 VolSnap - ok
    20:10:32.0578 1020 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:10:32.0593 1020 Wanarp - ok
    20:10:32.0625 1020 Wdf01000 (fd47474bd21794508af449d9d91af6e6) H:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    20:10:32.0640 1020 Wdf01000 - ok
    20:10:32.0656 1020 WDICA - ok
    20:10:32.0703 1020 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
    20:10:32.0703 1020 wdmaud - ok
    20:10:32.0796 1020 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    20:10:32.0796 1020 WSTCODEC - ok
    20:10:32.0828 1020 WudfPf (f15feafffbb3644ccc80c5da584e6311) H:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:10:32.0843 1020 WudfPf - ok
    20:10:32.0859 1020 WudfRd (28b524262bce6de1f7ef9f510ba3985b) H:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:10:32.0859 1020 WudfRd - ok
    20:10:32.0921 1020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    20:10:33.0046 1020 \Device\Harddisk0\DR0 - ok
    20:10:33.0046 1020 Boot (0x1200) (ccc9decde51cf2ddfe4625f674743ffc) \Device\Harddisk0\DR0\Partition0
    20:10:33.0046 1020 \Device\Harddisk0\DR0\Partition0 - ok
    20:10:33.0046 1020 ============================================================
    20:10:33.0046 1020 Scan finished
    20:10:33.0046 1020 ============================================================
    20:10:33.0062 3480 Detected object count: 0
    20:10:33.0062 3480 Actual detected object count: 0
  4. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    I'm having issues trying to close "Norton Internet Security." The previous owners' subscription has expired and even by following the steps given there is no clear way to shut this program off.
  6. Broni

    Broni Malware Annihilator Posts: 46,728   +254

  7. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    Have tried to run ComboFix multiple times, but can never get past when it says the time may double if necessary. It will just sit there for as long as I leave the program open, and not proceed any further.

    Seems as though this can't be done easily, hah. I appreciate your patience and help tremendously.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-17 20:17:05
    -----------------------------
    20:17:05.468 OS Version: Windows 5.1.2600 Service Pack 3
    20:17:05.468 Number of processors: 1 586 0x2F02
    20:17:05.468 ComputerName: DAVID-066421D8F UserName: David
    20:17:06.218 Initialize success
    20:17:11.640 AVAST engine download error: 0
    20:17:31.218 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
    20:17:31.218 Disk 0 Vendor: ST3200822A 3.02 Size: 190782MB BusType: 3
    20:17:31.218 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS f79c5f26
    20:17:35.218 Disk 1 MBR read successfully
    20:17:35.218 Disk 1 MBR scan
    20:17:35.218 Disk 1 Windows XP default MBR code
    20:17:35.218 Disk 1 MBR hidden
    20:17:35.234 Disk 1 scanning H:\WINDOWS\system32\drivers
    20:17:41.359 Service scanning
    20:17:42.359 Modules scanning
    20:17:45.968 Disk 1 trace - called modules:
    20:17:45.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
    20:17:45.984 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x84afcab8]
    20:17:46.484 Scan finished successfully
    20:18:11.687 Disk 1 MBR has been saved successfully to "H:\Documents and Settings\David\Desktop\MBR.dat"
    20:18:11.687 The log file has been saved successfully to "H:\Documents and Settings\David\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-18 01:00:52
    -----------------------------
    01:00:52.437 OS Version: Windows 5.1.2600 Service Pack 3
    01:00:52.437 Number of processors: 1 586 0x2F02
    01:00:52.437 ComputerName: DAVID-066421D8F UserName: David
    01:00:53.781 Initialize success
    01:05:03.406 AVAST engine defs: 11111703
    01:05:09.250 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
    01:05:09.250 Disk 0 Vendor: ST3200822A 3.02 Size: 190782MB BusType: 3
    01:05:09.250 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS f798ef26
    01:05:13.312 Disk 1 MBR read successfully
    01:05:13.312 Disk 1 MBR scan
    01:05:13.359 Disk 1 Windows XP default MBR code
    01:05:13.359 Disk 1 MBR hidden
    01:05:13.546 Disk 1 scanning H:\WINDOWS\system32\drivers
    01:05:25.328 Service scanning
    01:05:27.656 Modules scanning
    01:05:31.109 Disk 1 trace - called modules:
    01:05:31.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
    01:05:31.109 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x8483cab8]
    01:05:32.718 AVAST engine scan H:\WINDOWS
    01:05:35.203 AVAST engine scan H:\WINDOWS\system32
    01:07:34.375 AVAST engine scan H:\WINDOWS\system32\drivers
    01:07:48.031 AVAST engine scan H:\Documents and Settings\David
    01:09:02.875 AVAST engine scan H:\Documents and Settings\All Users
    01:09:17.843 Scan finished successfully
    01:09:33.578 Disk 1 MBR has been saved successfully to "H:\Documents and Settings\David\Desktop\MBR.dat"
    01:09:33.609 The log file has been saved successfully to "H:\Documents and Settings\David\Desktop\aswMBR.txt"
  8. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Did you?
  9. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    Yeah tried all the fixes, but I'm still having the same issues. Does it display the files while it's scanning, or is it actually scanning in the background while the message is displayed?
  10. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  11. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    OTL logfile created on: 11/18/2011 7:11:17 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = H:\Documents and Settings\David\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    446.48 Mb Total Physical Memory | 206.05 Mb Available Physical Memory | 46.15% Memory free
    1.03 Gb Paging File | 0.87 Gb Available in Paging File | 84.55% Paging File free
    Paging file location(s): H:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
    Drive H: | 186.30 Gb Total Space | 142.99 Gb Free Space | 76.75% Space Free | Partition Type: NTFS

    Computer Name: DAVID-066421D8F | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/18 19:09:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\David\Desktop\OTL.exe
    PRC - [2011/10/21 02:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- H:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (wuauserv)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- H:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/06/25 23:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- H:\yourname\pev.3XE -- (PEVSystemStart)
    SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- H:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- H:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/14 20:55:13 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- H:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/05/31 11:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- H:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/02/11 00:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2010/01/07 09:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
    DRV - [2005/04/20 11:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1960408961-413027322-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1960408961-413027322-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-1960408961-413027322-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1960408961-413027322-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C F3 B4 54 EA A0 CB 01 [binary data]
    IE - HKU\S-1-5-21-1960408961-413027322-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: H:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: H:\Program Files\McAfee\SiteAdvisor

    [2009/10/25 15:24:22 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\David\Application Data\Mozilla\Extensions
    [2009/10/25 15:24:22 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\David\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\8.0.552.23\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = H:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\8.0.552.23\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = H:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\8.0.552.23\gcswf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Shockwave Flash (Enabled) = H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2010/10/26 17:12:14 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - H:\Program Files\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - H:\Program Files\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1960408961-413027322-839522115-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [Windows Defender] H:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1960408961-413027322-839522115-1004..\Run: [BitTorrent] H:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
    O4 - HKU\S-1-5-21-1960408961-413027322-839522115-1004..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1960408961-413027322-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1960408961-413027322-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72978FBF-C8A2-48DC-B84B-5F18D61F9BE4}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -H:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) -H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - H:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: H:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: H:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - H:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: wuauserv - File not found

    Drivers32: msacm.l3acm - H:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - H:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - H:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - H:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - H:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - H:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - H:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - H:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - H:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave - H:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/18 19:09:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\David\Desktop\OTL.exe
    [2011/11/18 18:53:11 | 000,000,000 | --SD | C] -- H:\yourname
    [2011/11/18 18:29:41 | 004,300,722 | R--- | C] (Swearware) -- H:\Documents and Settings\David\Desktop\yourname.exe
    [2011/11/18 02:30:03 | 000,000,000 | RHSD | C] -- H:\cmdcons
    [2011/11/18 02:29:14 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe
    [2011/11/18 02:29:14 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe
    [2011/11/18 02:29:14 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe
    [2011/11/18 02:29:14 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe
    [2011/11/18 02:22:00 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- H:\Documents and Settings\David\Desktop\tdsskiller.exe
    [2011/11/18 00:58:03 | 001,916,416 | ---- | C] (AVAST Software) -- H:\Documents and Settings\David\Desktop\aswMBR.exe
    [2011/11/17 21:10:10 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERDNT
    [2011/11/17 20:21:26 | 000,000,000 | ---D | C] -- H:\Qoobox
    [2011/11/17 03:59:07 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
    [2011/11/17 03:58:11 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/11/17 03:58:08 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/11/17 03:58:08 | 000,000,000 | ---D | C] -- H:\Program Files\SUPERAntiSpyware
    [2011/11/17 03:56:09 | 013,204,528 | ---- | C] (SUPERAntiSpyware.com) -- H:\Documents and Settings\David\Desktop\SUPERAntiSpyware.exe
    [2011/11/17 01:51:39 | 000,607,260 | R--- | C] (Swearware) -- H:\Documents and Settings\David\Desktop\dds.scr
    [2011/11/17 01:28:29 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\blah
    [2011/11/17 01:28:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys
    [2011/11/17 01:28:25 | 000,000,000 | ---D | C] -- H:\Program Files\blah
    [2011/11/17 01:00:16 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- H:\Documents and Settings\David\My Documents\spybotsd162.exe
    [2011/11/17 00:38:08 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- H:\Documents and Settings\David\My Documents\mbam-setup-1.51.2.1300.exe
    [2011/11/17 00:29:02 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- H:\Documents and Settings\David\My Documents\blah.bat
    [2011/11/17 00:18:42 | 000,000,000 | ---D | C] -- H:\Program Files\vaginavagina
    [2011/11/17 00:10:35 | 000,000,000 | ---D | C] -- H:\Program Files\Explorer
    [2011/11/15 05:13:45 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- H:\WINDOWS\System32\drivers\pavboot.sys
    [2011/11/15 05:13:16 | 000,000,000 | ---D | C] -- H:\Program Files\Panda Security
    [2011/11/15 04:53:33 | 000,000,000 | ---D | C] -- H:\Program Files\Windows Defender
    [2011/11/15 04:40:29 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\My Documents\BitTorrent ****
    [2011/11/15 04:39:45 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    [2011/11/15 04:38:27 | 000,000,000 | ---D | C] -- H:\Program Files\VideoLAN
    [2011/11/15 03:15:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Local Settings\Application Data\ATI
    [2011/11/15 03:15:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Application Data\ATI
    [2011/11/15 03:15:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\ATI
    [2011/11/15 02:49:57 | 000,000,000 | R--D | C] -- H:\Documents and Settings\David\Start Menu\Programs\Administrative Tools
    [2011/11/15 00:48:01 | 000,101,720 | ---- | C] (Sunbelt Software) -- H:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/11/15 00:38:58 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Local Settings\Application Data\adaware
    [2011/11/15 00:38:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2011/11/15 00:38:27 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Application Data\adawaretb
    [2011/11/15 00:38:17 | 000,000,000 | ---D | C] -- H:\Program Files\adawaretb
    [2011/11/15 00:37:40 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\DRVSTORE
    [2011/11/15 00:36:39 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Lavasoft
    [2011/11/14 23:42:07 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
    [2011/11/14 23:36:45 | 000,000,000 | ---D | C] -- H:\Program Files\ATI Technologies
    [2011/11/14 23:35:44 | 000,000,000 | ---D | C] -- H:\ATI
    [2011/11/14 21:46:28 | 000,000,000 | ---D | C] -- H:\extensions
    [2011/11/14 21:46:13 | 000,000,000 | ---D | C] -- H:\Program Files\BitTorrent
    [2011/11/14 21:40:52 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Local Settings\Application Data\BitTorrent
    [2011/11/14 21:40:52 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Application Data\BitTorrent
    [2011/11/14 21:38:15 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Start Menu\Programs\Steam
    [2011/11/14 21:30:18 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Steam
    [2011/11/14 21:30:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Steam
    [2011/11/14 21:30:15 | 000,000,000 | ---D | C] -- H:\Program Files\Steam
    [2011/11/14 21:27:11 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\LiveUpdate Notice
    [2011/11/14 21:15:49 | 000,000,000 | -H-D | C] -- H:\WINDOWS\PIF
    [2011/11/14 21:04:03 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Symantec
    [2011/11/14 21:02:25 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Symantec Shared
    [2011/11/14 20:27:52 | 000,000,000 | ---D | C] -- H:\WINDOWS\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
    [2011/11/14 19:39:13 | 000,000,000 | ---D | C] -- H:\Program Files\Java
    [2011/10/23 17:25:39 | 000,000,000 | -HSD | C] -- H:\Config.Msi
    [2011/10/21 17:36:47 | 000,000,000 | ---D | C] -- H:\Documents and Settings\David\Local Settings\Application Data\Mozilla
    [2011/10/21 17:36:32 | 000,000,000 | ---D | C] -- H:\Program Files\Mozilla Firefox(2)
    [5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/18 19:09:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\David\Desktop\OTL.exe
    [2011/11/18 19:01:00 | 000,000,234 | ---- | M] () -- H:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2011/11/18 19:00:44 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
    [2011/11/18 19:00:42 | 468,242,432 | -HS- | M] () -- H:\hiberfil.sys
    [2011/11/18 18:30:53 | 001,008,092 | ---- | M] () -- H:\Documents and Settings\David\Desktop\rkill.com
    [2011/11/18 18:29:41 | 004,300,722 | R--- | M] (Swearware) -- H:\Documents and Settings\David\Desktop\yourname.exe
    [2011/11/18 12:00:00 | 000,000,290 | ---- | M] () -- H:\WINDOWS\tasks\Defraggler Volume H Task.job
    [2011/11/18 02:30:09 | 000,000,327 | RHS- | M] () -- H:\boot.ini
    [2011/11/18 02:22:03 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- H:\Documents and Settings\David\Desktop\tdsskiller.exe
    [2011/11/18 02:21:00 | 000,000,330 | -H-- | M] () -- H:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/11/18 01:09:33 | 000,000,512 | ---- | M] () -- H:\Documents and Settings\David\Desktop\MBR.dat
    [2011/11/18 00:58:03 | 001,916,416 | ---- | M] (AVAST Software) -- H:\Documents and Settings\David\Desktop\aswMBR.exe
    [2011/11/18 00:56:35 | 000,920,384 | ---- | M] () -- H:\Documents and Settings\David\Desktop\Norton_Removal_Tool.exe
    [2011/11/18 00:50:36 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
    [2011/11/18 00:39:08 | 000,000,486 | ---- | M] () -- H:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/11/17 03:58:11 | 000,001,678 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/11/17 03:56:09 | 013,204,528 | ---- | M] (SUPERAntiSpyware.com) -- H:\Documents and Settings\David\Desktop\SUPERAntiSpyware.exe
    [2011/11/17 01:51:42 | 000,607,260 | R--- | M] (Swearware) -- H:\Documents and Settings\David\Desktop\dds.scr
    [2011/11/17 01:47:13 | 000,302,592 | ---- | M] () -- H:\Documents and Settings\David\Desktop\juko1io4.exe
    [2011/11/17 01:19:12 | 001,008,092 | ---- | M] () -- H:\Documents and Settings\David\My Documents\rkill.exe
    [2011/11/17 01:09:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- H:\Documents and Settings\David\My Documents\spybotsd162.exe
    [2011/11/17 00:47:08 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- H:\Documents and Settings\David\My Documents\mbam-setup-1.51.2.1300.exe
    [2011/11/17 00:46:40 | 001,545,858 | ---- | M] () -- H:\Documents and Settings\David\My Documents\tdsskiller.zip
    [2011/11/17 00:29:02 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- H:\Documents and Settings\David\My Documents\blah.bat
    [2011/11/15 04:50:32 | 005,154,304 | ---- | M] () -- H:\Documents and Settings\David\My Documents\WindowsDefender.msi
    [2011/11/15 04:39:46 | 000,000,719 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2011/11/15 03:00:53 | 000,002,577 | ---- | M] () -- H:\WINDOWS\System32\CONFIG.NT
    [2011/11/15 00:48:01 | 000,101,720 | ---- | M] (Sunbelt Software) -- H:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/11/14 23:28:54 | 000,000,039 | ---- | M] () -- H:\WINDOWS\wwwbatch.ini
    [2011/11/14 21:46:17 | 000,000,668 | ---- | M] () -- H:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2011/11/14 21:46:17 | 000,000,650 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
    [2011/11/14 21:38:15 | 000,000,213 | ---- | M] () -- H:\Documents and Settings\David\Desktop\Counter-Strike Source.url
    [2011/11/14 21:30:20 | 000,000,664 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Steam.lnk
    [2011/11/14 20:50:06 | 000,095,072 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
    [2011/11/14 20:45:54 | 000,463,156 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
    [2011/11/14 20:45:54 | 000,080,218 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
    [2011/10/21 20:22:47 | 000,000,000 | -H-- | M] () -- H:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/18 19:00:42 | 468,242,432 | -HS- | C] () -- H:\hiberfil.sys
    [2011/11/18 18:30:42 | 001,008,092 | ---- | C] () -- H:\Documents and Settings\David\Desktop\rkill.com
    [2011/11/18 02:29:14 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
    [2011/11/18 02:29:14 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
    [2011/11/18 02:29:14 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
    [2011/11/18 02:29:14 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
    [2011/11/18 02:29:14 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
    [2011/11/18 00:56:25 | 000,920,384 | ---- | C] () -- H:\Documents and Settings\David\Desktop\Norton_Removal_Tool.exe
    [2011/11/17 21:12:22 | 000,000,210 | ---- | C] () -- H:\Boot.bak
    [2011/11/17 21:12:19 | 000,260,272 | RHS- | C] () -- H:\cmldr
    [2011/11/17 20:18:11 | 000,000,512 | ---- | C] () -- H:\Documents and Settings\David\Desktop\MBR.dat
    [2011/11/17 03:58:11 | 000,001,678 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/11/17 01:47:10 | 000,302,592 | ---- | C] () -- H:\Documents and Settings\David\Desktop\juko1io4.exe
    [2011/11/17 01:19:07 | 001,008,092 | ---- | C] () -- H:\Documents and Settings\David\My Documents\rkill.exe
    [2011/11/17 00:46:40 | 001,545,858 | ---- | C] () -- H:\Documents and Settings\David\My Documents\tdsskiller.zip
    [2011/11/15 04:57:44 | 000,000,330 | -H-- | C] () -- H:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/11/15 04:53:53 | 000,000,955 | ---- | C] () -- H:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
    [2011/11/15 04:50:11 | 005,154,304 | ---- | C] () -- H:\Documents and Settings\David\My Documents\WindowsDefender.msi
    [2011/11/15 04:39:46 | 000,000,719 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2011/11/15 00:40:15 | 000,000,486 | ---- | C] () -- H:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/11/14 23:38:55 | 000,593,920 | ---- | C] () -- H:\WINDOWS\System32\ati2sgag.exe
    [2011/11/14 23:28:54 | 000,000,039 | ---- | C] () -- H:\WINDOWS\wwwbatch.ini
    [2011/11/14 21:46:17 | 000,000,668 | ---- | C] () -- H:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2011/11/14 21:46:17 | 000,000,650 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
    [2011/11/14 21:38:15 | 000,000,213 | ---- | C] () -- H:\Documents and Settings\David\Desktop\Counter-Strike Source.url
    [2011/11/14 21:30:20 | 000,000,664 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Steam.lnk
    [2011/05/09 22:23:54 | 000,003,584 | ---- | C] () -- H:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/26 18:10:56 | 000,000,010 | ---- | C] () -- H:\WINDOWS\WININIT.INI
    [2010/01/17 23:08:55 | 000,020,480 | ---- | C] () -- H:\WINDOWS\System32\drivers\WLNdis50.sys
    [2009/10/16 15:08:06 | 000,156,672 | ---- | C] () -- H:\WINDOWS\System32\RtlCPAPI.dll
    [2009/10/16 15:08:06 | 000,040,960 | ---- | C] () -- H:\WINDOWS\System32\ChCfg.exe
    [2009/10/15 17:34:35 | 000,000,000 | ---- | C] () -- H:\WINDOWS\ativpsrm.bin
    [2009/10/15 17:34:27 | 000,887,724 | ---- | C] () -- H:\WINDOWS\System32\ativva6x.dat
    [2009/10/15 17:34:26 | 003,107,788 | R--- | C] () -- H:\WINDOWS\System32\ativvaxx.dat
    [2009/10/15 17:34:26 | 003,107,788 | ---- | C] () -- H:\WINDOWS\System32\ativva5x.dat
    [2009/10/15 17:34:26 | 000,189,051 | ---- | C] () -- H:\WINDOWS\System32\atiicdxx.dat
    [2009/10/15 14:47:45 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat
    [2009/10/15 14:42:37 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat
    [2009/10/15 05:18:06 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
    [2009/10/15 05:16:46 | 000,095,072 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT
    [2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- H:\WINDOWS\System32\oembios.bin
    [2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- H:\WINDOWS\System32\mlang.dat
    [2006/02/28 05:00:00 | 000,463,156 | ---- | C] () -- H:\WINDOWS\System32\perfh009.dat
    [2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- H:\WINDOWS\System32\perfi009.dat
    [2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- H:\WINDOWS\System32\dssec.dat
    [2006/02/28 05:00:00 | 000,080,218 | ---- | C] () -- H:\WINDOWS\System32\perfc009.dat
    [2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- H:\WINDOWS\System32\mib.bin
    [2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- H:\WINDOWS\System32\perfd009.dat
    [2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- H:\WINDOWS\System32\secupd.dat
    [2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- H:\WINDOWS\System32\oembios.dat
    [2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- H:\WINDOWS\System32\dcache.bin
    [2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- H:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/11/18 04:32:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2010/11/01 16:01:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/11/15 03:06:49 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/10/15 17:47:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData
    [2011/09/25 19:07:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2011/11/15 22:59:22 | 000,000,000 | ---D | M] -- H:\Documents and Settings\David\Application Data\adawaretb
    [2010/05/09 14:22:24 | 000,000,000 | ---D | M] -- H:\Documents and Settings\David\Application Data\Auslogics
    [2011/11/18 19:02:24 | 000,000,000 | ---D | M] -- H:\Documents and Settings\David\Application Data\BitTorrent
    [2011/01/18 06:11:02 | 000,000,000 | ---D | M] -- H:\Documents and Settings\David\Application Data\FreeFileViewer
    [2010/10/16 12:46:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\David\Application Data\LimeWire
    [2010/10/26 17:42:51 | 000,000,000 | ---D | M] -- H:\Documents and Settings\David\Application Data\Reviversoft
    [2011/11/18 00:39:08 | 000,000,486 | ---- | M] () -- H:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2011/11/18 12:00:00 | 000,000,290 | ---- | M] () -- H:\WINDOWS\Tasks\Defraggler Volume H Task.job
    [2011/11/18 02:21:00 | 000,000,330 | -H-- | M] () -- H:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/11/18 19:01:00 | 000,000,234 | ---- | M] () -- H:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/10/15 05:15:32 | 000,000,210 | ---- | M] () -- H:\Boot.bak
    [2011/11/18 02:30:09 | 000,000,327 | RHS- | M] () -- H:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- H:\cmldr
    [2011/11/18 19:00:42 | 468,242,432 | -HS- | M] () -- H:\hiberfil.sys
    [2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- H:\NTDETECT.COM
    [2010/10/15 18:12:08 | 000,250,048 | RHS- | M] () -- H:\ntldr
    [2011/11/18 19:00:38 | 704,643,072 | -HS- | M] () -- H:\pagefile.sys
    [2011/11/18 18:51:58 | 000,000,418 | ---- | M] () -- H:\rkill.log
    [2011/11/17 20:15:29 | 000,048,822 | ---- | M] () -- H:\TDSSKiller.2.6.19.0_17.11.2011_20.10.17_log.txt
    [2011/11/18 02:22:58 | 000,045,446 | ---- | M] () -- H:\TDSSKiller.2.6.19.0_18.11.2011_02.22.03_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- H:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- H:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- H:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- H:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/10/15 14:45:02 | 000,000,067 | -HS- | M] () -- H:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2011/07/14 20:55:11 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- H:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/11/18 00:42:41 | 000,001,730 | -H-- | M] () -- H:\Documents and Settings\David\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/10/15 05:15:32 | 000,094,208 | ---- | M] () -- H:\WINDOWS\System32\config\default.sav
    [2009/10/15 05:15:32 | 000,634,880 | ---- | M] () -- H:\WINDOWS\System32\config\software.sav
    [2009/10/15 05:15:32 | 000,892,928 | ---- | M] () -- H:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/10/15 18:16:18 | 000,000,272 | -HS- | M] () -- H:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/10/15 15:12:40 | 000,000,119 | -HS- | M] () -- H:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/10/15 15:12:39 | 000,000,079 | ---- | M] () -- H:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/18 00:58:03 | 001,916,416 | ---- | M] (AVAST Software) -- H:\Documents and Settings\David\Desktop\aswMBR.exe
    [2011/11/17 01:47:13 | 000,302,592 | ---- | M] () -- H:\Documents and Settings\David\Desktop\juko1io4.exe
    [2011/11/18 00:56:35 | 000,920,384 | ---- | M] () -- H:\Documents and Settings\David\Desktop\Norton_Removal_Tool.exe
    [2011/11/18 19:09:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\David\Desktop\OTL.exe
    [2011/11/17 03:56:09 | 013,204,528 | ---- | M] (SUPERAntiSpyware.com) -- H:\Documents and Settings\David\Desktop\SUPERAntiSpyware.exe
    [2011/11/18 02:22:03 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- H:\Documents and Settings\David\Desktop\tdsskiller.exe
    [2011/11/18 18:29:41 | 004,300,722 | R--- | M] (Swearware) -- H:\Documents and Settings\David\Desktop\yourname.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2010/09/01 02:19:38 | 000,000,698 | ---- | M] () -- H:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/11/17 00:47:08 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- H:\Documents and Settings\David\My Documents\mbam-setup-1.51.2.1300.exe
    [2011/11/17 01:19:12 | 001,008,092 | ---- | M] () -- H:\Documents and Settings\David\My Documents\rkill.exe
    [2011/11/17 01:09:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- H:\Documents and Settings\David\My Documents\spybotsd162.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/10/15 15:12:39 | 000,000,122 | -HS- | M] () -- H:\Documents and Settings\David\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/11/18 19:00:49 | 000,327,680 | ---- | M] () -- H:\Documents and Settings\David\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- H:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- H:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 11:07:23 | 000,002,882 | ---- | M] () -- H:\Program Files\Messenger\newalert.wav
    [2007/04/02 11:07:23 | 000,006,156 | ---- | M] () -- H:\Program Files\Messenger\newemail.wav
    [2007/04/02 11:07:24 | 000,006,160 | ---- | M] () -- H:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- H:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- H:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  12. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    OTL Extras logfile created on: 11/18/2011 7:11:17 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = H:\Documents and Settings\David\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    446.48 Mb Total Physical Memory | 206.05 Mb Available Physical Memory | 46.15% Memory free
    1.03 Gb Paging File | 0.87 Gb Available in Paging File | 84.55% Paging File free
    Paging file location(s): H:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
    Drive H: | 186.30 Gb Total Space | 142.99 Gb Free Space | 76.75% Space Free | Partition Type: NTFS

    Computer Name: DAVID-066421D8F | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "H:\Program Files\LimeWire\LimeWire.exe" = H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    "H:\Program Files\Steam\Steam.exe" = H:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "H:\Program Files\BitTorrent\BitTorrent.exe" = H:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "H:\Program Files\adawaretb\dtUser.exe" = H:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)
    "H:\Program Files\Steam\steamapps\jlw69420\counter-strike source\hl2.exe" = H:\Program Files\Steam\steamapps\jlw69420\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
    "{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
    "{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
    "{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
    "{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
    "{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
    "{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
    "{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
    "{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
    "{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
    "{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
    "{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
    "{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
    "{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
    "{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
    "{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
    "{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
    "{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
    "{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
    "{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
    "{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
    "{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
    "{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
    "{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
    "{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "adawaretb" = Ad-Aware Security Toolbar
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "BitTorrent" = BitTorrent
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Steam App 240" = Counter-Strike: Source
    "VLC media player" = VLC media player 1.1.11
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/18/2011 3:11:06 AM | Computer Name = DAVID-066421D8F | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: DAVID-066421D8F\David Checkpoint ID: 1 Error Code: 0x8000ffff

    Error
    description: Catastrophic failure

    Error - 11/18/2011 3:31:33 AM | Computer Name = DAVID-066421D8F | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 11/18/2011 3:31:51 AM | Computer Name = DAVID-066421D8F | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: DAVID-066421D8F\David Checkpoint ID: 1 Error Code: 0x80070005

    Error
    description: Access is denied.

    Error - 11/18/2011 3:31:51 AM | Computer Name = DAVID-066421D8F | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: DAVID-066421D8F\David Checkpoint ID: 1 Error Code: 0x8000ffff

    Error
    description: Catastrophic failure

    Error - 11/18/2011 3:46:05 AM | Computer Name = DAVID-066421D8F | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 11/18/2011 3:46:26 AM | Computer Name = DAVID-066421D8F | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: DAVID-066421D8F\David Checkpoint ID: 1 Error Code: 0x80070005

    Error
    description: Access is denied.

    Error - 11/18/2011 3:46:26 AM | Computer Name = DAVID-066421D8F | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: DAVID-066421D8F\David Checkpoint ID: 1 Error Code: 0x8000ffff

    Error
    description: Catastrophic failure

    Error - 11/18/2011 5:26:21 AM | Computer Name = DAVID-066421D8F | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 11/18/2011 5:27:06 AM | Computer Name = DAVID-066421D8F | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 11/18/2011 9:33:26 PM | Computer Name = DAVID-066421D8F | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
    iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

    [ System Events ]
    Error - 11/17/2011 11:31:29 PM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7000
    Description = The LogMeIn Kernel Information Provider service failed to start due
    to the following error: %%3

    Error - 11/17/2011 11:35:42 PM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7000
    Description = The LogMeIn Kernel Information Provider service failed to start due
    to the following error: %%3

    Error - 11/17/2011 11:35:42 PM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7024
    Description = The Java Quick Starter service terminated with service-specific error
    1 (0x1).

    Error - 11/17/2011 11:43:43 PM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7034
    Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 11/17/2011 11:50:18 PM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7034
    Description = The Symantec Core LC service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 11/17/2011 11:50:51 PM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7031
    Description = The SAS Core Service service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 11/18/2011 12:09:58 AM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7034
    Description = The LiveUpdate service terminated unexpectedly. It has done this
    1 time(s).

    Error - 11/18/2011 3:10:47 AM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7000
    Description = The LogMeIn Kernel Information Provider service failed to start due
    to the following error: %%3

    Error - 11/18/2011 3:10:48 AM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7024
    Description = The Java Quick Starter service terminated with service-specific error
    1 (0x1).

    Error - 11/18/2011 3:10:48 AM | Computer Name = DAVID-066421D8F | Source = Service Control Manager | ID = 7023
    Description = The Automatic Updates service terminated with the following error:
    %%126


    < End of report >
  13. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  14. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    Pasted the wrong script here, sorry.
  15. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\H:
    \\.\H: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    EDIT: Pasted wrong one, hah.
  16. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run aswMBR and GMER again and post both logs.
  17. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    About that... We don't have any blank CDs here, I could pick them up from the store, but I wouldn't be able to for a couple hours or so, is there any other way to do this?
  18. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Yes.

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y".)

    exit

    Reboot computer.

    NOTE. Recovery Console may be not present on your computer.
    Let me know if you do NOT have that option.
  19. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    Okay, I did that successfully, now what should I do?
  20. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    ...
  21. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    Oh, duh haha. :p
    By the way, I greatly appreciate all the help, you're an awesome individual for your dedication to this board.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-18 20:40:43
    -----------------------------
    20:40:43.125 OS Version: Windows 5.1.2600 Service Pack 3
    20:40:43.125 Number of processors: 1 586 0x2F02
    20:40:43.125 ComputerName: DAVID-066421D8F UserName: David
    20:40:43.828 Initialize success
    20:41:00.218 AVAST engine defs: 11111703
    20:41:02.953 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
    20:41:02.953 Disk 0 Vendor: ST3200822A 3.02 Size: 190782MB BusType: 3
    20:41:02.953 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS f79b5f26
    20:41:06.968 Disk 1 MBR read successfully
    20:41:06.968 Disk 1 MBR scan
    20:41:07.093 Disk 1 Windows XP default MBR code
    20:41:07.093 Disk 1 MBR hidden
    20:41:07.234 Disk 1 scanning H:\WINDOWS\system32\drivers
    20:41:16.968 Service scanning
    20:41:18.062 Modules scanning
    20:41:23.953 Disk 1 trace - called modules:
    20:41:23.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
    20:41:23.968 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x84bb62c0]
    20:41:24.984 AVAST engine scan H:\WINDOWS
    20:41:28.468 AVAST engine scan H:\WINDOWS\system32
    20:42:57.000 AVAST engine scan H:\WINDOWS\system32\drivers
    20:43:10.000 AVAST engine scan H:\Documents and Settings\David
    20:46:22.781 AVAST engine scan H:\Documents and Settings\All Users
    20:46:33.640 Scan finished successfully
    20:48:24.609 Disk 1 MBR has been saved successfully to "H:\Documents and Settings\David\Desktop\MBR.dat"
    20:48:24.656 The log file has been saved successfully to "H:\Documents and Settings\David\Desktop\asw2.txt"


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-18 21:09:56
    Windows 5.1.2600 Service Pack 3
    Running: juko1io4.exe; Driver: H:\DOCUME~1\David\LOCALS~1\Temp\fwkdapoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF2A63640]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text H:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F8B000, 0x1C5D38, 0xE8000020]
    ? H:\DOCUME~1\David\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] ws2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A20F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] ws2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719F0F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] ws2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] ws2_32.dll!send 71AB4C27 6 Bytes JMP 719C0F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] ws2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71930F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] ws2_32.dll!recv 71AB676F 6 Bytes JMP 71990F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] ws2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71960F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3356] ws2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71900F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF H:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
    .text H:\Program Files\Internet Explorer\iexplore.exe[3504] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT H:\Program Files\Internet Explorer\iexplore.exe[3504] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] H:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----
  22. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Something is not right there.

    When you ran "fixmbr" did you get confirmation it was successful?

    Assuming Combofix is on your desktop (if it's not, move it there)....

    Go Start>Run and paste this command:

    "%userprofile%\desktop\ComboFix.exe" /KillAll

    Click OK.

    If the above command won't launch Combofix, try this command:

    "%userprofile%\desktop\ComboFix.exe" /nombr

    Try the above in normal or safe mode.
  23. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    Still no progress with ComboFix.... Tried normal and safe mode.

    And yeah, it said it was successful when I ran fixmbr.

    Although, before it let me get to the H:/ prompt, it said something to the effect of which windows process (or something) would you like to run, and it would only let me input one letter/number, so I just typed in the number 1? Was there something else I should have entered?

    And what did you mean by something not being right there?
  24. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
  25. jhoward218

    jhoward218 TS Rookie Topic Starter Posts: 23

    I understand you said no attachments, but this log is so massive that it's difficult and ridiculously monotonous to attempt to copy and paste it in segments while trying to guess if it's under 50000 characters.

    I can't even attach it as one file, I had to split that up, too.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.