TechSpot

Search being redirected

By loupas
Jan 27, 2011
  1. Hello,

    Never heard from anyone earlier today so I am not sure if i did something wrong when I requested help. (original post - Search results redirected from any search engine (Part1) )
    Was not sure how to post logs that exceeded limit Posted balance of logs as a reply in this post.

    Search results from any engine (bing, google etc) are redirected to a random website the first time. When I try again I am brought to the correct place. I have completed all the steps (8) as required with the logs attached. Text too long so last two logs on next post. I used Avira as my virus scan and it slowed down my boot up considerably. Windows XP, IE8 ,Dell Dimension 8100 (old but serves my current needs).

    Thank You for any help on this.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5611

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/27/2011 7:50:42 AM
    mbam-log-2011-01-27 (07-50-42).txt

    Scan type: Quick scan
    Objects scanned: 156495
    Time elapsed: 12 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes InfectedNo malicious items detected)
    Memory Modules InfectedNo malicious items detected)
    Registry Keys InfectedNo malicious items detected)
    Registry Values InfectedNo malicious items detected)
    Registry Data Items InfectedNo malicious items detected)
    Folders Infected: (No malicious items detected)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-27 08:38:22
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 IC35L040AVER07-0 rev.ER4OA41A
    Running: j0nczy9b.exe; Driver: C:\DOCUME~1\Louis\LOCALS~1\Temp\pxtdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT AF92C7AE ZwCreateKey
    SSDT AF92C7A4 ZwCreateThread
    SSDT AF92C7B3 ZwDeleteKey
    SSDT AF92C7BD ZwDeleteValueKey
    SSDT AF92C7C2 ZwLoadKey
    SSDT AF92C790 ZwOpenProcess
    SSDT AF92C795 ZwOpenThread
    SSDT AF92C7CC ZwReplaceKey
    SSDT AF92C7C7 ZwRestoreKey
    SSDT AF92C7B8 ZwSetValueKey

    ---- Kernel code sections - GMER 1.0.15 ----

    .rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF762F514]
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C65360, 0x24BB1D, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\program files\real\realplayer\update\realsched.exe[224] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[760] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[2264] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A3C4AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A3C4AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8A3C4AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-18 8A3C4AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-20 8A3C4AEA
    Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskIC35L040AVER07-0________________________ER4OA41A#5&297a1a48&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Type 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Start 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Tag 4
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@ImagePath System32\DRIVERS\tcpip.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DisplayName TCP/IP Protocol Driver
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Group PNP_TDI
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DependOnService IPSec?
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DependOnGroup
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Description TCP/IP Protocol Driver
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@NV Hostname dell
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DataBasePath %SystemRoot%\System32\drivers\etc
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@ForwardBroadcasts 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@IPEnableRouter 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@Domain
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@Hostname dell
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DeadGWDetectDefault 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@SearchList
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@UseDomainNameDevolution 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@EnableICMPRedirect 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DontAddDefaultGatewayDe fault 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@EnableSecurityFilters 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DhcpNameServer 209.18.47.61 209.18.47.62
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DhcpDomain nc.rr.com
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLIn terface WANARP
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpCo nfig Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}?Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}?
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumI nterfaces 2
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}@LLInterface
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}@IpConfig Tcpip\Parameters\Interfaces\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}?
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@UseZeroBroadcast 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@EnableDHCP 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@IPAddress 0.0.0.0?
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@SubnetMask 0.0.0.0?
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@DefaultGateway
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@EnableDeadGWDetect 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@DontAddDefaultGateway 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@UseZeroBroadcast 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@EnableDHCP 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@IPAddress 0.0.0.0?
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@SubnetMask 0.0.0.0?
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@DefaultGateway
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@EnableDeadGWDetect 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@DontAddDefaultGateway 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @Installed 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ NoChange 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ Installed 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@ Installed 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sectors 78165104 (+255): rootkit-like behavior;

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat 16384 bytes
    File C:\WINDOWS\system32\drivers\disk.sys suspicious modification; TDL3 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0158 ----
     
  2. loupas

    loupas TS Rookie Topic Starter

    Remaining logs

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Louis at 8:43:16.43 on Thu 01/27/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.886 [GMT -5:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    svchost.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\program files\real\realplayer\RealPlay.exe
    c:\program files\real\realplayer\RealPlay.exe
    c:\program files\real\realplayer\RealPlay.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Louis\Desktop\dds.scr
    c:\program files\real\realplayer\RealPlay.exe

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
    TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [DellTouch] c:\windows\DELLMMKB.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [TraySantaCruz] c:\windows\system32\tbctray.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
    DPF: {01111C00-3E00-11D2-8470-0060089874ED} - hxxp://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
    DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
    DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
    DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120335949881
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123452782626
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024}
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
    DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = :\windows\system32\srrst

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\louis\applic~1\mozilla\firefox\profiles\fyipjy0t.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=e012fa3000174e8ca31a07 2c09260b6a&subid=
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrows errecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrows errecordlegacyext.dll
    FF - component: c:\documents and settings\louis\application data\mozilla\firefox\profiles\fyipjy0t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1

    ============= SERVICES / DRIVERS ===============

    R? DIGIRPS;Digi PortServer Driver
    R? gupdate1c98fc9a5dbb790;Google Update Service (gupdate1c98fc9a5dbb790)
    R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
    R? Lavasoft Kernexplorer;Lavasoft helper driver
    R? NmPar;Unusable Parallel Port
    R? nmserial;PCI Serial Port
    R? SASENUM;SASENUM
    R? vtdg46xx;vtdg46xx
    S? AntiVirSchedulerService;Avira AntiVir Scheduler
    S? AntiVirService;Avira AntiVir Guard
    S? avgio;avgio
    S? avgntflt;avgntflt
    S? CFRMD;CFRMD
    S? CFRPD;CFRPD
    S? Cleaner_Validator;COMODO System - Cleaner Service
    S? cmosa;cmosa
    S? Lbd;Lbd
    S? Msikbd2k;DellTouch
    S? Nhksrv;Netropa NHK Server
    S? SASDIFSV;SASDIFSV
    S? SASKUTIL;SASKUTIL
    S? tbcspud;Santa Cruz Driver
    S? tbcwdm;Santa Cruz WDM Driver

    =============== Created Last 30 ================

    2067-02-24 20:21:18 79947 ----a-w- c:\windows\fw20.vxd
    2011-01-27 00:06:38 -------- d-----w- c:\docume~1\louis\applic~1\Avira
    2011-01-26 23:55:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-26 23:55:35 -------- d-----w- c:\program files\Avira
    2011-01-26 23:55:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-01-26 23:25:15 28654 ----a-w- c:\windows\cscmondump.bin
    2011-01-25 15:47:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-01-25 15:47:14 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-23 18:25:47 -------- d-----w- c:\documents and settings\louis\Tracing
    2011-01-23 18:02:47 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-01-23 17:58:43 -------- d-----w- c:\program files\Microsoft
    2011-01-23 17:58:23 -------- d-----w- c:\program files\Windows Live SkyDrive
    2011-01-23 17:56:51 74520 ----a-w- c:\program files\common files\windows live\.cache\e9ff23701cbbb26\DSETUP.dll
    2011-01-23 17:56:51 484632 ----a-w- c:\program files\common files\windows live\.cache\e9ff23701cbbb26\DXSETUP.exe
    2011-01-23 17:56:51 1670936 ----a-w- c:\program files\common files\windows live\.cache\e9ff23701cbbb26\dsetup32.dll
    2011-01-23 17:56:30 1013800 ----a-w- c:\program files\common files\windows live\.cache\dcf8e0501cbbb26\WindowsXP-KB954708-x86-ENU.exe
    2011-01-23 17:51:53 -------- d-----w- c:\program files\common files\Windows Live
    2011-01-12 00:32:34 -------- d-----w- c:\program files\Search Toolbar
    2011-01-12 00:32:25 -------- d-----w- c:\program files\File Extension Finder
    2011-01-10 17:46:47 -------- d-----w- c:\docume~1\louis\applic~1\webex
    2011-01-10 17:44:58 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys
    2011-01-10 17:44:45 202832 ----a-w- c:\windows\system32\atasnt40.dll
    2011-01-03 23:33:38 388096 ----a-r- c:\docume~1\louis\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-03 23:31:25 -------- d-----w- c:\program files\Trend Micro
    2011-01-02 16:58:30 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
    2011-01-02 16:58:13 -------- d-----w- c:\program files\common files\xing shared
    2011-01-02 16:57:58 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2011-01-02 16:57:44 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
    2011-01-02 05:55:47 -------- d-----w- c:\docume~1\louis\applic~1\Local
    2011-01-01 01:28:33 -------- d-----w- c:\windows\system32\TVUAx
    2011-01-01 01:28:10 -------- d-----w- c:\program files\P2PFilter
    2011-01-01 01:22:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Readon

    ==================== Find3M ====================

    2011-01-02 16:57:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-01-02 16:57:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: IC35L040AVER07-0 rev.ER4OA41A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A3C4EC5]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89038872; SUB DWORD [EBP-0x4], 0x8903812e; PUSH EDI; CALL 0xffffffffffffdf33; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A447AB8]
    3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A45B9D8]
    [0x8A432890] -> IRP_MJ_CREATE -> 0x8A3C4EC5
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskIC35L040AVER07-0________________________ER4OA41A#5&297a1a48&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A3C4AEA
    user & kernel MBR OK
    sectors 78165358 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 8:57:04.05 ===============

    7300
    7300_Help
    7300Trb
    Ad-Aware
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.2.5
    Adobe SVG Viewer 6.0
    AiO_Scan
    AiOSoftware
    Apple Application Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Backup Dell-Installed Programs
    Bonjour
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    COMODO System-Cleaner
    Compatibility Pack for the 2007 Office system
    Copy
    Coupon Printer for Windows
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Dell Digital Jukebox Driver
    Dell Solution Center
    DellTouch
    Destinations
    Director
    DivX Setup
    DocProc
    DocumentViewer
    Easy CD Creator 5 Basic
    erLT
    Fax
    GdiplusUpgrade
    Google Earth Plug-in
    Google Update Helper
    GoToMeeting 4.1.0.366
    HAI Dealer PC Access 2.16a
    HAI Dealer PC Access 3
    HAI PC Access 2.15
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Driver Diagnostics
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Product Assistant
    HP Product Detection
    HP PSC & OfficeJet 4.7
    HP Update
    HPODiscovery
    HPSystemDiagnostics
    InstantShare
    Java 2 Runtime Environment, SE v1.4.2
    Java Auto Updater
    Java(TM) 6 Update 18
    Junk Mail filter update
    Logitech Desktop Messenger
    Lucent Win Modem
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    MarketResearch
    Meeting Service
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 7.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.3
    Microsoft Office XP Media Content
    Microsoft Office XP Professional
    Microsoft Plus! for Windows XP
    Microsoft Publisher 2002
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Move Media Player
    Mozilla Firefox (2.0)
    MSN Music Assistant
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Musicmatch® Jukebox
    NVIDIA Drivers
    OpenOffice.org Installer 1.0
    OrangeWare USB2.0 Driver
    overland
    P2PFilter 3.0.5
    PanoStandAlone
    PhotoGallery
    PowerDVD
    PrimoPDF
    ProductContext
    QFolder
    QuickTime
    Readme
    Readon TV Movie Radio Player 7.2.0.0
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Santa Cruz
    Scan
    ScannerCopy
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SkinsHP1
    SQL Server System CLR Types
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WebReg
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    Xvid 1.2.1 final uninstall

    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    First of all, all helpers here are just volunteers. We don't provide 911 service.
    Stop creating multiple topics.
    Create one and wait patiently.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Now, you're infected with a rootkit.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  4. loupas

    loupas TS Rookie Topic Starter

    TDSS Killer loaded and executed

    Broni

    i am sorry for the multiple posts yesterday but I was not sure how to split up the logs (2 new topic or one topic with one reply). I was also confused with the "active" and thought it meant that if someone was being helped it was denoted by active. Accorrdingly, I thought others were being helped and I was being skipped because I did somethng wrong. I later in the evening figured out it had to do with being a member of the forum. I'm sorry.

    Now, since I thought was not being helped, I reviewed the logs myself and determined that this was a rootkit problem. After looking at other posts I downloaded TDSS killer and ran it on my own. It found one object (with cure) and I hit continue. It rebooted the machine and the search bar worked correctly after that. Do you need me to do anything else? The log is below. Oh, before I forget, windows update wanted me to enter an update for IE security. I canceled it because of not changing anything after the post? Should I go back and get this update and install it now?

    Thank you.


    2011/01/27 14:51:19.0347 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/27 14:51:19.0347 ================================================================================
    2011/01/27 14:51:19.0347 SystemInfo:
    2011/01/27 14:51:19.0347
    2011/01/27 14:51:19.0347 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/27 14:51:19.0347 Product type: Workstation
    2011/01/27 14:51:19.0347 ComputerName: DELL
    2011/01/27 14:51:19.0347 UserName: Louis
    2011/01/27 14:51:19.0347 Windows directory: C:\WINDOWS
    2011/01/27 14:51:19.0347 System windows directory: C:\WINDOWS
    2011/01/27 14:51:19.0347 Processor architecture: Intel x86
    2011/01/27 14:51:19.0347 Number of processors: 1
    2011/01/27 14:51:19.0347 Page size: 0x1000
    2011/01/27 14:51:19.0347 Boot type: Normal boot
    2011/01/27 14:51:19.0347 ================================================================================
    2011/01/27 14:51:19.0887 Initialize success
    2011/01/27 14:51:34.0559 ================================================================================
    2011/01/27 14:51:34.0559 Scan started
    2011/01/27 14:51:34.0559 Mode: Manual;
    2011/01/27 14:51:34.0559 ================================================================================
    2011/01/27 14:51:36.0982 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/27 14:51:37.0563 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/27 14:51:38.0414 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/27 14:51:38.0955 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/27 14:51:39.0496 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/27 14:51:42.0971 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/27 14:51:43.0481 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/27 14:51:44.0413 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/27 14:51:44.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/27 14:51:45.0364 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/01/27 14:51:45.0885 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/01/27 14:51:46.0446 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/01/27 14:51:46.0986 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/27 14:51:47.0517 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/27 14:51:48.0439 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/27 14:51:49.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/27 14:51:49.0590 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    2011/01/27 14:51:50.0141 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    2011/01/27 14:51:50.0612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/27 14:51:51.0203 cdudf_xp (5b20a47b0413240cdb93106bd58602a1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
    2011/01/27 14:51:51.0783 CFRMD (a6811f84b3df61e22e4f8749d9a8af61) C:\WINDOWS\system32\DRIVERS\CFRMD.sys
    2011/01/27 14:51:52.0364 CFRPD (e854bd45cfb2898108ceccba89b67d0d) C:\WINDOWS\system32\DRIVERS\CFRPD.sys
    2011/01/27 14:51:53.0576 cmosa (2bb3c81c74f83f9a86239e088ec4bd6a) C:\WINDOWS\system32\DRIVERS\cmosa.sys
    2011/01/27 14:51:55.0188 DIGIRPS (9ae322f68cb80e6b1681b3a650e93edd) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
    2011/01/27 14:51:55.0629 Disk (ca2d25d9799d4551b77cdc5752d3c6c6) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/27 14:51:55.0629 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: ca2d25d9799d4551b77cdc5752d3c6c6, Fake md5: 044452051f3e02e7963599fc8f4f3e25
    2011/01/27 14:51:55.0669 Disk - detected Rootkit.Win32.TDSS.tdl3 (0)
    2011/01/27 14:51:56.0440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/27 14:51:57.0231 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/27 14:51:57.0792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/27 14:51:58.0223 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/27 14:51:58.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/27 14:51:59.0494 dvd_2K (3677e155d87dda2bc53142d7d234d12a) C:\WINDOWS\system32\drivers\dvd_2K.sys
    2011/01/27 14:51:59.0975 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    2011/01/27 14:52:00.0496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/27 14:52:00.0987 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/27 14:52:01.0427 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/27 14:52:01.0888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/27 14:52:02.0439 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/27 14:52:03.0020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/27 14:52:03.0550 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/27 14:52:04.0021 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/01/27 14:52:04.0532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/27 14:52:05.0113 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/27 14:52:06.0184 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/01/27 14:52:06.0655 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/01/27 14:52:07.0085 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/01/27 14:52:07.0586 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/27 14:52:08.0858 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/27 14:52:09.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/27 14:52:10.0290 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/27 14:52:10.0721 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/27 14:52:11.0191 IPFilter (0f42b3db32c7325755c24bc5de3fff78) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
    2011/01/27 14:52:11.0632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/27 14:52:12.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/27 14:52:12.0643 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/27 14:52:13.0164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/27 14:52:13.0905 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/27 14:52:14.0386 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/27 14:52:14.0857 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/27 14:52:15.0678 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/01/27 14:52:16.0168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/27 14:52:16.0659 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/27 14:52:16.0940 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2011/01/27 14:52:17.0440 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2011/01/27 14:52:18.0512 ltmodem5 (63dd59fa7e685ea274f56da5774f2f3b) C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys
    2011/01/27 14:52:19.0173 MagicTune (f627e9da4d3d8dc05a15b68944302f14) C:\WINDOWS\system32\drivers\MTiCtwl.sys
    2011/01/27 14:52:19.0673 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
    2011/01/27 14:52:20.0154 mmc_2K (a54fd7e564c996cfcee6ee7491f3c318) C:\WINDOWS\system32\drivers\mmc_2K.sys
    2011/01/27 14:52:20.0705 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/27 14:52:21.0166 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/27 14:52:22.0027 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/01/27 14:52:22.0528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/27 14:52:22.0968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/27 14:52:23.0449 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/27 14:52:24.0340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/27 14:52:24.0991 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/27 14:52:25.0662 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/27 14:52:26.0093 Msikbd2k (877ffd0fb093b80f5ed6ba64d7921881) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
    2011/01/27 14:52:26.0563 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/27 14:52:26.0994 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/27 14:52:27.0445 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/27 14:52:27.0915 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/27 14:52:28.0396 MTsensor (99223827f480061d036b67c7793c24d7) C:\WINDOWS\system32\DRIVERS\MTsensor.sys
    2011/01/27 14:52:28.0867 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/27 14:52:29.0478 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/27 14:52:30.0008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/27 14:52:30.0529 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/27 14:52:31.0110 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/27 14:52:31.0671 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/27 14:52:32.0131 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/27 14:52:32.0712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/27 14:52:34.0124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/27 14:52:34.0825 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/27 14:52:35.0596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/27 14:52:37.0509 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/01/27 14:52:39.0903 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/27 14:52:40.0704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/27 14:52:41.0445 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/27 14:52:42.0126 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/27 14:52:42.0797 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/27 14:52:43.0498 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/27 14:52:44.0900 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/27 14:52:47.0513 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
    2011/01/27 14:52:47.0984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/27 14:52:48.0455 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/01/27 14:52:48.0966 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/27 14:52:49.0446 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/27 14:52:49.0937 pwd_2K (dd37e1d9f08eec0cb0fc84e010f33c3b) C:\WINDOWS\system32\drivers\pwd_2K.sys
    2011/01/27 14:52:50.0408 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/27 14:52:53.0382 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/27 14:52:53.0903 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/27 14:52:54.0403 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/27 14:52:54.0924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/27 14:52:55.0405 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/27 14:52:56.0026 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/27 14:52:56.0637 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/27 14:52:57.0618 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/27 14:52:57.0938 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/01/27 14:52:58.0009 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    2011/01/27 14:52:58.0279 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    2011/01/27 14:52:58.0770 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/27 14:52:59.0300 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    2011/01/27 14:52:59.0761 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/27 14:53:00.0232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/27 14:53:00.0712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/27 14:53:01.0794 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/27 14:53:02.0295 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/27 14:53:03.0306 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/27 14:53:04.0007 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/01/27 14:53:04.0578 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2011/01/27 14:53:05.0059 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/27 14:53:05.0519 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/27 14:53:07.0262 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/27 14:53:07.0773 tbcspud (b45259cc19ea0a5b8a407923e03df96c) C:\WINDOWS\system32\drivers\tbcspud.sys
    2011/01/27 14:53:08.0704 tbcwdm (c7480d4478fa45bc83753e3e0b09cb58) C:\WINDOWS\system32\drivers\tbcwdm.sys
    2011/01/27 14:53:09.0455 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/27 14:53:10.0046 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/27 14:53:10.0476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/27 14:53:10.0957 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/27 14:53:11.0818 UdfReadr_xp (3af8116d049e6f98a6d37913da989984) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
    2011/01/27 14:53:12.0910 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/27 14:53:14.0843 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/27 14:53:15.0454 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/27 14:53:15.0904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/27 14:53:16.0445 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/27 14:53:16.0916 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/01/27 14:53:17.0447 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/27 14:53:17.0907 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/27 14:53:18.0388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/27 14:53:18.0879 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/27 14:53:19.0650 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/27 14:53:20.0541 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/27 14:53:20.0791 vtdg46xx (d099616ae84596f845c6ecb41745a645) C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
    2011/01/27 14:53:21.0252 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/27 14:53:22.0063 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/27 14:53:22.0664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/01/27 14:53:23.0175 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/27 14:53:23.0736 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/27 14:53:24.0326 ================================================================================
    2011/01/27 14:53:24.0326 Scan finished
    2011/01/27 14:53:24.0326 ================================================================================
    2011/01/27 14:53:24.0356 Detected object count: 1
    2011/01/27 14:53:55.0581 Disk (ca2d25d9799d4551b77cdc5752d3c6c6) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/27 14:53:55.0581 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: ca2d25d9799d4551b77cdc5752d3c6c6, Fake md5: 044452051f3e02e7963599fc8f4f3e25
    2011/01/27 14:54:00.0438 Backup copy found, using it..
    2011/01/27 14:54:00.0589 C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured after reboot
    2011/01/27 14:54:00.0589 Rootkit.Win32.TDSS.tdl3(Disk) - User select action: Cure
    2011/01/27 14:54:15.0200 Deinitialize success
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Since we had rootkit involved, we need to keep checking to make sure, your computer is totally clean.
    Good news, so far :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ========================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. loupas

    loupas TS Rookie Topic Starter

    MBRCheck & ComboFix Logs

    Logs listed below. I am not sure if this means anything but when I ran Combofix.exe from my desktop the first time, I got a small pop up screen showing the software being loaded. After the green bar moved all the way to the right the pop up closed and something flashed on my desktop and then nothing. I was not sure if it was running (without me seeing anything) so I waited 3 hours without any report. Next, I tried to access the internet knowing it should be blocked and it was not. Then, I double clicked on the icon again and the same popup appeared but this time after a slight flash on the screen I got the disclosure statement and proceeded from there with a blue DOS.like box. The computer rebooted and the program ended.

    Again, I am not sure if it was just a glitch the first time but thought I should let you know.

    Thank you

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000007d

    Kernel Drivers (total 142):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF798B000 intelide.sys
    0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF7607000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF74C0000 atapi.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF74A0000 fltmgr.sys
    0xF748E000 sr.sys
    0xF7647000 Lbd.sys
    0xF7657000 PxHelp20.sys
    0xF7477000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF744A000 NDIS.sys
    0xF7430000 Mup.sys
    0xF7667000 agp440.sys
    0xB9FDF000 \SystemRoot\System32\DRIVERS\processr.sys
    0xF7927000 \SystemRoot\system32\DRIVERS\MTsensor.sys
    0xB8EE9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB8ED5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF77BF000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB8EB1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF77C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8E8D000 \SystemRoot\system32\drivers\tbcspud.sys
    0xF79DD000 \SystemRoot\system32\drivers\tbcos.sys
    0xB8E6A000 \SystemRoot\system32\drivers\ks.sys
    0xB8DCD000 \SystemRoot\system32\DRIVERS\ltmdmxp.sys
    0xF77CF000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB8D77000 \SystemRoot\System32\DRIVERS\el90xbc5.sys
    0xF77D7000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xB8D63000 \SystemRoot\System32\DRIVERS\parport.sys
    0xB9FBF000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xB9FAF000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xB8D50000 \SystemRoot\System32\Drivers\pwd_2K.SYS
    0xB9F9F000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF77DF000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF7ABE000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xB9F8F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF7937000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xB8D39000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xB9F7F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xB9F6F000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xB92F9000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xB8D28000 \SystemRoot\System32\DRIVERS\psched.sys
    0xB9F5F000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF7767000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF775F000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF7687000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF777F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF77AF000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF798F000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xB6FB3000 \SystemRoot\System32\DRIVERS\update.sys
    0xBA6F7000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF774F000 \SystemRoot\System32\Drivers\mmc_2K.SYS
    0xF7577000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF799D000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF7567000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB4AD4000 \SystemRoot\system32\drivers\tbcwdm.sys
    0xB4AB0000 \SystemRoot\system32\drivers\portcls.sys
    0xBA788000 \SystemRoot\system32\drivers\drmk.sys
    0xBA7C4000 \SystemRoot\System32\DRIVERS\gameenum.sys
    0xB6E8C000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF7747000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xF7527000 \SystemRoot\system32\DRIVERS\CFRMD.sys
    0xB9301000 \SystemRoot\system32\DRIVERS\CFRPD.sys
    0xF7AA3000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xF7AC1000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xB701F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A63000 \SystemRoot\System32\Drivers\Null.SYS
    0xB701D000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7737000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xF77E7000 \SystemRoot\System32\drivers\vga.sys
    0xB701B000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB7019000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB4A57000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
    0xF773F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF776F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB4A12000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
    0xB547C000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xB49ED000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xB4994000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xBA748000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB496E000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xB4946000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xF7787000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xB4924000 \SystemRoot\System32\drivers\afd.sys
    0xBA728000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xB92D9000 \SystemRoot\System32\DRIVERS\cmosa.sys
    0xB4902000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0xF780F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xB48D7000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xB4867000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xBA718000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF76F7000 \SystemRoot\system32\DRIVERS\ser2pl.sys
    0xBA7B8000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xB47D2000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xB92B9000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xB92E1000 \SystemRoot\System32\DRIVERS\usbccgp.sys
    0xB6E78000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xB5C24000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xB5C14000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xB5468000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xF781F000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xF7727000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xF7797000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB483D000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xB54D4000 \SystemRoot\system32\DRIVERS\point32.sys
    0xB5C04000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB5BF4000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xB4831000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xB4829000 \SystemRoot\System32\DRIVERS\kbdhid.sys
    0xF79BF000 \SystemRoot\system32\DRIVERS\msikbd2k.sys
    0xB4792000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79C3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB47CA000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB54AC000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xB99C7000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB3B8F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x8BA81000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x8B8DC000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF76D7000 \SystemRoot\system32\drivers\sysaudio.sys
    0x8B6C9000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xF79A9000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB3A95000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0x8AAF4000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x8A80B000 \SystemRoot\System32\Drivers\HTTP.sys
    0x8B0F4000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 43):
    0 System Idle Process
    4 System
    428 C:\WINDOWS\system32\smss.exe
    592 csrss.exe
    636 C:\WINDOWS\system32\winlogon.exe
    680 C:\WINDOWS\system32\services.exe
    692 C:\WINDOWS\system32\lsass.exe
    864 C:\WINDOWS\system32\svchost.exe
    908 svchost.exe
    1012 C:\WINDOWS\system32\svchost.exe
    1056 svchost.exe
    1184 svchost.exe
    1248 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1376 C:\WINDOWS\explorer.exe
    1512 C:\WINDOWS\DellMMKb.exe
    1536 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    1560 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    1568 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    1576 C:\Program Files\Real\realplayer\Update\realsched.exe
    1592 C:\WINDOWS\system32\tbctray.exe
    1600 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1688 C:\WINDOWS\system32\ctfmon.exe
    268 C:\WINDOWS\system32\spoolsv.exe
    1084 C:\Program Files\Netropa\OSD.exe
    1096 svchost.exe
    1720 C:\WINDOWS\Nhksrv.exe
    200 C:\Program Files\Bonjour\mDNSResponder.exe
    504 C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
    528 C:\WINDOWS\system32\dllhost.exe
    1660 C:\Program Files\Java\jre6\bin\jqs.exe
    1696 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    1736 C:\WINDOWS\system32\nvsvc32.exe
    2132 C:\WINDOWS\system32\svchost.exe
    2360 C:\WINDOWS\system32\searchindexer.exe
    2644 C:\Program Files\Canon\CAL\CALMAIN.exe
    3192 alg.exe
    1816 C:\Program Files\Internet Explorer\iexplore.exe
    3512 C:\Program Files\Internet Explorer\iexplore.exe
    2972 C:\Program Files\Internet Explorer\iexplore.exe
    2708 C:\Program Files\Internet Explorer\iexplore.exe
    5920 C:\WINDOWS\system32\searchprotocolhost.exe
    5936 searchfilterhost.exe
    6040 C:\Documents and Settings\Louis\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA41A
    PhysicalDrive1 Model Number: WDCWD205BA, Rev: 16.13M16

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    19 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!



    ComboFix 11-01-28.01 - Louis 01/28/2011 19:22:15.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.848 [GMT -5:00]
    Running from: C:\Documents and Settings\Louis\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Louis\Application Data\Local
    C:\Documents and Settings\Louis\Application Data\PriceGong
    C:\Documents and Settings\Louis\Application Data\PriceGong\Data\mru.xml
    C:\Program Files\Search Toolbar
    C:\Program Files\Search Toolbar\icon.ico
    C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
    C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    MBRCheck log looks good, but Combofix log is incomplete.
    You should be able to find Combofix log at C:\combofix.txt.
    Open it with a Notepad.
    If it looks exactly as the log above, re-run Combofix.
    If the log is different, post it.
     
  8. loupas

    loupas TS Rookie Topic Starter

    ComboFix Log after rerunning program

    ComboFix 11-01-28.01 - Louis 01/28/2011 21:09:49.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1019 [GMT -5:00]
    Running from: c:\documents and settings\Louis\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\setup.ini
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Louis\Application Data\PriceGong\Data\mru.xml
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .

    2067-02-24 20:21 . 2003-02-05 09:02 79947 ----a-w- c:\windows\fw20.vxd
    2011-01-28 01:40 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-01-28 01:40 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-28 01:40 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-28 01:40 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-28 01:40 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-01-28 01:40 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-01-28 01:40 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-01-28 01:39 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-28 01:39 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-28 01:38 . 2011-01-28 01:38 -------- d-----w- c:\program files\Alwil Software
    2011-01-28 01:38 . 2011-01-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2011-01-26 23:25 . 2011-01-29 00:44 79475 ----a-w- c:\windows\cscmondump.bin
    2011-01-25 15:47 . 2011-01-25 15:47 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-25 15:44 . 2011-01-25 15:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-01-25 15:37 . 2011-01-25 15:37 -------- d-----w- c:\documents and settings\Administrator\IECompatCache
    2011-01-25 15:36 . 2011-01-25 15:36 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
    2011-01-25 15:17 . 2011-01-25 15:17 -------- d-----w- c:\documents and settings\Administrator\IETldCache
    2011-01-23 18:25 . 2011-01-23 18:25 -------- d-----w- c:\documents and settings\Louis\Tracing
    2011-01-23 18:02 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-01-23 17:58 . 2011-01-23 18:03 -------- d-----w- c:\program files\Microsoft
    2011-01-23 17:58 . 2011-01-23 17:58 -------- d-----w- c:\program files\Windows Live SkyDrive
    2011-01-23 17:57 . 2011-01-23 18:03 -------- d-----w- c:\program files\Windows Live
    2011-01-23 17:51 . 2011-01-23 17:51 -------- d-----w- c:\program files\Common Files\Windows Live
    2011-01-12 00:32 . 2011-01-12 00:32 -------- d-----w- c:\program files\File Extension Finder
    2011-01-10 17:46 . 2011-01-10 17:46 -------- d-----w- c:\documents and settings\Louis\Application Data\webex
    2011-01-10 17:44 . 2011-01-10 17:44 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys
    2011-01-10 17:44 . 2011-01-10 17:44 202832 ----a-w- c:\windows\system32\atasnt40.dll
    2011-01-03 23:33 . 2011-01-03 23:33 388096 ----a-r- c:\documents and settings\Louis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-03 23:31 . 2011-01-03 23:31 -------- d-----w- c:\program files\Trend Micro
    2011-01-02 16:58 . 2011-01-02 16:58 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2011-01-02 16:58 . 2011-01-02 16:58 -------- d-----w- c:\program files\Common Files\xing shared
    2011-01-02 16:57 . 2011-01-02 16:57 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2011-01-02 16:57 . 2011-01-02 16:57 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2011-01-01 01:28 . 2011-01-01 01:41 -------- d-----w- c:\windows\system32\TVUAx
    2011-01-01 01:28 . 2011-01-01 01:28 -------- d-----w- c:\program files\P2PFilter
    2011-01-01 01:22 . 2011-01-01 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Readon

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-27 19:56 . 2005-01-30 18:30 36352 ----a-w- c:\windows\system32\drivers\disk.sys
    2011-01-02 16:57 . 2008-12-04 05:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-01-02 16:57 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-12-20 23:09 . 2010-09-17 19:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-09-17 19:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-09 12:15 . 2010-12-09 12:15 33232 ----a-w- c:\windows\system32\drivers\CFRPD.sys
    2010-12-09 12:14 . 2010-12-09 12:14 66584 ----a-w- c:\windows\system32\drivers\CFRMD.sys
    2010-11-18 18:12 . 2005-01-30 18:31 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-09 14:52 . 2005-01-30 05:11 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-06 00:26 . 2005-01-30 18:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:26 . 2005-01-30 18:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-05 20:38 . 2009-10-30 20:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-03 12:25 . 2005-09-28 01:39 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2001-08-23 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
    2006-10-11 08:04 . 2008-03-31 23:12 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2006-10-11 08:04 . 2008-03-31 23:12 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2006-10-11 08:05 . 2008-03-31 23:12 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2006-10-11 08:05 . 2008-03-31 23:12 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2006-10-11 08:04 . 2008-03-31 23:12 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-02 274608]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
    "TraySantaCruz"="c:\windows\system32\tbctray.exe" [2002-04-03 290816]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2001-09-04 20:31 655360 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSC]
    2000-11-30 19:17 331776 ----a-w- c:\program files\Dell\Solution Center\Service.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
    2001-09-23 11:14 163840 ----a-w- c:\windows\DellMMKb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2010-01-05 00:25 16384 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2010-12-20 23:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-10-08 13:49 53248 ----a-w- c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2004-10-08 13:49 131072 ----a-w- c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2006-10-22 17:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2006-10-22 17:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-01-19 14:16 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/30/2009 3:03 PM 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/27/2011 8:40 PM 294608]
    R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [12/9/2010 7:14 AM 66584]
    R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [12/9/2010 7:15 AM 33232]
    R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [1/13/2009 6:41 PM 29344]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 4:26 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/27/2011 8:40 PM 17744]
    R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [12/9/2010 7:08 AM 305600]
    R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [9/27/2005 9:17 PM 28672]
    R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [9/27/2005 9:17 PM 6942]
    R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1/29/2005 11:18 PM 144768]
    R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1/29/2005 11:18 PM 545088]
    S2 gupdate1c98fc9a5dbb790;Google Update Service (gupdate1c98fc9a5dbb790);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2009 7:00 PM 133104]
    S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [1/2/2009 1:01 PM 42432]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1402272]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15264]
    S3 NmPar;Unusable Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys --> c:\windows\system32\DRIVERS\NmPar.sys [?]
    S3 nmserial;PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys --> c:\windows\system32\DRIVERS\nmserial.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 12872]
    S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [1/29/2005 11:18 PM 19232]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 23:49]

    2011-01-28 c:\windows\Tasks\COMODO Updater.job
    - c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 00:00]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 00:00]

    2010-09-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 21:23]

    2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-920026266-854245398-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

    2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-920026266-854245398-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

    2011-01-28 c:\windows\Tasks\User_Feed_Synchronization-{197ECBFD-D9FE-4BBE-BA1C-1D010905ED57}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

    2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{D4BD2BBB-3E10-4B78-8EC9-7FAB5FF94DA9}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    FF - ProfilePath - c:\documents and settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=e012fa3000174e8ca31a072c09260b6a&subid=
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    SafeBoot-klmdb.sys
    MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    MSConfigStartUp-BbInstallUser - c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
    MSConfigStartUp-BbPrintMonitor - c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
    MSConfigStartUp-capfasem - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    MSConfigStartUp-capfupgrade - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
    MSConfigStartUp-Logitech Utility - Logi_MwX.Exe
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    MSConfigStartUp-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    MSConfigStartUp-ViewpointPhotosDeviceConnect - c:\program files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
    MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-28 21:26
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\docume~1\Louis\LOCALS~1\Temp\catchme.dll 53248 bytes executable
    c:\windows\TEMP\Perflib_Perfdata_700.dat 16384 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    @DACL=(02 0000)
    "Installed"="1"
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    @DACL=(02 0000)
    "NoChange"="1"
    "Installed"="1"
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    @DACL=(02 0000)
    "Installed"="1"
    @=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(580)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-01-28 21:34:17
    ComboFix-quarantined-files.txt 2011-01-29 02:34

    Pre-Run: 17,330,585,600 bytes free
    Post-Run: 17,304,539,136 bytes free

    - - End Of File - - FE6E3C38BA7D64B6169011071E48ECBA
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. loupas

    loupas TS Rookie Topic Starter

    OTL Txts Part 1 (entire file to large)

    OTL logfile created on: 1/28/2011 10:00:50 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Louis\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 16.09 Gb Free Space | 43.18% Space Free | Partition Type: NTFS
    Drive F: | 19.10 Gb Total Space | 13.92 Gb Free Space | 72.86% Space Free | Partition Type: NTFS

    Computer Name: DELL | User Name: Louis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/28 21:58:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
    PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/01/02 11:57:36 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
    PRC - [2010/12/09 14:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2002/04/03 15:47:38 | 000,290,816 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\system32\tbctray.exe
    PRC - [2001/09/23 06:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
    PRC - [2001/09/22 13:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
    PRC - [2001/08/06 12:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/28 21:58:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
    MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/01/26 18:49:45 | 001,402,272 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/12/09 07:08:10 | 000,305,600 | ---- | M] () [Auto | Stopped] -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe -- (Cleaner_Validator)
    SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2001/08/06 12:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/12/09 07:15:18 | 000,033,232 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRPD.sys -- (CFRPD)
    DRV - [2010/12/09 07:14:56 | 000,066,584 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRMD.sys -- (CFRMD)
    DRV - [2010/11/05 15:38:29 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/09/17 12:01:52 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/09/17 12:01:52 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/09/17 12:01:52 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2009/11/13 19:49:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2009/11/13 19:49:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
    DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/10/21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
    DRV - [2003/07/16 09:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2002/04/03 15:51:16 | 000,545,088 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
    DRV - [2002/04/03 15:51:12 | 000,144,768 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
    DRV - [2002/03/21 19:44:32 | 000,019,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys -- (vtdg46xx)
    DRV - [2001/12/04 09:18:06 | 000,659,905 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmxp.sys -- (ltmodem5)
    DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
    DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
    DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
    DRV - [2001/08/17 12:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)
    DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
    DRV - [2001/03/16 11:40:32 | 000,014,392 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTsensor.sys -- (MTsensor)
    DRV - [2001/03/16 11:40:22 | 000,029,344 | ---- | M] (Dell Computer Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmosa.sys -- (cmosa)
    DRV - [2000/10/03 14:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)
    DRV - [2000/05/19 16:24:56 | 000,011,504 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.startup.homepage: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=e012fa3000174e8ca31a072c09260b6a&subid="
    FF - prefs.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="

    FF - user.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="
    FF - user.js..keyword.enabled: 1

    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/02 00:55:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/02 00:55:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 11:58:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 11:57:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 17:34:42 | 000,000,000 | ---D | M]

    [2011/01/17 14:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions
    [2010/09/17 07:22:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/15 07:45:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/01/17 14:55:00 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions\firefox@tvunetworks.com
    [2011/01/11 19:32:38 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions\searchtoolbar@zugo.com
    [2011/01/11 19:32:40 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\searchplugins\bing-zugo.xml
    [2010/12/12 20:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/03/31 18:12:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2008/03/31 18:12:10 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
    [2008/03/31 18:12:29 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
    [2011/01/02 11:58:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2010/09/12 10:34:09 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\LOUIS\APPLICATION DATA\MOVE NETWORKS
    [2011/01/02 00:55:44 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
    [2008/12/23 19:37:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
    [2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
    [2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
    [2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
    [2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
    [2008/06/19 04:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
    [2008/06/19 04:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
    [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2011/01/28 21:26:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
    O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
    O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-527237240-920026266-854245398-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} http://help.rr.com/Foundrysdccommon/download/tgctlar.cab (Support.com ActionRunner Class)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab (VerifyGMN Class)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
    O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab (FixController Control)
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120335949881 (WUWebControl Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123452782626 (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/01/29 22:48:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/06/21 18:22:32 | 000,000,618 | ---- | M] () - F:\autoAlbum.log -- [ NTFS ]
    O32 - AutoRun File - [2005/02/04 21:45:56 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\L3CODECX.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56308606093492224)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/28 21:58:44 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
    [2011/01/28 19:17:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/01/28 19:17:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/01/28 19:17:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/01/28 19:17:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/01/28 19:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/01/28 19:15:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/27 20:40:37 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/01/27 20:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/01/27 20:40:36 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/01/27 20:40:34 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/01/27 20:40:32 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/01/27 20:40:31 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/01/27 20:40:31 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/01/27 20:40:30 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/01/27 20:39:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/01/27 20:39:05 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/01/27 20:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2011/01/27 20:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/01/27 12:03:48 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Louis\Desktop\tdsskiller.exe
    [2011/01/26 20:42:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\TFC.exe
    [2011/01/26 17:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
    [2011/01/24 22:50:25 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Louis\My Documents\My Stationery
    [2011/01/23 13:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Tracing
    [2011/01/23 13:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
    [2011/01/23 12:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2011/01/23 12:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
    [2011/01/23 12:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
    [2011/01/23 12:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
    [2011/01/23 12:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2011/01/23 12:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
    [2011/01/11 19:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\File Extension Finder
    [2011/01/10 12:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Application Data\webex
    [2011/01/10 12:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\My Documents\WebEx
    [2011/01/10 12:44:45 | 000,202,832 | ---- | C] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
    [2011/01/05 22:09:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Louis\Desktop\HAI - PC Access
    [2011/01/03 18:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Start Menu\Programs\HiJackThis
    [2011/01/03 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/01/03 18:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
    [2011/01/02 11:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2011/01/02 11:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
    [2010/12/31 20:28:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
    [2010/12/31 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\P2PFilter
    [2010/12/31 20:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Readon
    [2010/12/31 20:16:45 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2010/12/31 20:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
    [1 C:\Documents and Settings\Louis\Application Data\*.tmp files -> C:\Documents and Settings\Louis\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/28 22:06:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D4BD2BBB-3E10-4B78-8EC9-7FAB5FF94DA9}.job
    [2011/01/28 22:00:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-920026266-854245398-1004.job
    [2011/01/28 22:00:06 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-920026266-854245398-1004.job
    [2011/01/28 21:58:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
    [2011/01/28 21:55:27 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\HiJackThis.lnk
    [2011/01/28 21:54:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{197ECBFD-D9FE-4BBE-BA1C-1D010905ED57}.job
    [2011/01/28 21:50:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/01/28 21:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/28 21:34:24 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
    [2011/01/28 21:26:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/28 19:49:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/01/28 19:47:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/28 19:45:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/28 19:45:45 | 1609,711,616 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/28 19:44:03 | 000,079,475 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
    [2011/01/28 18:56:03 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2011/01/28 18:16:37 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
    [2011/01/28 17:43:10 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
    [2011/01/28 16:21:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/01/28 15:32:41 | 004,261,554 | R--- | M] () -- C:\Documents and Settings\Louis\Desktop\ComboFix.exe
    [2011/01/28 15:29:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\MBRCheck.exe
    [2011/01/28 11:17:11 | 000,013,102 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/27 23:18:16 | 001,391,544 | ---- | M] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
    [2011/01/27 23:18:15 | 001,536,460 | ---- | M] () -- C:\WINDOWS\CSC_ServiceDump.dat
    [2011/01/27 20:40:37 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/01/27 17:42:41 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Readon TV Movie Radio Player.lnk
    [2011/01/27 12:03:50 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Louis\Desktop\tdsskiller.exe
    [2011/01/27 11:41:13 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\log.doc
    [2011/01/27 08:46:23 | 000,051,525 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Lycos Mail.url
    [2011/01/27 08:42:54 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\dds.scr
    [2011/01/27 07:39:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\j0nczy9b.exe
    [2011/01/26 23:03:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\TFC.exe
    [2011/01/26 17:39:52 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO System-Cleaner.lnk
    [2011/01/26 17:38:34 | 000,006,292 | ---- | M] () -- C:\WINDOWS\System32\cfrmd.PNF
    [2011/01/23 16:26:37 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/01/23 13:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/01/21 16:30:41 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Time Warner Cable Time Warner Cable East.url
    [2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/01/10 12:44:58 | 000,051,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
    [2011/01/10 12:44:53 | 000,202,832 | ---- | M] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
    [2011/01/06 17:27:52 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Time Warner Cable - TV Listings.url
    [2011/01/04 12:46:54 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Microsoft Word.lnk
    [2011/01/03 19:59:23 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Application Data.lnk
    [2011/01/03 17:08:21 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
    [2011/01/02 11:58:23 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2011/01/02 11:57:38 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [1 C:\Documents and Settings\Louis\Application Data\*.tmp files -> C:\Documents and Settings\Louis\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2067/02/24 15:21:18 | 000,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
    [2011/01/28 19:17:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/28 19:17:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/01/28 19:17:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/28 19:17:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/01/28 19:17:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/01/28 15:32:39 | 004,261,554 | R--- | C] () -- C:\Documents and Settings\Louis\Desktop\ComboFix.exe
    [2011/01/28 15:29:43 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\MBRCheck.exe
    [2011/01/27 20:40:37 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/01/27 08:42:53 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\dds.scr
    [2011/01/27 07:51:46 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\log.doc
    [2011/01/27 07:39:57 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\j0nczy9b.exe
    [2011/01/26 18:25:15 | 000,079,475 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
    [2011/01/26 18:25:02 | 001,536,460 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
    [2011/01/26 18:25:02 | 001,391,544 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
    [2011/01/26 17:43:02 | 000,000,450 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Updater.job
    [2011/01/26 17:39:52 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO System-Cleaner.lnk
    [2011/01/26 17:38:32 | 000,006,292 | ---- | C] () -- C:\WINDOWS\System32\cfrmd.PNF
    [2011/01/25 10:49:29 | 1609,711,616 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/25 10:37:04 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D4BD2BBB-3E10-4B78-8EC9-7FAB5FF94DA9}.job
    [2011/01/10 12:44:58 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
    [2011/01/06 17:47:37 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\Time Warner Cable Time Warner Cable East.url
    [2011/01/06 17:47:17 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\Time Warner Cable - TV Listings.url
    [2011/01/03 18:31:25 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\HiJackThis.lnk
    [2011/01/02 11:58:23 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2010/12/31 20:18:07 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-920026266-854245398-1004.job
    [2010/12/31 20:18:05 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-920026266-854245398-1004.job
    [2010/12/12 20:28:01 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/12/12 20:28:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/10/18 17:47:01 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
    [2010/09/09 12:55:39 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
    [2010/08/14 00:11:58 | 000,159,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/01/13 18:59:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DellSC.INI
    [2008/12/12 18:07:01 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
    [2008/03/23 10:37:10 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2008/03/10 19:09:38 | 000,006,102 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\PrimoPDFSet.xml
    [2008/03/10 19:09:38 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\APUSet.xml
    [2008/03/10 19:05:03 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2007/12/24 18:43:40 | 000,089,413 | ---- | C] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\FASTWiz.log
    [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/02/25 20:59:49 | 000,003,401 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\HPCOM_48BitScanUpdate.log
    [2006/11/16 17:46:01 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2006/11/06 16:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/07/09 15:08:15 | 000,005,438 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
    [2006/07/09 15:08:15 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
    [2006/01/13 20:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
    [2005/09/27 21:17:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\MMKeybd.dll
    [2005/09/27 21:17:40 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
    [2005/09/27 21:17:40 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
    [2005/09/27 21:17:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
    [2005/02/04 08:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
    [2005/01/30 19:52:23 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/01/30 19:19:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/01/30 18:42:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\fusioncache.dat
    [2005/01/30 17:29:32 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2005/01/30 17:29:32 | 000,000,915 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
    [2005/01/30 17:20:23 | 000,039,385 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2005/01/29 23:14:07 | 000,003,076 | ---- | C] () -- C:\WINDOWS\WinInit.INI
    [2005/01/29 23:08:37 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
    [2005/01/29 17:36:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
     
  11. loupas

    loupas TS Rookie Topic Starter

    OTL Part 2

    ========== LOP Check ==========

    [2011/01/27 20:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/09/09 12:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
    [2010/12/26 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLkNo09000
    [2009/01/02 18:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2010/12/31 20:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon
    [2010/10/03 18:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/09/20 16:31:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    [2009/06/08 18:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Finder
    [2008/09/17 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\HAI
    [2005/01/30 19:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Leadertech
    [2008/03/07 20:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\PDF reDirect
    [2005/01/30 19:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\The Labyrinth Plus! Edition
    [2007/12/30 14:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Viewpoint
    [2011/01/10 12:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\webex
    [2009/06/05 18:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Windows Desktop Search
    [2009/06/06 20:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Windows Search
    [2011/01/28 16:21:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2011/01/28 21:54:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{197ECBFD-D9FE-4BBE-BA1C-1D010905ED57}.job
    [2011/01/28 22:06:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D4BD2BBB-3E10-4B78-8EC9-7FAB5FF94DA9}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/01/28 19:45:29 | 000,037,338 | ---- | M] () -- C:\aaw7boot.log
    [2005/01/29 22:48:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2005/09/27 19:03:57 | 000,000,282 | RHS- | M] () -- C:\BOOT.BAK
    [2010/09/09 07:35:22 | 000,000,282 | RHS- | M] () -- C:\boot.ini
    [2006/01/13 20:17:38 | 000,009,444 | ---- | M] () -- C:\caavsetup.log
    [2010/09/09 12:05:25 | 000,035,534 | ---- | M] () -- C:\caavsetupLog.txt
    [2010/09/24 12:43:22 | 000,000,540 | ---- | M] () -- C:\caEntitlementLog.txt
    [2010/09/24 12:58:29 | 000,725,375 | ---- | M] () -- C:\caisslog.txt
    [2001/08/23 07:00:00 | 000,237,728 | RHS- | M] () -- C:\cmldr
    [2011/01/28 21:34:19 | 000,022,312 | ---- | M] () -- C:\ComboFix.txt
    [2005/01/29 22:48:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/01/13 20:17:17 | 000,000,026 | ---- | M] () -- C:\ezsetuplog.txt
    [2011/01/28 19:45:45 | 1609,711,616 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/26 22:03:50 | 000,000,000 | ---- | M] () -- C:\install.rdf
    [2005/01/29 22:48:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005/09/22 17:20:31 | 000,000,445 | -H-- | M] () -- C:\IPH.PH
    [2010/09/06 17:42:27 | 000,030,240 | ---- | M] () -- C:\M1319.log
    [2010/04/29 15:49:38 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2005/01/29 22:48:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2005/09/27 20:28:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/30 19:05:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/01/28 19:45:30 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2005/09/22 17:20:31 | 000,000,288 | -H-- | M] () -- C:\T4Metrics.log
    [2011/01/27 14:54:15 | 000,041,308 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_27.01.2011_14.51.19_log.txt
    [2011/01/27 17:39:54 | 000,039,666 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_27.01.2011_17.36.41_log.txt
    [2009/02/24 15:37:12 | 000,000,512 | ---- | M] () -- C:\updatedatfix.log
    [2006/08/19 15:22:40 | 000,066,989 | ---- | M] () -- C:\VETlog.dmp
    [2006/08/19 15:22:40 | 000,001,831 | ---- | M] () -- C:\VETlog.txt
    [2010/10/03 18:44:31 | 000,004,235 | ---- | M] () -- C:\VundoFix.txt
    [2008/06/20 15:21:09 | 000,000,000 | ---- | M] () -- C:\wizard.txt
    [2006/06/11 22:31:14 | 000,002,370 | ---- | M] () -- C:\_Sid.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/01/29 22:48:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/01/29 17:34:34 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/01/29 17:34:34 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/01/29 17:34:34 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/30 19:33:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005/01/30 19:07:28 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/01/29 22:55:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/28 15:32:41 | 004,261,554 | R--- | M] () -- C:\Documents and Settings\Louis\Desktop\ComboFix.exe
    [2011/01/27 07:39:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\j0nczy9b.exe
    [2011/01/28 15:29:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\MBRCheck.exe
    [2011/01/28 21:58:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
    [2011/01/27 12:03:50 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Louis\Desktop\tdsskiller.exe
    [2011/01/26 23:03:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/08/12 16:14:39 | 111,975,440 | ---- | M] (Bluebeam Software, Inc. ) -- C:\Documents and Settings\Louis\My Documents\BbPDFRevuStandard850.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2001/07/29 12:44:02 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\Louis\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/01/28 22:00:04 | 000,098,304 | -HS- | M] () -- C:\Documents and Settings\Louis\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/20 22:29:46 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 22:29:46 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
    [2002/08/29 05:41:26 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/08/20 22:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/08/20 22:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/08/20 22:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 10:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  12. loupas

    loupas TS Rookie Topic Starter

    Extras.txt

    OTL Extras logfile created on: 1/28/2011 10:00:50 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Louis\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 16.09 Gb Free Space | 43.18% Space Free | Partition Type: NTFS
    Drive F: | 19.10 Gb Total Space | 13.92 Gb Free Space | 72.86% Space Free | Partition Type: NTFS

    Computer Name: DELL | User Name: Louis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Savings Bond Wizard\SBWizard.exe" = C:\Program Files\Savings Bond Wizard\SBWizard.exe:*:Enabled:Savings Bond Wizard -- (U.S. Department of the Treasury)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:HP All-in-One Launcher Utility -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:HP Fax Setup Wizard -- (Hewlett-Packard Co.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{1584854C-1513-40EA-96D4-493384D0A3C7}" = Readon TV Movie Radio Player 7.2.0.0
    "{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
    "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}" = Backup Dell-Installed Programs
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B0ED720-87D3-11D4-A188-0050DA2DDF19}" = Dell Solution Center
    "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
    "{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
    "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
    "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
    "{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz
    "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B53422A7-10EC-4156-BCF3-550E82D4F363}" = OrangeWare USB2.0 Driver
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4039DC0-905D-4372-8B20-120F0B6CF283}" = COMODO System-Cleaner
    "{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "ActiveTouchMeetingClient" = Meeting Service
    "Ad-Aware" = Ad-Aware
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe SVG Viewer" = Adobe SVG Viewer 6.0
    "avast5" = avast! Free Antivirus
    "CAL" = Canon Camera Access Library
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Coupon Printer for Windows2.0" = Coupon Printer for Windows
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "CSCLIB" = Canon Camera Support Core Library
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "DivX Setup.divx.com" = DivX Setup
    "EOS Utility" = Canon Utilities EOS Utility
    "HAI Dealer PC Access" = HAI Dealer PC Access 2.16a
    "HAI Dealer PC Access 3" = HAI Dealer PC Access 3
    "HAI PC Access" = HAI PC Access 2.15
    "HP Photo & Imaging" = HP Image Zone 4.7
    "HPExtendedCapabilities" = HP Extended Capabilities 4.7
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "LTWinModem" = Lucent Win Modem
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    "Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "P2PFilter" = P2PFilter 3.0.5
    "PhotoStitch" = Canon Utilities PhotoStitch
    "PrimoPDF4.0" = PrimoPDF
    "RealPlayer 12.0" = RealPlayer
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "SystemRequirementsLab" = System Requirements Lab
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.1.0.366
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/26/2010 9:17:45 PM | Computer Name = DELL | Source = Windows Search Service | ID = 3058
    Description = The application cannot be initialized. Context: Windows Application

    Details:
    The
    content index cannot be read. (0xc0041800)

    Error - 1/8/2011 2:26:46 PM | Computer Name = DELL | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\LOUIS\MY DOCUMENTS\MY PICTURES\TOM
    HOUSE PICTURES\MASTER CLOSET STORAGE.JPG> in the hash map cannot be updated. Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 1/8/2011 2:26:46 PM | Computer Name = DELL | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\LOUIS\MY DOCUMENTS\MY PICTURES\TOM
    HOUSE PICTURES\MASTER CLOSET STORAGE.JPG> in the hash map cannot be updated. Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 1/25/2011 11:05:14 AM | Computer Name = DELL | Source = Winlogon | ID = 1015
    Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
    status code c0000005. The machine must now be restarted.

    Error - 1/25/2011 11:50:32 AM | Computer Name = DELL | Source = Windows Search Service | ID = 7040
    Description = The search service has detected corrupted data files in the index.
    The service will attempt to automatically correct this problem by rebuilding the
    index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


    Error - 1/25/2011 11:50:33 AM | Computer Name = DELL | Source = Windows Search Service | ID = 3029
    Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
    Windows Application, SystemIndex Catalog Details: The content index cannot be read.
    (0xc0041800)

    Error - 1/25/2011 11:50:33 AM | Computer Name = DELL | Source = Windows Search Service | ID = 3028
    Description = The gatherer object cannot be initialized. Context: Windows Application,
    SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

    Error - 1/25/2011 11:50:33 AM | Computer Name = DELL | Source = Windows Search Service | ID = 3058
    Description = The application cannot be initialized. Context: Windows Application

    Details:
    The
    content index cannot be read. (0xc0041800)

    Error - 1/25/2011 3:53:17 PM | Computer Name = DELL | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x00002663.

    Error - 1/27/2011 8:13:23 AM | Computer Name = DELL | Source = PerfNet | ID = 2004
    Description = Unable to open the Server service. Server performance data will not
    be returned. Error code returned is in data DWORD 0.

    [ System Events ]
    Error - 1/27/2011 9:14:37 AM | Computer Name = DELL | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/27/2011 9:14:37 AM | Computer Name = DELL | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 1/27/2011 3:58:50 PM | Computer Name = DELL | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 1/27/2011 3:59:47 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1058

    Error - 1/27/2011 4:01:34 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 1/27/2011 4:01:38 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 1/27/2011 4:01:38 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 1/28/2011 10:29:12 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1058

    Error - 1/28/2011 8:49:33 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1058

    Error - 1/28/2011 10:47:41 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
    Description = The COMODO System - Cleaner Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
      O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
      O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab (Reg Error: Key error.)
      [1 C:\Documents and Settings\Louis\Application Data\*.tmp files -> C:\Documents and Settings\Louis\Application Data\*.tmp -> ]
      [2010/09/09 12:55:39 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
      [2007/12/30 14:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Viewpoint
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. loupas

    loupas TS Rookie Topic Starter

    OTL & Checkup.txt

    Sorry for the delay. The last scan kept locking up my desktop. After 2 scans I was able to deteremine that there were no threats found. Since messing with Java sofware, I keep getting a Jusched,exe IE explorer problem that the system wants to report to microsoft on BOOTUP only.

    Thanks


    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
    Registry value HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
    C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Starting removal of ActiveX control {C946EF6D-296D-4907-A6E1-ED0E8E5AF024}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control {E473A65C-8087-49A3-AFFD-C5BC4A10669B}
    C:\WINDOWS\Downloaded Program Files\qsp2ie.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
    C:\Documents and Settings\Louis\Application Data\redline2stapler.tmp deleted successfully.
    C:\WINDOWS\system32\mkghj.dll moved successfully.
    C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
    C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
    C:\Documents and Settings\Louis\Application Data\Viewpoint folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Louis
    ->Temp folder emptied: 75366 bytes
    ->Temporary Internet Files folder emptied: 74873524 bytes
    ->Java cache emptied: 2040 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 10045 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 934 bytes

    Total Files Cleaned = 72.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Louis
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 01282011_232919

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Free Antivirus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    COMODO System-Cleaner
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Reader 8.2.5
    Out of date Adobe Reader installed!
    Mozilla Firefox (2.0.) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 avastUI.exe
    ``````````End of Log````````````
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Disable jusched.exe. It's unnecessary startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

    ==========================================================================

    Uninstall Firefox. Version 2 is obsolete and thus dangerous.
    If you still want to use Firefox, install the latest 3.6.13 version.

    ========================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  16. loupas

    loupas TS Rookie Topic Starter

    Cannot remove Adobe 8.25. Have not proceeded past that point

    1) Uninstalled Firefox & Java popup is gone.

    2) Catch 22 for removing adobe. Tried to run new version and it keeps getting hung up trying to uninstall ver 8.25 automatically itself during the installation (see below for error prompt). So I tried instead to uninstall v8.25 via add/remove programs first (before installing new one) and get the same exact error below

    Error 1402 - Could not open key
    Hkey_local_machine\software\microsoft\windows\current version\run\compoments\MSFS.
    Verify that you have sufficient access to that key or contact your support personnel

    When i cancel out during add/remove I get Fatal Error during Installation

    Now, If I go into the registry (which I know how to do and are fairly comfortable with) I can get to that key and it says Default REG_SZ (value not set).

    So, I have not performed anything else you requested after this point. The only way I can get to the administrator sign in (if needed) is via safemode if that is what it will take to remove 8.25. If I log off the only user choice is me on normal startup.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  18. loupas

    loupas TS Rookie Topic Starter

    Same thing

    Revo ran into the same exact problem during uninstall. Once it got to that point it endlessly keeps trying after you acknowledge the error. I also, tried to "repair" 8.25 (thinking it might fix the registry item) and when it got to that point to install it in the registry it gave me the same error. Do you think deleting the registry item will correct it assuming it is used for this program only, then "repairing" program first to reinstall it properly before trying uninstall again?

    I will pick up your next reply in the morning. Thank you. Good night. (1:00AM EST).
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    It looks like a permission problem.
    Open registry editor, navigate to:
    Hkey_local_machine\software\microsoft\windows\current version\run\compoments\MSFS
    Right click on MSFS key, click "Permissions" and make sure, you have full control of that key.
     
  20. loupas

    loupas TS Rookie Topic Starter

    Now Windows Installer cannot be accessed

    Not only did I add myself to that file but I added myself to all the key categories in the registry since I am the only user and administrator.

    Next, I went to load the new adobe (that should delete the old one too) and now i am getting

    Windows Installer cannot be accessed.

    So, something corrupted the installer file. I know that when I ran REVO last night the first time it created a restore point! So, the installer error is stopping the removal of the old via add/delete and installing the new version.

    Also, my windows search opens but I cannot see all the categories on the left panel as before. Something happened last night and I am not sure what it is. Do you think the restore point by REVO may have made these changes to windows. Maybe i should restore back to the settings just before REVO was installed (still after the removal of problems, then give myself permission and see what happens from there.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Let's do that.
     
  22. loupas

    loupas TS Rookie Topic Starter

    I restored back to 4PM EST yesterday (when java update made a restore point)which was when I replied with the two logs and told you no threats were detected in ESET. I had to remove Firefox again, checked Java for the latest update (and is was the latest) and ran the routine to remove all old versioins of Java again. Adobe 8.25 has finally been removed and 10x loaded. All three registry items in the optional components folder needed permission to get this done. windows installer is obviously working but there is still something wrong with windows search. I may have to reload that program from microsoft or attempt to use the recovery console to reload it.

    Anyway, i wanted to let you know about the above, before I proceed with the final steps 1-12 you requested starting with running OTL and ending with let you know how the computer is doing. Also, before I proceed which "Tools" are going to be removed? I moved all programs and checklists you requested from the my desktop and place them in a folder on my desktop named Toolkit Fixes to keep up with them. it appears from the next set instuctions that TFC should be kept and not removed

    OK let me know if I should proceed with the next 12 steps. Also, any ideas on how to fix/reinstall windows search?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good news :)

    Go ahead with 12 steps and let me know what exactly is wrong with search function.
    I don't want you to use system restore at this point anymore, because we may start running circles.
     
  24. loupas

    loupas TS Rookie Topic Starter

    The windows search screen on the left side used to list the (search toolbar?) and show all of the following:

    Search Fliter for everthing
    From:
    Author:
    Date:
    Size:
    Filename:
    Folder:

    And the "dog" to click.

    Now I have all of the above categories only minimzed in a I inch window that requires moving the tiny slidebar or arrows to the right up/down to see them. The dog is not shown at all. I have a screen shot but cannot paste it.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Attach a screenshot.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...