TechSpot

Virus infecting Scv host

By Scottdavid
Aug 16, 2011
  1. When checking proccesses after 10 mins of computer being booted up with access to the internet my computer begins to slow right down and in proccess it says scvhost/system/ 99 percent usuage. It also has stoped programs from opening up if i dont open them as soon as i start my computer up. I have ran many anti virus programs and they seem to keep finding tracking cookies over and over.

    here are your steps

    Malware:
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7478

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    8/16/2011 7:26:06 AM
    mbam-log-2011-08-16 (07-26-06).txt

    Scan type: Quick scan
    Objects scanned: 179328
    Time elapsed: 2 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-16 07:31:58
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD2500JS-60NCB1 rev.10.02E02
    Running: 6jok50wr.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\ffayraoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89D1231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89D1231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89D1231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89D1231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 89D1231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 89D1231B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-16 89D1231B

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
    AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

    ---- EOF - GMER 1.0.15 ----


    DDS:

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
    Run by Scott at 7:32:26 on 2011-08-16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.943 [GMT -6:00]
    .
    AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Avanquest Fix-It *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [MRT] "c:\windows\system32\MRT.exe" /R
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [AvanquestMainUI] c:\program files\avanquest\fix-it\Fix-It.exe
    mPolicies-system: tray = 0 (0x0)
    mPolicies-system: pop = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    TCP: Interfaces\{2ABF507B-8CAA-46A8-9C50-1BB00DDFE557} : DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\8xpzqnft.default\
    FF - prefs.js: browser.search.selectedEngine - ALOT Search
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=12279&client_id=280cc4f8a868a80828e89cca&camp_id=2578&install_time=2011-05-27T04:13:27Z&tb_version=2.4.11000%28F%29&pr=auto&q=
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-7-7 13360]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2011-7-7 203056]
    R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:\program files\avanquest\fix-it\AVQWinMonEngine.exe [2010-8-20 328704]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-16 366640]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-7-7 69936]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-16 22712]
    S2 SBAMSvc;Fix-It;c:\program files\common files\antivirus\SBAMSvc.exe [2010-2-22 1012080]
    .
    =============== Created Last 30 ================
    .
    2011-08-16 13:22:52 -------- d-----w- c:\documents and settings\scott\application data\Malwarebytes
    2011-08-16 13:22:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 13:22:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-08-16 13:22:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-16 13:22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-16 12:55:37 -------- d-sha-r- C:\cmdcons
    2011-08-16 12:51:37 98816 ----a-w- c:\windows\sed.exe
    2011-08-16 12:51:37 518144 ----a-w- c:\windows\SWREG.exe
    2011-08-16 12:51:37 256000 ----a-w- c:\windows\PEV.exe
    2011-08-16 12:51:37 208896 ----a-w- c:\windows\MBR.exe
    2011-08-10 22:06:54 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-10 22:06:33 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    .
    ==================== Find3M ====================
    .
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-21 18:25:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-21 18:18:34 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-06-21 18:18:34 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-06-21 18:18:34 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-21 12:58:45 369664 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-07 19:06:51 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-06-07 19:06:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-06-07 19:06:48 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD2500JS-60NCB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D124D0]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d187d0]; MOV EAX, [0x89d1884c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89CF6AB8]
    3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006c[0x89C0A510]
    5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89CB1940]
    \Driver\atapi[0x89D80F38] -> IRP_MJ_CREATE -> 0x89D124D0
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x89D1231B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 7:33:08.76 ===============



    dds attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/25/2011 9:12:59 PM
    System Uptime: 8/16/2011 7:13:04 AM (0 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NODUSM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/199mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 224 GiB total, 189.289 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is FIXED (FAT32) - 9 GiB total, 0.414 GiB free.
    I: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 5/25/2011 9:48:00 PM - System Checkpoint
    RP2: 5/25/2011 11:00:04 PM - Software Distribution Service 3.0
    RP3: 5/26/2011 3:30:50 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP4: 5/26/2011 3:30:54 PM - Installed AVG 2011
    RP5: 5/26/2011 3:31:06 PM - Installed AVG 2011
    RP6: 5/26/2011 5:56:42 PM - Installed Windows XP KB888111WXPSP2.
    RP7: 5/26/2011 6:00:08 PM - Installed Realtek High Definition Audio Driver
    RP8: 5/26/2011 6:01:08 PM - Software Distribution Service 3.0
    RP9: 5/26/2011 6:15:31 PM - Installed Windows XP WgaNotify.
    RP10: 5/26/2011 6:18:03 PM - Installed Windows XP WIC.
    RP11: 5/26/2011 6:19:32 PM - Installed %1 %2.
    RP12: 5/26/2011 6:19:36 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP13: 5/26/2011 6:57:16 PM - Software Distribution Service 3.0
    RP14: 5/26/2011 9:39:53 PM - Software Distribution Service 3.0
    RP15: 5/26/2011 10:28:54 PM - Installed Windows Media Player 11
    RP16: 5/26/2011 10:29:13 PM - Installed Windows XP Wudf01000.
    RP17: 5/26/2011 10:30:33 PM - Installed Windows XP MSCompPackV1.
    RP18: 5/26/2011 10:38:51 PM - Installed Java(TM) 6 Update 22
    RP19: 5/27/2011 3:00:14 AM - Software Distribution Service 3.0
    RP20: 5/27/2011 1:31:37 PM - Installed iTunes
    RP21: 5/28/2011 3:00:13 AM - Software Distribution Service 3.0
    RP22: 5/29/2011 3:00:13 AM - Software Distribution Service 3.0
    RP23: 5/30/2011 3:00:14 AM - Software Distribution Service 3.0
    RP24: 5/30/2011 1:06:44 PM - Software Distribution Service 3.0
    RP25: 5/30/2011 1:09:15 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP26: 5/31/2011 3:00:13 AM - Software Distribution Service 3.0
    RP27: 6/1/2011 3:00:13 AM - Software Distribution Service 3.0
    RP28: 6/2/2011 3:00:13 AM - Software Distribution Service 3.0
    RP29: 6/2/2011 8:16:55 PM - HOTLLAMA Media Player Installation
    RP30: 6/5/2011 12:09:08 PM - System Checkpoint
    RP31: 6/6/2011 6:55:48 PM - System Checkpoint
    RP32: 6/7/2011 12:23:13 PM - Installed Gears of War
    RP33: 6/16/2011 3:00:14 AM - Software Distribution Service 3.0
    RP34: 6/19/2011 10:45:46 AM - System Checkpoint
    RP35: 6/20/2011 10:51:58 AM - System Checkpoint
    RP36: 6/21/2011 5:53:23 PM - System Checkpoint
    RP37: 6/22/2011 11:59:36 PM - System Checkpoint
    RP38: 6/24/2011 12:54:16 AM - System Checkpoint
    RP39: 6/26/2011 12:08:40 PM - System Checkpoint
    RP40: 6/27/2011 8:25:18 PM - System Checkpoint
    RP41: 6/29/2011 3:00:13 AM - Software Distribution Service 3.0
    RP42: 6/30/2011 3:00:13 AM - Software Distribution Service 3.0
    RP43: 7/2/2011 3:00:14 AM - Software Distribution Service 3.0
    RP44: 7/3/2011 10:31:41 AM - System Checkpoint
    RP45: 7/4/2011 11:21:02 AM - System Checkpoint
    RP46: 7/5/2011 12:21:02 PM - System Checkpoint
    RP47: 7/6/2011 2:34:32 PM - System Checkpoint
    RP48: 7/7/2011 4:32:08 PM - Installed Fix-It Utilities 11 Professional
    RP49: 7/9/2011 12:47:45 AM - System Checkpoint
    RP50: 7/9/2011 3:00:21 AM - Software Distribution Service 3.0
    RP51: 7/10/2011 11:35:06 AM - Removed AVG 2011
    RP52: 7/10/2011 11:36:12 AM - Removed AVG 2011
    RP53: 7/10/2011 11:50:39 AM - Installed Java(TM) 6 Update 26
    RP54: 7/11/2011 12:17:27 PM - System Checkpoint
    RP55: 7/13/2011 12:23:21 PM - System Checkpoint
    RP56: 7/14/2011 5:09:17 PM - Installed AVG 2011
    RP57: 7/14/2011 5:09:56 PM - Installed AVG 2011
    RP58: 7/15/2011 3:00:16 AM - Software Distribution Service 3.0
    RP59: 7/15/2011 11:27:07 AM - ErrorWiz Restore point
    RP60: 7/15/2011 11:53:06 AM - Installed PC MightyMax 2011
    RP61: 7/15/2011 12:04:55 PM - Installed Pc Optimizer 360 setup
    RP62: 7/15/2011 6:34:00 PM - Installed Microsoft Fix it 50587
    RP63: 8/9/2011 7:11:52 PM - System Checkpoint
    RP64: 8/11/2011 3:00:15 AM - Software Distribution Service 3.0
    RP65: 8/12/2011 1:54:37 PM - System Checkpoint
    RP66: 8/16/2011 6:45:57 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP67: 8/16/2011 6:49:13 AM - Removed AVG 2011
    RP68: 8/16/2011 6:51:22 AM - Removed AVG 2011
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Bonjour
    Data Fax SoftModem with SmartCP
    Fix-It Utilities 11 Professional
    FrostWire 4.21.8
    Gears of War
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    NVIDIA Drivers
    NVIDIA Graphics Driver 275.33
    NVIDIA nView 135.85
    NVIDIA nView Desktop Manager
    PC MightyMax 2011
    Pc Optimizer 360 setup
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923789)
    Segoe UI
    StarCraft II
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB961503)
    WebFldrs XP
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
    Windows Imaging Component
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== End Of File ===========================

    ALSO USED COMBO FIX AND HAVE A REPORT MADE FROM THAT I USED IT BEFORE I USED YOUR STEPS:

    Combofix:

    ComboFix 11-08-16.02 - Scott 08/16/2011 6:57.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.672 [GMT -6:00]
    Running from: c:\documents and settings\Scott\My Documents\Downloads\ComboFix.exe
    AV: Avanquest Fix-It *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
    AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Tarma Installer
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\documents and settings\Guest\Application Data\alot
    c:\documents and settings\Scott\Application Data\Adobe\plugs
    c:\documents and settings\Scott\Application Data\Adobe\plugs\KB638959250
    c:\documents and settings\Scott\Application Data\Adobe\shed
    c:\documents and settings\Scott\Application Data\ErrorWiz
    c:\documents and settings\Scott\Application Data\ErrorWiz\Backup\Automatic Backup_07-15-2011_11-27-08.reg
    c:\documents and settings\Scott\Application Data\ErrorWiz\settings.ini
    c:\program files\ErrorWiz
    c:\program files\ErrorWiz\ErrorWiz.exe
    H:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-10 22:06 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-10 22:06 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2011-05-26 03:07 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-21 18:25 . 2011-05-27 04:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-21 18:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-06-21 18:18 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-06-21 18:18 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-21 12:58 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-25 06:09 . 2006-05-09 21:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2011-05-25 06:09 . 2006-05-09 21:50 154728 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-05-25 06:09 . 2006-05-09 21:50 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-05-25 06:09 . 2006-05-09 21:50 13895272 ----a-w- c:\windows\system32\nvcpl.dll
    2011-05-25 06:09 . 2011-06-07 19:06 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-05-25 06:09 . 2011-06-07 19:06 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
    2011-05-25 06:09 . 2011-06-07 19:06 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
    2011-05-25 06:09 . 2011-06-07 19:06 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-05-25 06:09 . 2011-06-07 19:06 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-05-25 06:09 . 2011-06-07 19:06 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-05-25 06:09 . 2006-05-09 21:50 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-05-25 06:09 . 2006-05-09 21:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-05-25 06:09 . 2011-06-07 19:06 5332992 ----a-w- c:\windows\system32\nvcuda.dll
    2011-05-25 06:09 . 2011-06-07 19:06 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-05-25 06:09 . 2006-05-09 21:50 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-05-25 06:09 . 2006-05-09 21:50 2328576 ----a-w- c:\windows\system32\nvapi.dll
    2011-05-25 06:09 . 2006-05-09 21:50 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-06-21 18:24 . 2011-05-27 00:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-05-17 19:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "MRT"="c:\windows\system32\MRT.exe" [2011-08-11 52390856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR0pSVzItTlFIWEMtUVQ3T0otMlk0VEstOQ&inst=NzYtODc5MzQ0ODc4LUZMMTArMS1YTzEwKzExLUxJQysyLVRVRyszLUREVCsw&prod=92&ver=10.0.1392" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvanquestMainUI"="c:\program files\Avanquest\Fix-It\Fix-It.exe" [2011-03-01 1150744]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "tray"= 0 (0x0)
    "pop"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "c:\\Program Files\\StarCraft II\\Support\\BlizzardDownloader.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    .
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [7/7/2011 4:37 PM 13360]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 8:22 AM 95024]
    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [7/7/2011 4:37 PM 203056]
    R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:\program files\Avanquest\Fix-It\AVQWinMonEngine.exe [8/20/2010 8:21 PM 328704]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [7/7/2011 4:37 PM 69936]
    R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
    R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
    R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
    S2 SBAMSvc;Fix-It;c:\program files\Common Files\AntiVirus\SBAMSvc.exe [2/22/2010 1:29 PM 1012080]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - Avgldx86
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
    .
    2011-08-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2011-05-17 19:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\8xpzqnft.default\
    FF - prefs.js: browser.search.selectedEngine - ALOT Search
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=12279&client_id=280cc4f8a868a80828e89cca&camp_id=2578&install_time=2011-05-27T04:13Z&tb_version=2.4.11000%28F%29&pr=auto&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Filip - (no file)
    HKLM-Run-ErrorWiz - c:\program files\ErrorWiz\ErrorWiz.exe
    Notify-TPSvc - TPSvc.dll
    AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-16 07:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD2500JS-60NCB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
    .
    device: opened successfully
    user: MBR read successfully
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x89C5B31B
    user & kernel MBR OK
    .
    **************************************************************************
    .
    Completion time: 2011-08-16 07:08:45
    ComboFix-quarantined-files.txt 2011-08-16 13:08
    .
    Pre-Run: 202,405,736,448 bytes free
    Post-Run: 203,264,847,872 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
    .
    - - End Of File - - 17F5785D13213B7777E6BB2472510641
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Never run Combofix on your own!

    You're running two AV programs, AVG and Avanquest Fix-It.
    One of them has to go.
    I suggest Avanquest Fix-It goes.

    Then....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    it asked for a reboot on scan, i rebooted and now pasting.

    2011/08/17 16:38:31.0328 3776 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
    2011/08/17 16:38:33.0328 3776 ================================================================================
    2011/08/17 16:38:33.0328 3776 SystemInfo:
    2011/08/17 16:38:33.0328 3776
    2011/08/17 16:38:33.0328 3776 OS Version: 5.1.2600 ServicePack: 3.0
    2011/08/17 16:38:33.0328 3776 Product type: Workstation
    2011/08/17 16:38:33.0328 3776 ComputerName: SCOTT-20AEE80C8
    2011/08/17 16:38:33.0328 3776 UserName: Scott
    2011/08/17 16:38:33.0328 3776 Windows directory: C:\WINDOWS
    2011/08/17 16:38:33.0328 3776 System windows directory: C:\WINDOWS
    2011/08/17 16:38:33.0328 3776 Processor architecture: Intel x86
    2011/08/17 16:38:33.0328 3776 Number of processors: 2
    2011/08/17 16:38:33.0328 3776 Page size: 0x1000
    2011/08/17 16:38:33.0328 3776 Boot type: Normal boot
    2011/08/17 16:38:33.0328 3776 ================================================================================
    2011/08/17 16:38:34.0921 3776 Initialize success
    2011/08/17 16:38:51.0656 2156 ================================================================================
    2011/08/17 16:38:51.0656 2156 Scan started
    2011/08/17 16:38:51.0656 2156 Mode: Manual;
    2011/08/17 16:38:51.0656 2156 ================================================================================
    2011/08/17 16:38:52.0218 2156 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/08/17 16:38:52.0281 2156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/08/17 16:38:52.0375 2156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/08/17 16:38:52.0421 2156 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/08/17 16:38:52.0546 2156 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2011/08/17 16:38:52.0578 2156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/08/17 16:38:52.0687 2156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/08/17 16:38:52.0734 2156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/08/17 16:38:52.0781 2156 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/08/17 16:38:52.0859 2156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/08/17 16:38:52.0953 2156 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    2011/08/17 16:38:52.0968 2156 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    2011/08/17 16:38:53.0000 2156 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    2011/08/17 16:38:53.0062 2156 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    2011/08/17 16:38:53.0093 2156 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    2011/08/17 16:38:53.0125 2156 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    2011/08/17 16:38:53.0171 2156 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    2011/08/17 16:38:53.0218 2156 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    2011/08/17 16:38:53.0250 2156 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    2011/08/17 16:38:53.0359 2156 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    2011/08/17 16:38:53.0468 2156 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2011/08/17 16:38:53.0515 2156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/08/17 16:38:53.0718 2156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/08/17 16:38:53.0781 2156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/08/17 16:38:53.0843 2156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/08/17 16:38:53.0906 2156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/08/17 16:38:54.0093 2156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/08/17 16:38:54.0171 2156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/08/17 16:38:54.0281 2156 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/08/17 16:38:54.0375 2156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/08/17 16:38:54.0406 2156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/08/17 16:38:54.0468 2156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/08/17 16:38:54.0515 2156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/08/17 16:38:54.0593 2156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/08/17 16:38:54.0671 2156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/08/17 16:38:54.0734 2156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/08/17 16:38:54.0812 2156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/08/17 16:38:54.0843 2156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/08/17 16:38:54.0906 2156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/08/17 16:38:54.0968 2156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/08/17 16:38:55.0046 2156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/08/17 16:38:55.0125 2156 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/08/17 16:38:55.0156 2156 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/08/17 16:38:55.0265 2156 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
    2011/08/17 16:38:55.0359 2156 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
    2011/08/17 16:38:55.0437 2156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/08/17 16:38:55.0531 2156 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/08/17 16:38:55.0609 2156 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/08/17 16:38:55.0843 2156 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/08/17 16:38:55.0968 2156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/08/17 16:38:56.0015 2156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/08/17 16:38:56.0046 2156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/08/17 16:38:56.0109 2156 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/08/17 16:38:56.0187 2156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/08/17 16:38:56.0218 2156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/08/17 16:38:56.0265 2156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/08/17 16:38:56.0296 2156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/08/17 16:38:56.0375 2156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/08/17 16:38:56.0437 2156 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/08/17 16:38:56.0500 2156 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
    2011/08/17 16:38:56.0578 2156 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/08/17 16:38:56.0671 2156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/08/17 16:38:56.0734 2156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/08/17 16:38:56.0750 2156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/08/17 16:38:56.0843 2156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/08/17 16:38:56.0906 2156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/08/17 16:38:56.0984 2156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/08/17 16:38:57.0062 2156 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/08/17 16:38:57.0125 2156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/08/17 16:38:57.0187 2156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/08/17 16:38:57.0234 2156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/08/17 16:38:57.0250 2156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/08/17 16:38:57.0328 2156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/08/17 16:38:57.0359 2156 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/08/17 16:38:57.0406 2156 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/08/17 16:38:57.0484 2156 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/08/17 16:38:57.0546 2156 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/08/17 16:38:57.0578 2156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/08/17 16:38:57.0625 2156 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/08/17 16:38:57.0656 2156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/08/17 16:38:57.0687 2156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/08/17 16:38:57.0765 2156 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/08/17 16:38:57.0781 2156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/08/17 16:38:57.0859 2156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/08/17 16:38:57.0984 2156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/08/17 16:38:58.0375 2156 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/08/17 16:38:59.0531 2156 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    2011/08/17 16:38:59.0625 2156 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    2011/08/17 16:38:59.0703 2156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/08/17 16:38:59.0734 2156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/08/17 16:38:59.0828 2156 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/08/17 16:38:59.0906 2156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/08/17 16:38:59.0937 2156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/08/17 16:39:00.0000 2156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/08/17 16:39:00.0031 2156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/08/17 16:39:00.0078 2156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/08/17 16:39:00.0156 2156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/08/17 16:39:00.0343 2156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/08/17 16:39:00.0375 2156 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/08/17 16:39:00.0390 2156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/08/17 16:39:00.0437 2156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/08/17 16:39:00.0562 2156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/08/17 16:39:00.0609 2156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/08/17 16:39:00.0687 2156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/08/17 16:39:00.0703 2156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/08/17 16:39:00.0781 2156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/08/17 16:39:00.0859 2156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/08/17 16:39:00.0937 2156 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/08/17 16:39:00.0984 2156 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/08/17 16:39:01.0031 2156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/08/17 16:39:01.0109 2156 sbaphd (633b92550b29b09647e5d06f7f376d69) C:\WINDOWS\system32\drivers\sbaphd.sys
    2011/08/17 16:39:01.0156 2156 sbapifs (545f05311f9653c17fd43d024985f787) C:\WINDOWS\system32\drivers\sbapifs.sys
    2011/08/17 16:39:01.0250 2156 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREDrv.sys
    2011/08/17 16:39:01.0312 2156 sbtis (cf0ae6434a4c37a1232cfd71a31813b4) C:\WINDOWS\system32\drivers\sbtis.sys
    2011/08/17 16:39:01.0390 2156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/08/17 16:39:01.0531 2156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/08/17 16:39:01.0593 2156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/08/17 16:39:01.0703 2156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/08/17 16:39:01.0734 2156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/08/17 16:39:01.0812 2156 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/08/17 16:39:01.0859 2156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/08/17 16:39:01.0906 2156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/08/17 16:39:02.0046 2156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/08/17 16:39:02.0187 2156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/08/17 16:39:02.0234 2156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/08/17 16:39:02.0250 2156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/08/17 16:39:02.0296 2156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/08/17 16:39:02.0375 2156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/08/17 16:39:02.0468 2156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/08/17 16:39:02.0578 2156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/08/17 16:39:02.0625 2156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/08/17 16:39:02.0671 2156 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/08/17 16:39:02.0750 2156 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/08/17 16:39:02.0796 2156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/08/17 16:39:02.0828 2156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/08/17 16:39:02.0921 2156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/08/17 16:39:02.0953 2156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/08/17 16:39:03.0046 2156 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    2011/08/17 16:39:03.0156 2156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/08/17 16:39:03.0187 2156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/08/17 16:39:03.0234 2156 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
    2011/08/17 16:39:03.0234 2156 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/08/17 16:39:03.0250 2156 Boot (0x1200) (541381f3fd45a37e9ff32406f9bf21b0) \Device\Harddisk0\DR0\Partition0
    2011/08/17 16:39:03.0281 2156 Boot (0x1200) (5ec2fcd2f6fb867dfe591a4e85cf72e7) \Device\Harddisk0\DR0\Partition1
    2011/08/17 16:39:03.0281 2156 ================================================================================
    2011/08/17 16:39:03.0281 2156 Scan finished
    2011/08/17 16:39:03.0281 2156 ================================================================================
    2011/08/17 16:39:03.0296 2304 Detected object count: 1
    2011/08/17 16:39:03.0296 2304 Actual detected object count: 1
    2011/08/17 16:39:19.0937 2304 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/08/17 16:39:19.0937 2304 \Device\Harddisk0\DR0 - ok
    2011/08/17 16:39:19.0937 2304 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/08/17 16:39:35.0359 2728 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Well done :)

    How is computer doing?

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

    ==========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    mycomp seems to be perfectly fine im about to begin all those steps u asked me to do i will post everything u asked for !! This deff seems to be working im so excited!
     
  6. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    ROOTKIT:

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xB6D26000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12754944 bytes (NVIDIA Corporation, NVIDIA Windows XP Miniport Driver, Version 275.33 )
    0xB3E8B000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4403200 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 4198400 bytes (NVIDIA Corporation, NVIDIA Windows XP Display driver, Version 275.33 )
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB6B8F000 C:\WINDOWS\system32\DRIVERS\HSX_DP.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
    0xB6AD9000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0xB7E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB3B53000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB691E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB6A7E000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
    0xB3D75000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB25F5000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xB6A0B000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
    0xBD413000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB3D2E000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0xB6C86000 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys 282624 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
    0xB1DC4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB3B17000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0xB69D4000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
    0xB697C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB3CB0000 C:\WINDOWS\system32\drivers\sbtis.sys 196608 bytes (Sunbelt Software, Sunbelt TDI Inspection System)
    0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB273D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB7E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB1295000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xB3BC3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB6A56000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xB3CE0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB3D08000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xB3ACB000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xB3E67000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB6CEE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB6CCB000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB3C8E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB23F5000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
    0xB7EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB7DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xB3A63000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB7EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB69BD000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB3E01000 C:\WINDOWS\system32\drivers\SBREDrv.sys 90112 bytes (Sunbelt Software, Anti-Rootkit Engine)
    0xB2970000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB6D12000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB3DCE000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB7ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB69AC000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB28D2000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xB82C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xB82E8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xB80B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xB6866000 C:\WINDOWS\system32\drivers\sbapifs.sys 65536 bytes (Sunbelt Software, Sunbelt ActiveProtection Filter)
    0xB81E8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xB81A8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xB82D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB2AFD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xB8188000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xB80C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xB82A8000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
    0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xB82F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xB8308000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xB81C8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0xB8138000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xB8228000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xB82B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xB8318000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xB8168000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xB8158000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xB0759000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xB81F8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xB8148000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xB8208000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB8198000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
    0xB81D8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xB8408000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xB8478000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xB83F8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xB8420000 C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Firewall intermediate miniport driver)
    0xB8338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
    0xB8480000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xB8488000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xB8400000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xB8410000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xB8440000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xB8468000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xB8348000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
    0xB8418000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
    0xB8470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xB8430000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xB8438000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xB8428000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xB83F0000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xB84B0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xB84BC000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
    0xB3A3B000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0xB283A000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
    0xB8598000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB2C0D000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xB8578000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
    0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB3AFF000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xB8568000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xB6862000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xB8580000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xB7950000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xB85C8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xB85DC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xB85C6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xB85CA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xB85CC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xB85CE000 C:\WINDOWS\system32\drivers\sbaphd.sys 8192 bytes (Sunbelt Software, Sunbelt ActiveProtection hook driver)
    0xB85BE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xB85C0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xB86E5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xB8763000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xB86F4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good news :)
    Go on....
     
  8. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    aswMBR:
    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-17 20:05:14
    -----------------------------
    20:05:14.531 OS Version: Windows 5.1.2600 Service Pack 3
    20:05:14.531 Number of processors: 2 586 0x4B02
    20:05:14.531 ComputerName: SCOTT-20AEE80C8 UserName: Scott
    20:05:15.500 Initialize success
    20:05:43.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
    20:05:43.953 Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3
    20:05:45.968 Disk 0 MBR read successfully
    20:05:45.968 Disk 0 MBR scan
    20:05:45.968 Disk 0 Windows XP default MBR code
    20:05:45.968 Disk 0 scanning sectors +488391120
    20:05:46.046 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:05:53.671 Service scanning
    20:05:54.671 Modules scanning
    20:05:59.859 Disk 0 trace - called modules:
    20:05:59.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS BlackBox.SYS
    20:05:59.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d2cab8]
    20:05:59.875 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000071[0x89d32f18]
    20:05:59.875 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x89c0b940]
    20:05:59.875 Scan finished successfully
    20:06:29.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Scott\Desktop\MBR.dat"
    20:06:29.343 The log file has been saved successfully to "C:\Documents and Settings\Scott\Desktop\aswMBR.txt"
     
  9. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    ComboFix 11-08-13.02 - Scott 08/17/2011 20:28:29.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1240 [GMT -6:00]
    Running from: c:\documents and settings\Scott\My Documents\Downloads\ComboFix.exe
    AV: Avanquest Fix-It *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
    AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-16 14:40 . 2011-08-16 14:40 -------- d-----w- C:\$AVG
    2011-08-16 13:22 . 2011-08-16 13:22 -------- d-----w- c:\documents and settings\Scott\Application Data\Malwarebytes
    2011-08-16 13:22 . 2011-08-16 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-16 13:22 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 13:22 . 2011-08-16 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-16 13:22 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-10 22:06 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-10 22:06 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2011-05-26 03:07 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-21 18:25 . 2011-05-27 04:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-21 18:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-06-21 18:18 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-06-21 18:18 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-21 12:58 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-25 06:09 . 2006-05-09 21:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2011-05-25 06:09 . 2006-05-09 21:50 154728 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-05-25 06:09 . 2006-05-09 21:50 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-05-25 06:09 . 2006-05-09 21:50 13895272 ----a-w- c:\windows\system32\nvcpl.dll
    2011-05-25 06:09 . 2011-06-07 19:06 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-05-25 06:09 . 2011-06-07 19:06 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
    2011-05-25 06:09 . 2011-06-07 19:06 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
    2011-05-25 06:09 . 2011-06-07 19:06 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-05-25 06:09 . 2011-06-07 19:06 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-05-25 06:09 . 2011-06-07 19:06 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-05-25 06:09 . 2006-05-09 21:50 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-05-25 06:09 . 2006-05-09 21:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-05-25 06:09 . 2011-06-07 19:06 5332992 ----a-w- c:\windows\system32\nvcuda.dll
    2011-05-25 06:09 . 2011-06-07 19:06 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-05-25 06:09 . 2006-05-09 21:50 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-05-25 06:09 . 2006-05-09 21:50 2328576 ----a-w- c:\windows\system32\nvapi.dll
    2011-05-25 06:09 . 2006-05-09 21:50 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-06-21 18:24 . 2011-05-27 00:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-16_13.07.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-03-16 22:03 . 2011-03-16 22:03 32592 c:\windows\system32\drivers\avgrkx86.sys
    + 2011-03-01 20:25 . 2011-03-01 20:25 34896 c:\windows\system32\drivers\avgmfx86.sys
    + 2011-02-10 13:53 . 2011-02-10 13:53 27216 c:\windows\system32\drivers\AVGIDSShim.sys
    + 2011-02-10 13:53 . 2011-02-10 13:53 24144 c:\windows\system32\drivers\AVGIDSFilter.sys
    + 2011-02-22 14:13 . 2011-02-22 14:13 22992 c:\windows\system32\drivers\AVGIDSEH.sys
    + 2010-07-12 10:33 . 2010-07-12 10:33 30432 c:\windows\system32\drivers\avgfwdx.sys
    + 2010-07-12 10:33 . 2010-07-12 10:33 51040 c:\windows\system32\avgfwdx.dll
    + 2011-06-21 20:46 . 2011-08-17 23:30 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
    + 2011-06-21 20:46 . 2011-08-17 23:30 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
    + 2011-04-05 06:59 . 2011-04-05 06:59 297168 c:\windows\system32\drivers\avgtdix.sys
    + 2011-01-07 12:41 . 2011-01-07 12:41 248656 c:\windows\system32\drivers\avgldx86.sys
    + 2011-04-15 03:28 . 2011-04-15 03:28 134480 c:\windows\system32\drivers\AVGIDSDriver.sys
    + 2011-06-21 20:46 . 2011-08-17 23:30 937984 c:\windows\.jagex_cache_32\runescape\sw3d.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 937984 c:\windows\.jagex_cache_32\runescape\sw3d.dll
    + 2011-06-21 20:46 . 2011-08-17 23:30 137216 c:\windows\.jagex_cache_32\runescape\jaggl.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 137216 c:\windows\.jagex_cache_32\runescape\jaggl.dll
    + 2011-06-21 20:46 . 2011-08-17 23:30 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
    + 2011-06-21 20:46 . 2011-08-17 23:30 148992 c:\windows\.jagex_cache_32\runescape\jaclib.dll
    - 2011-06-21 20:46 . 2011-08-03 01:16 148992 c:\windows\.jagex_cache_32\runescape\jaclib.dll
    + 2011-08-16 14:25 . 2011-08-16 14:25 3489280 c:\windows\Installer\a6d66.msi
    + 2011-08-16 14:23 . 2011-08-16 14:23 1611776 c:\windows\Installer\a6d62.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-05-17 19:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "MRT"="c:\windows\system32\MRT.exe" [2011-08-11 52390856]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvanquestMainUI"="c:\program files\Avanquest\Fix-It\Fix-It.exe" [2011-03-01 1150744]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "tray"= 0 (0x0)
    "pop"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "c:\\Program Files\\StarCraft II\\Support\\BlizzardDownloader.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [7/7/2011 4:37 PM 13360]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 8:22 AM 95024]
    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [7/7/2011 4:37 PM 203056]
    R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:\program files\Avanquest\Fix-It\AVQWinMonEngine.exe [8/20/2010 8:21 PM 328704]
    R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [3/9/2011 7:24 PM 2708024]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/16/2011 7:22 AM 366640]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [7/7/2011 4:37 PM 69936]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/16/2011 7:22 AM 22712]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
    S2 SBAMSvc;Fix-It;c:\program files\Common Files\AntiVirus\SBAMSvc.exe [2/22/2010 1:29 PM 1012080]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 23468518
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - BLACKBOX
    *Deregistered* - 23468518
    *Deregistered* - aswMBR
    *Deregistered* - BlackBox
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
    .
    2011-08-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2011-05-17 19:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\8xpzqnft.default\
    FF - prefs.js: browser.search.selectedEngine - ALOT Search
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=12279&client_id=280cc4f8a868a80828e89cca&camp_id=2578&install_time=2011-05-27T04:13Z&tb_version=2.4.13000%28F%29&pr=auto&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-17 20:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(704)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-08-17 20:33:41
    ComboFix-quarantined-files.txt 2011-08-18 02:33
    ComboFix2.txt 2011-08-16 13:08
    .
    Pre-Run: 202,147,561,472 bytes free
    Post-Run: 202,169,323,520 bytes free
    .
    - - End Of File - - 3EAD9BB9AB91445CE210115E796DB3C6
     
  10. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    my combo fix worked so im suppost to stop there and not do anything else u had written because that was if it didnt work right? i will wait for ur response to my posts thanks so much again!!
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Did you?
    I need to know before I continue.
     
  12. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    i shutdown fix-it do u want it removed from my computer?

    Like i clicked shutdown on it so its not on or running.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    In case you want to reinstall AVG when we're done with Combofix, yes uninstall Fix-it completely and post new Combofix log.
     
  14. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    i uninstalled so both avg and fix-it are now off

    when i rebooted it came up

    Windows

    cannot find cmd.exe

    windows needs to know what etc.....

    that was before anything loaded up i needed to click cancel on that before it would load the rest up any ideas? im running combo now
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    What was the EXACT message?
     
  16. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    ComboFix 11-08-17.03 - Scott 08/17/2011 22:10:50.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1522 [GMT -6:00]
    Running from: c:\documents and settings\Scott\My Documents\Downloads\ComboFix.exe
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-18 04:03 . 2011-08-18 04:05 -------- d-----w- c:\windows\SxsCaPendDel
    2011-08-18 03:49 . 2011-08-18 03:49 -------- d-s---w- c:\windows\Cookies
    2011-08-16 13:22 . 2011-08-16 13:22 -------- d-----w- c:\documents and settings\Scott\Application Data\Malwarebytes
    2011-08-16 13:22 . 2011-08-16 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-16 13:22 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 13:22 . 2011-08-16 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-16 13:22 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-10 22:06 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-10 22:06 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2011-05-26 03:07 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-21 18:25 . 2011-05-27 04:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-21 18:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-06-21 18:18 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-06-21 18:18 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-21 12:58 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-25 06:09 . 2006-05-09 21:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2011-05-25 06:09 . 2006-05-09 21:50 154728 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-05-25 06:09 . 2006-05-09 21:50 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-05-25 06:09 . 2006-05-09 21:50 13895272 ----a-w- c:\windows\system32\nvcpl.dll
    2011-05-25 06:09 . 2011-06-07 19:06 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-05-25 06:09 . 2011-06-07 19:06 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
    2011-05-25 06:09 . 2011-06-07 19:06 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
    2011-05-25 06:09 . 2011-06-07 19:06 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-05-25 06:09 . 2011-06-07 19:06 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-05-25 06:09 . 2011-06-07 19:06 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-05-25 06:09 . 2006-05-09 21:50 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-05-25 06:09 . 2006-05-09 21:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-05-25 06:09 . 2011-06-07 19:06 5332992 ----a-w- c:\windows\system32\nvcuda.dll
    2011-05-25 06:09 . 2011-06-07 19:06 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-05-25 06:09 . 2006-05-09 21:50 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-05-25 06:09 . 2006-05-09 21:50 2328576 ----a-w- c:\windows\system32\nvapi.dll
    2011-05-25 06:09 . 2006-05-09 21:50 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-06-21 18:24 . 2011-05-27 00:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-16_13.07.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-07-12 10:33 . 2010-07-12 10:33 30432 c:\windows\system32\drivers\avgfwdx.sys
    + 2010-07-12 10:33 . 2010-07-12 10:33 51040 c:\windows\system32\avgfwdx.dll
    + 2011-08-18 03:49 . 2011-08-17 22:41 16384 c:\windows\Cookies\index.dat
    + 2011-06-21 20:46 . 2011-08-18 02:40 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
    + 2011-06-21 20:46 . 2011-08-18 02:40 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
    + 2011-06-21 20:46 . 2011-08-18 02:40 937984 c:\windows\.jagex_cache_32\runescape\sw3d.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 937984 c:\windows\.jagex_cache_32\runescape\sw3d.dll
    + 2011-06-21 20:46 . 2011-08-18 02:40 137216 c:\windows\.jagex_cache_32\runescape\jaggl.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 137216 c:\windows\.jagex_cache_32\runescape\jaggl.dll
    - 2011-06-21 20:46 . 2011-08-03 01:17 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
    + 2011-06-21 20:46 . 2011-08-18 02:40 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
    - 2011-06-21 20:46 . 2011-08-03 01:16 148992 c:\windows\.jagex_cache_32\runescape\jaclib.dll
    + 2011-06-21 20:46 . 2011-08-18 02:40 148992 c:\windows\.jagex_cache_32\runescape\jaclib.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-05-17 19:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Filip"="0" [X]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "MRT"="c:\windows\system32\MRT.exe" [2011-08-11 52390856]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "tray"= 0 (0x0)
    "pop"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "c:\\Program Files\\StarCraft II\\Support\\BlizzardDownloader.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    .
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/16/2011 7:22 AM 366640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/16/2011 7:22 AM 22712]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\8xpzqnft.default\
    FF - prefs.js: browser.search.selectedEngine - ALOT Search
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=12279&client_id=280cc4f8a868a80828e89cca&camp_id=2578&install_time=2011-05-27T04:13Z&tb_version=2.4.13000%28F%29&pr=auto&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKU-Default-RunOnce-AvanquestMainUI - c:\program files\Avanquest\Fix-It\Fix-It.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-17 22:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2928)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-08-17 22:16:09
    ComboFix-quarantined-files.txt 2011-08-18 04:16
    ComboFix2.txt 2011-08-18 02:33
    ComboFix3.txt 2011-08-16 13:08
    .
    Pre-Run: 203,180,920,832 bytes free
    Post-Run: 203,169,173,504 bytes free
    .
    - - End Of File - - 8E00CB308F2E98D0CD8E7FD84745FCE1
     
  17. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    going to reboot now to write it down

    can i reinstall avg now so i have anitvirus?? ill wait for ur response rebooting now
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    Any current issues?

    Yes, you can reinstall AVG now.

    Uninstall Ask Toolbar, typical foistware.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    it didnt come up this time. between the two reboots all i did was run combofix
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OK.
    Go on.....
     
  21. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    OTL.Txt:

    OTL logfile created on: 8/17/2011 10:23:42 PM - Run 1
    OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Scott\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 77.08% Memory free
    2.29 Gb Paging File | 2.01 Gb Available in Paging File | 87.85% Paging File free
    Paging file location(s): C:\pagefile.sys 512 1024

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.07 Gb Total Space | 189.24 Gb Free Space | 84.45% Space Free | Partition Type: NTFS
    Drive H: | 8.79 Gb Total Space | 0.41 Gb Free Space | 4.70% Space Free | Partition Type: FAT32

    Computer Name: SCOTT-20AEE80C8 | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/17 22:22:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\My Documents\Downloads\OTL.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/21 12:24:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/21 12:25:21 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/06/21 12:24:09 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2006/03/08 14:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/12/06 11:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/12/06 11:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
    DRV - [2004/12/22 00:32:00 | 000,369,024 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ca"
    FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=12279&client_id=280cc4f8a868a80828e89cca&camp_id=2578&install_time=2011-05-27T04:13:27Z&tb_version=2.4.13000%28F%29&pr=auto&q="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 12:24:10 | 000,000,000 | ---D | M]

    [2011/05/26 18:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Extensions
    [2011/08/17 21:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\8xpzqnft.default\extensions
    [2011/07/06 12:46:29 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\8xpzqnft.default\extensions\plugin@yontoo.com
    [2011/08/16 06:56:26 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\8xpzqnft.default\extensions\toolbar@alot.com
    [2011/05/26 22:13:51 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\8xpzqnft.default\searchplugins\alot-search.xml
    [2011/07/10 11:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/26 22:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/07/10 11:51:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/05/26 22:38:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/06/02 03:02:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/06/21 12:24:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    Hosts file not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003..\Run: [Filip] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: tray = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: pop = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/05/25 21:11:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/17 22:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\Identities
    [2011/08/17 22:16:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/08/17 22:03:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
    [2011/08/17 21:49:19 | 000,000,000 | --SD | C] -- C:\WINDOWS\Cookies
    [2011/08/17 21:48:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/08/17 21:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2011/08/16 07:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\Malwarebytes
    [2011/08/16 07:22:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/08/16 07:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/08/16 07:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/08/16 07:22:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/08/16 07:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/08/16 06:55:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/08/16 06:51:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/08/16 06:51:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/08/16 06:51:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/08/16 06:51:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/08/16 06:49:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/08/16 06:46:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/02 14:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/17 22:19:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/08/17 22:19:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/08/17 21:50:07 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Scott\jagex_runescape_preferences2.dat
    [2011/08/17 21:49:07 | 000,000,035 | ---- | M] () -- C:\Documents and Settings\Scott\jagex_runescape_preferences.dat
    [2011/08/17 20:06:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\MBR.dat
    [2011/08/17 16:31:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/08/16 07:22:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/16 06:55:46 | 000,000,339 | RHS- | M] () -- C:\boot.ini
    [2011/08/13 09:59:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/08/11 03:05:48 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/08/11 03:05:48 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/08/11 03:03:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/08/11 03:03:01 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/17 20:06:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\MBR.dat
    [2011/08/16 07:22:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/16 06:55:45 | 000,000,223 | ---- | C] () -- C:\Boot.bak
    [2011/08/16 06:55:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/08/16 06:51:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/08/16 06:51:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/08/16 06:51:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/08/16 06:51:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/08/16 06:51:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/07/15 03:03:31 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/07/06 13:03:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/06/07 13:06:48 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011/06/07 13:06:48 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2011/06/07 13:06:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/06/07 13:06:30 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2011/05/26 18:12:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/05/26 18:00:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2011/05/26 18:00:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2011/05/25 21:13:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/05/25 21:08:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/05/25 14:54:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/05/25 14:53:23 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/08/07 19:22:22 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2006/05/09 15:50:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/05/09 15:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 06:00:00 | 000,433,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 06:00:00 | 000,067,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/08/17 16:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
    [2011/08/17 22:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/05/26 15:32:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/07/06 13:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hF04907MdDdO04907
    [2011/08/17 21:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/08/16 06:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2011/06/25 18:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/05/27 13:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/07/11 08:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    [2011/08/17 22:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Avanquest
    [2011/06/25 17:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\AVG
    [2011/05/26 15:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\AVG10
    [2011/07/02 12:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\FrostWire
    [2011/07/15 11:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\licenses
    [2011/07/15 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\PCMM2009
    [2011/07/15 11:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\PCMM2011
    [2011/07/11 08:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Uniblue
    [2011/08/16 10:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\uPlayer
    [2011/05/26 15:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\WinBatch

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/05/25 21:11:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/06/07 13:11:13 | 000,000,223 | ---- | M] () -- C:\Boot.bak
    [2011/08/16 06:55:46 | 000,000,339 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/08/17 22:16:09 | 000,010,857 | ---- | M] () -- C:\ComboFix.txt
    [2011/05/25 21:11:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/05/25 21:11:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/05/25 21:11:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/05/26 19:04:23 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/08/17 22:19:08 | 536,870,912 | -HS- | M] () -- C:\pagefile.sys
    [2009/04/04 04:55:44 | 000,038,758 | ---- | M] () -- C:\Registry12.reg
    [2011/05/26 22:01:57 | 000,005,027 | ---- | M] () -- C:\scramble.log
    [2011/08/17 16:39:35 | 000,038,912 | ---- | M] () -- C:\TDSSKiller.2.5.15.0_17.08.2011_16.38.31_log.txt
    [2011/08/17 16:46:36 | 000,038,184 | ---- | M] () -- C:\TDSSKiller.2.5.15.0_17.08.2011_16.46.18_log.txt
    [2009/04/01 04:48:00 | 000,001,034 | ---- | M] () -- C:\vistaregistry12.reg
    [2009/12/27 14:50:44 | 000,000,186 | ---- | M] () -- C:\windows7keys.reg

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2011/05/25 21:10:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2011/05/25 14:52:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2011/05/25 14:52:26 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2011/05/25 14:52:26 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/05/26 19:09:40 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/26 19:33:44 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/05/25 21:47:55 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/26 18:04:45 | 002,869,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Scott\Desktop\dotNetFx35setup.exe
    [2011/05/26 18:03:51 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Scott\Desktop\dotNetFx40_Full_setup.exe
    [2011/05/26 18:10:11 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\Scott\Desktop\Firefox Setup 4.0.1.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/05/26 19:33:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Scott\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/08/17 22:20:32 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Scott\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 12:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 12:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 12:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

    < End of report >




    Extras.Txt:

    OTL Extras logfile created on: 8/17/2011 10:23:42 PM - Run 1
    OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Scott\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 77.08% Memory free
    2.29 Gb Paging File | 2.01 Gb Available in Paging File | 87.85% Paging File free
    Paging file location(s): C:\pagefile.sys 512 1024

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.07 Gb Total Space | 189.24 Gb Free Space | 84.45% Space Free | Partition Type: NTFS
    Drive H: | 8.79 Gb Total Space | 0.41 Gb Free Space | 4.70% Space Free | Partition Type: FAT32

    Computer Name: SCOTT-20AEE80C8 | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1003\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
    "C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.)
    "C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
    "C:\Program Files\StarCraft II\Support\BlizzardDownloader.exe" = C:\Program Files\StarCraft II\Support\BlizzardDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Program Files\StarCraft II\Versions\Base16605\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16605\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20DEB77C-21D6-4D22-BB47-233E47613D57}" = Microsoft Games for Windows - LIVE Redistributable
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D7FF07C3-66A0-47E2-BFFA-5307A186D1B1}" = PC MightyMax 2011
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
    "F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
    "FrostWire" = FrostWire 4.21.8
    "InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "StarCraft II" = StarCraft II
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/16/2011 9:55:27 AM | Computer Name = SCOTT-20AEE80C8 | Source = Application Error | ID = 1000
    Description = Faulting application mbam.exe, version 1.51.1.1076, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x00011295.

    Error - 8/16/2011 12:09:56 PM | Computer Name = SCOTT-20AEE80C8 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module Flash10q.ocx, version 10.3.181.14, fault address 0x00001caf.

    Error - 8/16/2011 12:52:49 PM | Computer Name = SCOTT-20AEE80C8 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
    with error: The connection with the server was terminated abnormally

    Error - 8/16/2011 12:52:49 PM | Computer Name = SCOTT-20AEE80C8 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
    with error: This network connection does not exist.

    Error - 8/16/2011 12:55:04 PM | Computer Name = SCOTT-20AEE80C8 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
    with error: The connection with the server was terminated abnormally

    Error - 8/16/2011 12:55:04 PM | Computer Name = SCOTT-20AEE80C8 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
    with error: This network connection does not exist.

    Error - 8/17/2011 6:38:29 PM | Computer Name = SCOTT-20AEE80C8 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 8/17/2011 6:38:29 PM | Computer Name = SCOTT-20AEE80C8 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 8/17/2011 10:20:22 PM | Computer Name = SCOTT-20AEE80C8 | Source = MsiInstaller | ID = 11921
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
    1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd)
    could not be stopped. Verify that you have sufficient privileges to stop system
    services.

    Error - 8/17/2011 10:21:56 PM | Computer Name = SCOTT-20AEE80C8 | Source = MsiInstaller | ID = 11921
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
    1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd)
    could not be stopped. Verify that you have sufficient privileges to stop system
    services.


    < End of report >
     
  22. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    Also it seems to be running great since that very first step u had me do
    TDSSKILLER

    i dont know what it did but ever since then it seems to be running great

    Can i use avg anti virus and avg internet security at the same time?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    TDSSKiller cured a rootkit. That was the main culprit.

    Don't forget to reinstall AVG.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      O4 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003..\Run: [Filip] File not found
      O37 - HKU\S-1-5-21-2052111302-1757981266-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
      [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2011/08/17 16:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
      [2011/08/16 06:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
      [2011/08/17 22:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Avanquest
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
      
      :Files
      C:\Program Files\Ask.com
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    when i rebooted it came up at the bottom malicious software removed please click here to finish removal

    i clicked it;

    Malicious Software was detected and partially removed from your computer.

    To help complete removal you should:
    ;Click the scan results link to view manual removal steps.

    ; Run a full scan with an anti-virus product.

    View detailed results of the scan.


    This tool is not a replacement for an antivirus product. To help protect your computer, you should use an anti virus prodcut. For more information see protect your pc.



    WHEN i click view detailed results of the scan

    Trojan:DOS/Alureon.A Partially removed, manual steps required

    then i click it and my internet explorer browser pops up and bring me to this page

    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan:DOS/Alureon.A

    heres the text copy pasted form that page;

    Trojan:DOS/Alureon.A (?)
    Encyclopedia entry
    Updated: Dec 08, 2010 | Published: Aug 27, 2010

    Aliases
    Not available

    Alert Level (?)
    Severe

    Antimalware protection details
    Microsoft recommends that you download the latest definitions to get protected.
    Detection last updated:
    Definition: 1.95.141.0
    Released: Nov 18, 2010 Detection initially created:
    Definition: 1.87.1229.0
    Released: Aug 04, 2010



    --------------------------------------------------------------------------------

    On this page
    Summary|Symptoms|Technical Information|Prevention|Recovery




    --------------------------------------------------------------------------------


    Summary
    Trojan:DOS/Alureon.A is the detection for a variant of the Alureon malware family that infects the Master Boot Record (MBR).

    Top

    --------------------------------------------------------------------------------


    Symptoms
    Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.

    Top

    --------------------------------------------------------------------------------


    Technical Information (Analysis)
    Trojan:DOS/Alureon.A is the detection for a variant of the Alureon malware family that infects the Master Boot Record (MBR). It attempts to decrypt and execute the contents of a file named "ldr16".

    The file is stored on the encrypted virtual file system (VFS) created by Trojan:Win32/Alureon.DX.

    Analysis by Scott Molenkamp

    Top

    --------------------------------------------------------------------------------


    Prevention
    Take the following steps to help prevent infection on your computer:
    Enable a firewall on your computer.
    Get the latest computer updates for all your installed software.
    Use up-to-date antivirus software.
    Limit user privileges on the computer.
    Use caution when opening attachments and accepting file transfers.
    Use caution when clicking on links to webpages.
    Avoid downloading pirated software.
    Protect yourself against social engineering attacks.
    Use strong passwords.
    Enable a firewall on your computer
    Use a third-party firewall product or turn on the Microsoft Windows Internet Connection Firewall.
    How to turn on the Windows Firewall in Windows 7
    How to turn on the Windows Firewall in Windows Vista
    How to turn on the Windows firewall in Windows XP
    Get the latest computer updates
    Updates help protect your computer from viruses, worms, and other threats as they are discovered. It is important to install updates for all the software that is installed in your computer. These are usually available from vendor websites.

    You can use the Automatic Updates feature in Windows to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
    How to turn on Automatic Updates in Windows 7
    How to turn on Automatic Updates in Windows Vista
    How to turn on Automatic Updates in Windows XP
    Use up-to-date antivirus software
    Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software, such as Microsoft Security Essentials, that is updated with the latest signature files. For more information, see http://www.microsoft.com/windows/antivirus-partners/.
    Limit user privileges on the computer
    Starting with Windows Vista and Windows 7, Microsoft introduced User Account Control (UAC), which, when enabled, allowed users to run with least user privileges. This scenario limits the possibility of attacks by malware and other threats that require administrative privileges to run.

    You can configure UAC in your computer to meet your preferences:
    User Account Control in Windows 7
    User Account Control in Windows Vista
    Applying the Principle of Least Privilege in Windows XP
    More on User Account Control
    Use caution when opening attachments and accepting file transfers
    Exercise caution with email and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.
    Use caution when clicking on links to webpages
    Exercise caution with links to webpages that you receive from unknown sources, especially if the links are to a webpage that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your computer simply by visiting a webpage with harmful content.
    Avoid downloading pirated software
    Threats may also be bundled with software and files that are available for download on various torrent sites. Downloading "cracked" or "pirated" software from these sites carries not only the risk of being infected with malware, but is also illegal. For more information, see 'The risks of obtaining and using pirated software'.
    Protect yourself from social engineering attacks
    While attackers may attempt to exploit vulnerabilities in hardware or software to compromise a computer, they also attempt to exploit vulnerabilities in human behavior to do the same. When an attacker attempts to take advantage of human behavior to persuade the affected user to perform an action of the attacker's choice, it is known as 'social engineering'. Essentially, social engineering is an attack against the human interface of the targeted computer. For more information, see 'What is social engineering?'.
    Use strong passwords
    Attackers may try to gain access to your Windows account by guessing your password. It is therefore important that you use a strong password – one that cannot be easily guessed by an attacker. A strong password is one that has at least eight characters, and combines letters, numbers, and symbols. For more information, see http://www.microsoft.com/protect/yourself/password/create.mspx.

    Top

    --------------------------------------------------------------------------------


    Recovery
    To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product.

    For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
    Additional recovery instructions for Trojan:DOS/Alureon.A
    This virus may cause damage to the Master Boot Record (MBR) and Boot Configuration Data (BCD). You will need to run the following commands using the "bootrec.exe" tool to ensure a complete repair of your computer:

    bootrec /fixmbr
    bootrec /fixboot
    bootrec /rebuildbcd

    For more details on these commands, please refer to Microsoft Security Article KB927392, with specific focus to the options "/fixmbr", "/fixboot" and "/rebuildbcd".
     
  25. Scottdavid

    Scottdavid TS Rookie Topic Starter Posts: 23

    here is the results from my RUNFIX

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
    Registry value HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Filip deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1003_Classes\.exe\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1003_Classes\exefile\ deleted successfully.
    HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Avanquest\Common folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Avanquest\AntiMalware\Quarantine folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Avanquest\AntiMalware\Logs folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Avanquest\AntiMalware\History folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Avanquest\AntiMalware\Events folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Avanquest\AntiMalware\Downloads folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Avanquest\AntiMalware folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Avanquest folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdbupdate folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\STOPzilla! folder moved successfully.
    C:\Documents and Settings\Scott\Application Data\Avanquest\AntiMalware\logs folder moved successfully.
    C:\Documents and Settings\Scott\Application Data\Avanquest\AntiMalware folder moved successfully.
    C:\Documents and Settings\Scott\Application Data\Avanquest folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
    ========== FILES ==========
    C:\Program Files\Ask.com\Updater folder moved successfully.
    C:\Program Files\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files\Ask.com\assets folder moved successfully.
    C:\Program Files\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 29465930 bytes
    ->Flash cache emptied: 617 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 3080 bytes
    ->Flash cache emptied: 9145 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 41 bytes
    ->Flash cache emptied: 40532 bytes

    User: Scott
    ->Temp folder emptied: 12776541 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 3526244 bytes
    ->FireFox cache emptied: 76068859 bytes
    ->Flash cache emptied: 16687 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 603 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 116.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Scott
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.26.5 log created on 08172011_224722

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Scott\Local Settings\Temp\Perflib_Perfdata_b58.dat not found!

    Registry entries deleted on Reboot...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...