Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 2 [3]  All   Go Down

Author Topic: Malware Removal Help and Assistance Requested  (Read 25002 times)

0 Members and 1 Guest are viewing this topic.

MauiFaka

    Topic Starter


    Rookie
    Re: Malware Removal Help and Assistance Requested
    « Reply #30 on: April 27, 2011, 02:39:09 PM »
    Below is OTL.Txt



    OTL logfile created on: 4/27/2011 10:29:51 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 94.61 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
    Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
     
    Computer Name: WOS-1394F7D3658 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Muiltmedia keyboard utility\1.1\KBDAP32A.EXE ()
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
    PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
    PRC - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()
     
     
    ========== Modules (SafeList) ==========
     
    MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
    MOD - C:\Program Files\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - (AppMgmt) --  File not found
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    SRV - (bepldr) -- C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe ()
    SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
    DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
    DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
    DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
    DRV - (pctNdisMP) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
    DRV - (pctNdis) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
    DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (gstkserd) -- C:\WINDOWS\system32\drivers\gstkserd.sys (MCCI)
    DRV - (gstkbus) 3Gstick USB Composite Device (WDM) -- C:\WINDOWS\system32\drivers\gstkbus.sys (MCCI)
    DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
    DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
    DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
    DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
    DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
    DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
    DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: [email protected]:20110101
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.90
    FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.rice.edu/proxy.pac"
     
     
    FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2011/04/23 11:00:24 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 22:47:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 22:47:52 | 000,000,000 | ---D | M]
     
    [2009/03/30 21:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2011/04/26 10:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions
    [2010/03/25 20:56:10 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    [2011/04/20 18:45:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/26 10:21:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/03/31 12:06:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
    [2011/04/24 14:13:18 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2011/04/24 22:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/23 23:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/03/15 17:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) --
    [2009/07/22 11:16:19 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
    [2011/04/23 11:00:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRA~1\AVASTS~1\AVAST\WEBREP\FF
    [2010/04/23 23:07:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/03/18 07:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2008/09/03 14:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/12/31 22:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
     
    O1 HOSTS File: ([2010/06/28 18:09:57 | 000,408,553 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: 127.0.0.1   www.007guard.com
    O1 - Hosts: 127.0.0.1   007guard.com
    O1 - Hosts: 127.0.0.1   008i.com
    O1 - Hosts: 127.0.0.1   www.008k.com
    O1 - Hosts: 127.0.0.1   008k.com
    O1 - Hosts: 127.0.0.1   www.00hq.com
    O1 - Hosts: 127.0.0.1   00hq.com
    O1 - Hosts: 127.0.0.1   010402.com
    O1 - Hosts: 127.0.0.1   www.032439.com
    O1 - Hosts: 127.0.0.1   032439.com
    O1 - Hosts: 127.0.0.1   www.0scan.com
    O1 - Hosts: 127.0.0.1   0scan.com
    O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1   1000gratisproben.com
    O1 - Hosts: 127.0.0.1   www.1001namen.com
    O1 - Hosts: 127.0.0.1   1001namen.com
    O1 - Hosts: 127.0.0.1   100888290cs.com
    O1 - Hosts: 127.0.0.1   www.100888290cs.com
    O1 - Hosts: 127.0.0.1   100sexlinks.com
    O1 - Hosts: 127.0.0.1   www.100sexlinks.com
    O1 - Hosts: 127.0.0.1   10sek.com
    O1 - Hosts: 127.0.0.1   www.10sek.com
    O1 - Hosts: 127.0.0.1   www.1-2005-search.com
    O1 - Hosts: 127.0.0.1   1-2005-search.com
    O1 - Hosts: 14129 more lines...
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE ()
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
    O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238481082031 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/30 17:22:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2011/04/26 10:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GooredFix Backups
    [2011/04/25 10:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
    [2011/04/25 01:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    [2011/04/25 01:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
    [2011/04/25 01:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
    [2011/04/25 01:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
    [2011/04/24 14:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
    [2011/04/24 12:17:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/04/24 10:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/04/24 01:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2011/04/24 01:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2011/04/23 18:59:17 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
    [2011/04/23 18:59:17 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
    [2011/04/23 15:44:44 | 000,472,064 | ---- | C] ( ) -- C:\RootRepeal.exe
    [2011/04/23 14:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/04/23 13:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2011/04/23 12:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
    [2011/04/23 12:14:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/23 11:57:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/23 11:57:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/23 11:57:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/23 11:57:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/23 11:55:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/23 11:52:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/23 11:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/04/23 11:43:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/04/23 11:43:09 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/04/23 11:43:09 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/04/23 11:43:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/04/23 11:43:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/04/23 11:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/04/23 11:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/04/23 11:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/04/23 11:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/04/23 11:00:46 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/04/23 11:00:46 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/04/23 11:00:43 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/04/23 11:00:43 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/04/23 11:00:42 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/04/23 11:00:41 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/04/23 11:00:41 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/04/23 11:00:41 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/04/23 11:00:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/04/23 11:00:23 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/04/23 11:00:22 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/04/23 11:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/04/23 11:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/23 03:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/04/23 03:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
    [2011/04/23 02:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2011/04/23 02:52:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/23 02:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/23 02:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/04/23 02:52:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/23 02:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/23 00:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2011/04/22 23:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/04/22 23:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/04/22 22:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/04/22 14:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Muiltmedia keyboard utility 1.1
    [2011/04/22 14:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Muiltmedia keyboard utility
    [2011/04/21 12:04:48 | 010,687,672 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\fffram.exe
    [2011/04/21 11:56:32 | 035,624,744 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Owner\My Documents\SafariSetup.exe
    [2011/04/21 03:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2011/04/21 03:19:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2011/04/21 03:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/04/20 22:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
    [2011/04/20 22:42:20 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2011/04/20 22:42:20 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2011/04/20 22:42:18 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2011/04/20 22:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/04/20 22:41:25 | 000,089,192 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
    [2011/04/20 22:41:25 | 000,057,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
    [2011/04/20 22:41:25 | 000,032,808 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
    [2011/04/20 22:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Firewall Plus
    [2011/04/20 22:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/04/20 22:41:24 | 000,124,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
    [2011/04/20 22:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
    [2011/04/17 20:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
    [2011/04/17 10:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Maps
    [2011/04/16 15:14:11 | 000,000,000 | ---D | C] -- C:\Vids 2 b transferred
    [2011/04/16 15:11:00 | 000,000,000 | ---D | C] -- C:\Recovered
    [2011/04/16 14:39:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
    [2011/04/16 12:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
    [2011/04/16 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
    [2011/04/15 11:30:31 | 000,000,000 | ---D | C] -- C:\pics
    [2011/04/14 18:11:06 | 000,000,000 | ---D | C] -- C:\ITunes Music
    [2011/04/08 19:33:56 | 000,000,000 | ---D | C] -- C:\dvd rips
    [2011/04/07 15:42:18 | 000,000,000 | ---D | C] -- C:\YT Ready
    [2011/04/05 23:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2011/04/05 14:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
    [2011/04/05 12:05:49 | 000,000,000 | ---D | C] -- C:\DVR *censored*
    [2011/04/05 11:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VHS to DVD
    [2011/04/05 11:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\HTVideoEditor
    [2011/04/05 11:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VHS to DVD
    [2011/04/05 11:37:09 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys
    [2011/04/05 11:37:09 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
    [2011/04/05 11:36:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
    [2011/04/05 11:36:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
    [2011/04/05 11:36:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
    [2011/04/05 11:36:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
    [2011/04/05 11:28:10 | 000,479,232 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emBDA.sys
    [2011/04/05 11:28:10 | 000,106,496 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emPRP.ax
    [2011/04/05 11:28:10 | 000,061,440 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\emMON.exe
    [2011/04/05 11:28:10 | 000,028,288 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emOEM.sys
    [2011/04/05 11:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\VIDBOX NW03
    [2011/04/05 11:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\honestech
    [2011/04/05 11:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\honestech VHS to DVD 4.0 Plus
    [2011/04/05 11:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\honestech VHS to DVD 4.0 Plus
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2011/04/27 10:12:17 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/27 10:01:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/26 10:28:48 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to GooredFix.lnk
    [2011/04/25 13:38:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/04/25 11:38:26 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2011/04/25 01:08:15 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/04/25 01:08:15 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
    [2011/04/25 00:49:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/24 22:47:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/24 22:47:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/24 11:04:45 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to esetsmartinstaller_enu.lnk
    [2011/04/23 15:45:02 | 000,000,000 | ---- | M] () -- C:\settings.dat
    [2011/04/23 12:14:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/04/23 11:43:25 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/04/23 11:10:20 | 000,513,008 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\avinstall.exe
    [2011/04/23 11:00:42 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/04/23 10:19:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2011/04/23 04:18:11 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/23 04:18:11 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/23 03:23:27 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to sniper.exe.lnk
    [2011/04/23 03:22:25 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sniper.exe (2).lnk
    [2011/04/23 03:21:20 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sniper.exe.lnk
    [2011/04/23 02:52:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/22 23:18:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/21 19:45:51 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
    [2011/04/21 12:04:48 | 010,687,672 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\fffram.exe
    [2011/04/21 11:56:33 | 035,624,744 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Owner\My Documents\SafariSetup.exe
    [2011/04/21 03:10:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/04/20 22:35:43 | 000,019,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\avg scan.csv
    [2011/04/19 18:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/04/18 07:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/04/18 07:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/04/18 07:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/04/18 07:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/04/18 07:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/04/18 07:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/04/18 07:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/04/18 07:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/04/18 07:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/04/18 07:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/04/16 12:51:07 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
    [2011/04/16 10:32:42 | 002,818,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/05 11:25:51 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\honestech VHS to DVD 4.0 Plus.lnk
    [2011/04/05 11:25:51 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\honestech VHS to DVD 4.0 Plus User Guide.lnk
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2011/04/26 10:28:48 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to GooredFix.lnk
    [2011/04/25 11:40:48 | 000,513,008 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\avinstall.exe
    [2011/04/25 01:08:15 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/04/25 01:08:15 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
    [2011/04/24 22:47:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/04/24 22:47:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/24 11:04:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to esetsmartinstaller_enu.lnk
    [2011/04/23 15:45:02 | 000,000,000 | ---- | C] () -- C:\settings.dat
    [2011/04/23 12:14:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/04/23 12:14:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/23 11:57:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/23 11:57:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/23 11:57:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/23 11:57:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/23 11:57:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/23 11:43:25 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/04/23 10:28:43 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2011/04/23 03:23:27 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to sniper.exe.lnk
    [2011/04/23 03:22:25 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sniper.exe (2).lnk
    [2011/04/23 03:21:20 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sniper.exe.lnk
    [2011/04/23 02:52:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/22 23:18:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/21 03:36:51 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
    [2011/04/21 03:10:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/04/20 22:35:43 | 000,019,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\avg scan.csv
    [2011/04/16 12:51:07 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
    [2011/04/05 11:36:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
    [2011/04/05 11:36:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2011/04/05 11:36:58 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
    [2011/04/05 11:36:58 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2011/04/05 11:36:58 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
    [2011/04/05 11:36:58 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2011/04/05 11:28:10 | 000,016,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\merlinC.rom
    [2011/04/05 11:25:51 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\honestech VHS to DVD 4.0 Plus.lnk
    [2011/04/05 11:25:51 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\honestech VHS to DVD 4.0 Plus User Guide.lnk
    [2011/03/15 19:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2011/03/15 19:08:44 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2011/03/15 19:08:44 | 000,203,331 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2011/03/15 19:08:44 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2011/03/15 19:08:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
    [2011/03/15 19:08:24 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
    [2011/03/15 17:32:37 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2011/03/15 17:32:34 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011/03/15 17:32:34 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/03/15 17:32:27 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2011/03/07 22:58:41 | 000,000,623 | ---- | C] () -- C:\WINDOWS\System32\Franklin Access Manager.ini
    [2010/06/09 22:04:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
    [2009/12/18 01:23:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2009/11/01 21:46:56 | 000,145,852 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/09/14 15:44:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/05/01 13:58:02 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2009/04/12 22:30:58 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/31 19:42:27 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2009/03/31 11:51:15 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/31 11:50:00 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/03/31 11:49:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009/03/31 11:49:59 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/03/31 11:49:59 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/03/31 11:49:58 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/03/30 21:51:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/03/30 20:21:08 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2009/03/30 18:54:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/03/30 18:45:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2009/03/30 17:24:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/03/30 17:20:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/03/30 07:11:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/03/30 07:10:35 | 002,818,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2005/03/22 08:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/22 08:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 00:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 00:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
     
    ========== LOP Check ==========
     
    [2011/04/23 11:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/23 10:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/03/15 19:34:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2009/04/01 12:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2010/03/22 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
    [2009/09/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2009/03/31 14:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    [2011/04/27 10:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/03/31 13:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/10/10 18:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/01 13:35:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    [2009/04/07 20:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/12/13 12:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    [2009/05/10 17:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Binary Fortress Software
    [2011/04/23 09:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
    [2009/03/31 12:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/04/01 12:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
    [2009/07/02 22:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
    [2010/01/21 15:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
    [2009/03/31 19:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
    [2009/09/14 15:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nitro PDF
    [2009/09/14 13:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2011/04/20 22:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
    [2009/03/31 14:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
    [2011/04/25 16:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
    [2011/04/25 13:38:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

    < End of report >
    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Malware Removal Help and Assistance Requested
    « Reply #31 on: April 27, 2011, 05:11:51 PM »
    * Open OTL
    * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

    Code: [Select]
    :OTL
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: 127.0.0.1   www.007guard.com
    O1 - Hosts: 127.0.0.1   007guard.com
    O1 - Hosts: 127.0.0.1   008i.com
    O1 - Hosts: 127.0.0.1   www.008k.com
    O1 - Hosts: 127.0.0.1   008k.com
    O1 - Hosts: 127.0.0.1   www.00hq.com
    O1 - Hosts: 127.0.0.1   00hq.com
    O1 - Hosts: 127.0.0.1   010402.com
    O1 - Hosts: 127.0.0.1   www.032439.com
    O1 - Hosts: 127.0.0.1   032439.com
    O1 - Hosts: 127.0.0.1   www.0scan.com
    O1 - Hosts: 127.0.0.1   0scan.com
    O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1   1000gratisproben.com
    O1 - Hosts: 127.0.0.1   www.1001namen.com
    O1 - Hosts: 127.0.0.1   1001namen.com
    O1 - Hosts: 127.0.0.1   100888290cs.com
    O1 - Hosts: 127.0.0.1   www.100888290cs.com
    O1 - Hosts: 127.0.0.1   100sexlinks.com
    O1 - Hosts: 127.0.0.1   www.100sexlinks.com
    O1 - Hosts: 127.0.0.1   10sek.com
    O1 - Hosts: 127.0.0.1   www.10sek.com
    O1 - Hosts: 127.0.0.1   www.1-2005-search.com
    O1 - Hosts: 127.0.0.1   1-2005-search.com
    O1 - Hosts: 14129 more lines...

    :COMMANDS
    [resethosts]
    [purity]
    [emptytemp]
    [start explorer]

    * Click Run Fix
    * OTLI2 may ask to reboot the machine. Please do so if asked.
    * Click OK
    * A report will open. Copy and Paste that report in your next reply.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    MauiFaka

      Topic Starter


      Rookie
      Re: Malware Removal Help and Assistance Requested
      « Reply #32 on: April 27, 2011, 05:31:17 PM »
      All processes killed
      ========== OTL ==========
      127.0.0.1 localhost removed from HOSTS file successfully
      127.0.0.1 www.007guard.com removed from HOSTS file successfully
      127.0.0.1 007guard.com removed from HOSTS file successfully
      127.0.0.1 008i.com removed from HOSTS file successfully
      127.0.0.1 www.008k.com removed from HOSTS file successfully
      127.0.0.1 008k.com removed from HOSTS file successfully
      127.0.0.1 www.00hq.com removed from HOSTS file successfully
      127.0.0.1 00hq.com removed from HOSTS file successfully
      127.0.0.1 010402.com removed from HOSTS file successfully
      127.0.0.1 www.032439.com removed from HOSTS file successfully
      127.0.0.1 032439.com removed from HOSTS file successfully
      127.0.0.1 www.0scan.com removed from HOSTS file successfully
      127.0.0.1 0scan.com removed from HOSTS file successfully
      127.0.0.1 www.1000gratisproben.com removed from HOSTS file successfully
      127.0.0.1 1000gratisproben.com removed from HOSTS file successfully
      127.0.0.1 www.1001namen.com removed from HOSTS file successfully
      127.0.0.1 1001namen.com removed from HOSTS file successfully
      127.0.0.1 100888290cs.com removed from HOSTS file successfully
      127.0.0.1 100sexlinks.com removed from HOSTS file successfully
      127.0.0.1 10sek.com removed from HOSTS file successfully
      127.0.0.1 www.1-2005-search.com removed from HOSTS file successfully
      127.0.0.1 1-2005-search.com removed from HOSTS file successfully
      ========== COMMANDS ==========
      C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully
       
      [EMPTYTEMP]
       
      User: Administrator
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 67 bytes
      ->FireFox cache emptied: 3565192 bytes
       
      User: All Users
       
      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes
       
      User: LocalService
      ->Temp folder emptied: 65748 bytes
      ->Temporary Internet Files folder emptied: 32902 bytes
       
      User: NetworkService
      ->Temp folder emptied: 66016 bytes
      ->Temporary Internet Files folder emptied: 49286 bytes
       
      User: Owner
      ->Temp folder emptied: 8211847 bytes
      ->Temporary Internet Files folder emptied: 40727780 bytes
      ->Java cache emptied: 827956 bytes
      ->FireFox cache emptied: 74246591 bytes
      ->Flash cache emptied: 1966155 bytes
       
      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 2195181 bytes
      %systemroot%\System32 .tmp files removed: 1162769 bytes
      %systemroot%\System32\dllcache .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 3487765 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
      RecycleBin emptied: 150482452 bytes
       
      Total Files Cleaned = 274.00 mb
       
       
      OTL by OldTimer - Version 3.2.22.3 log created on 04272011_132304

      Files\Folders moved on Reboot...
      C:\Documents and Settings\Owner\Local Settings\Temp\AdobeARM.log moved successfully.

      Registry entries deleted on Reboot...
      Logged

      MauiFaka

        Topic Starter


        Rookie
        Re: Malware Removal Help and Assistance Requested
        « Reply #33 on: April 27, 2011, 05:39:49 PM »
        Aloha Dave,
           After clicking on links you provided in earlier posts, it appears that the re-directs have subsided and go through correctly. I hope that puts me in the free and clear with this mess. You have been terrific during this whole process. Please let me know of any further instruction. You're simply amazing with donating your time and resources to assist those in need. Mahalo.
        Logged

        SuperDave

        • Malware Removal Specialist


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Malware Removal Help and Assistance Requested
        « Reply #34 on: April 28, 2011, 11:59:58 AM »
        Ok. You can proceed with the cleanup as outlined in Reply # 20 plus this one. Please do this one last.

        To remove all of the tools we used and the files and folders they created do the following:
        Double click OTL.exe.
        • Click the CleanUp button.
        • Select Yes when the "Begin cleanup Process?" prompt appears.
        • If you are prompted to Reboot during the cleanup, select Yes.
        • The tool will delete itself once it finishes.
        Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's
        Pages: 1 2 [3]  All   Go Up
        « previous next »