Author Topic: Malware Removal Help and Assistance Requested (Read 24984 times)

MauiFaka · « **on:** April 21, 2011, 06:40:09 AM »

Aloha,
I am looking to do a Malware removal on my XP desktop and have begun the early process laid down by evilfantasy. I am currently stumped on Step 2. After d/l CCleaner - Slim, I open d/l and select 'Run', after a quick delay, a window pops up. The window header reads, 'NSIS Error' with the body stating...

'Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to obtain a new copy.

More information at:
http://nsis.sf.net/NSIS_Error

I have tried both links and both have the same return. I looked to contact Piriform's support center but they offered no link to start an account to ask the above question. I'm hoping that this issue is not unique and there is a solution to this to continue forward with the Malware removal process. Any help or guidance on this issue would be greatly appreciated. Thank you.

Allan · « **Reply #1 on:** April 21, 2011, 06:47:29 AM »

Try downloading from here: http://www.filehippo.com/download_ccleaner/
If still no joy, just proceed with the rest of the steps and a malware specialist will be along to help out.

MauiFaka · « **Reply #2 on:** April 21, 2011, 07:09:01 AM »

Thank you Allan. That link was successful for me.

MauiFaka · « **Reply #3 on:** April 21, 2011, 03:21:59 PM »

Ok, it appears that whatever I have on/in my system has begun to cripple my abilities to download required programs for this Malware removal process. After trying several sites and versions(older) of Superantispyware, I get this recurring pop-up when opening downloaded file for installation, 'Corrupt installation detected, check source media or re-download'. What would be a go-around for this dilemma?

Same thing is happening with Malwarebytes Anti-Malware. When installing, the following appears...

'An error occurred while trying to copy a file:
The source file is corrupted.'

A separate issue, upon firing up my rig this morning, newly installed PC Tools Firewall Plus displayed a window with the following...

'Generic Host Process for Win32 Services appears to act as a local proxy.

Is this application a local proxy?'

-Below are the details of this issue with PC Tools-

Generic Host Process for Win32 Services

Connecting Application's PID : 2292
Connecting Application's Path : C:\Program Files\Dna\Btdna.exe
Connecting Application's Port : 1050
Proxy IP : 127.0.0.1
Proxy PID : 1728
Proxy Path : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
Proxy Port : 2869
Proxy Protocol : TCP
Application Path : c:\windows\system32\svchost.exe

Would I be answering yes or no to this above application? I did a search on this and came back with a variety of explanations on it.

Again, any help on any one of these concerns would be greatly appreciated.

SuperDave · « **Reply #4 on:** April 22, 2011, 10:45:52 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
You could try booting in Safe Mode with Networking and download these programs. If that doesn't work, please use the above method to download SAS and MBAM on a clean computer and transfer them to your computer. Please post the logs.

Safe Mode

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
******************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

MauiFaka · « **Reply #5 on:** April 23, 2011, 07:34:07 AM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/23/2011 at 02:36 AM

Application Version : 4.51.1000

Core Rules Database Version : 6903
Trace Rules Database Version: 4715

Scan type : Complete Scan
Total Scan Time : 02:09:53

Memory items scanned : 695
Memory threats detected : 0
Registry items scanned : 5759
Registry threats detected : 0
File items scanned : 102147
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt

MauiFaka · « **Reply #6 on:** April 23, 2011, 07:35:08 AM »

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/23/2011 3:10:19 AM
mbam-log-2011-04-23 (03-10-19).txt

Scan type: Quick scan
Objects scanned: 148039
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MauiFaka · « **Reply #7 on:** April 23, 2011, 07:36:11 AM »

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:49:00 AM, on 4/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\WINDOWS\TEMP\E_S86.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238481082031
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 10107 bytes

MauiFaka · « **Reply #8 on:** April 23, 2011, 08:10:49 AM »

Aloha Super Dave, thank you very much in advance for your time and help with this. A few notes after using Computer Hope HijackThis process tool.

I'm currently running two firewalls, Windows Firewall and PC Tools Firewall Plus.

I'm currently also running what I believe is the latest version of HijackThis, v2.0.4

From what my research shows on the unknown files shows they are harmless and/or required for the health of computer. Hopefully I have provided accurate info for a correct assessment. Once again, thank you for your time and assistance on this matter.

SuperDave · « **Reply #9 on:** April 23, 2011, 01:16:35 PM »

P2P - I see you have P2P software installed on your machine (BitTorrent DNA). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*****************************************

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
**********************************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
***********************************************

Quote

I'm currently running two firewalls, Windows Firewall and PC Tools Firewall Plus.

That is a no-no. One will have to be disabled or uninstalled
********************************************************
This next tool that I want to use will not run with AVG on your computer. Please choose one of the other free AV's from the link below,download and install it. Then, uninstall AVG. MicroSoft Security Essentials is a good one with no hassles.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

MauiFaka · « **Reply #10 on:** April 23, 2011, 01:23:28 PM »

Super Dave, thank you for the time once again. I personally do not use P2P software. I acquired this computer with many of these programs already installed and am looking forward to deleting programs associated with P2P and then what you have also advised following the deletions. Thank you.

MauiFaka · « **Reply #11 on:** April 23, 2011, 02:25:51 PM »

Super Dave, I'm looking to install MicroSoft Security Essentials, it is asking me to uninstall my current antivirus and antispyware programs before continuing with the wizard. Your instructions were to uninstall AVG after MSE installation, making no mention of antispyware. Should I uninstall AVG and Superantispyware now and proceed w/ wizard or just AVG and proceed w/ wizard or finish installation and then uninstall one or both programs upon install completion? Please explain this step.

I'm sorry, I just want to be sure I'm following this correctly.

MauiFaka · « **Reply #12 on:** April 23, 2011, 04:46:31 PM »

Super Dave,
Ok, after several tries of trying to install and update the various antivirus programs, I was finally able to successfully install and update the Avira program.

MauiFaka · « **Reply #13 on:** April 23, 2011, 04:47:08 PM »

ComboFix 11-04-23.01 - Owner 04/23/2011 12:17:21.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2668 [GMT -10:00]
Running from: D:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-23 21:43 . 2011-04-23 21:43   --------   d-----w-   c:\program files\Avira
2011-04-23 21:43 . 2011-04-23 21:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2011-04-23 21:43 . 2011-03-05 02:11   137656   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2011-04-23 21:43 . 2011-03-05 00:37   61960   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-04-23 21:43 . 2010-06-18 00:27   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2011-04-23 21:43 . 2010-06-18 00:27   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2011-04-23 21:12 . 2011-04-23 21:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-04-23 13:21 . 2011-04-23 13:21   388096   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-23 13:21 . 2011-04-23 13:21   --------   d-----w-   c:\program files\Trend Micro
2011-04-23 12:54 . 2011-04-23 12:54   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
2011-04-23 12:52 . 2010-12-21 04:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-23 12:52 . 2011-04-23 12:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-23 12:52 . 2011-04-23 12:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-23 12:52 . 2010-12-21 04:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-23 10:08 . 2011-04-23 10:08   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-04-23 09:18 . 2011-04-23 09:20   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-04-23 08:55 . 2011-04-23 08:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-23 08:55 . 2011-04-23 08:55   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-04-23 00:51 . 2011-04-23 00:51   --------   d-----w-   c:\program files\Muiltmedia keyboard utility
2011-04-22 23:45 . 2011-04-22 23:45   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-21 13:40 . 2011-04-22 05:45   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-04-21 08:42 . 2011-04-21 08:43   --------   d-----w-   c:\documents and settings\Owner\Application Data\PCToolsFirewallPlus
2011-04-21 08:42 . 2010-11-25 20:53   160448   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-21 08:42 . 2010-03-29 21:06   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2011-04-21 08:42 . 2010-11-17 20:19   249616   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2011-04-21 08:41 . 2011-04-23 21:03   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2011-04-21 08:41 . 2011-04-21 08:42   --------   d-----w-   c:\program files\Common Files\PC Tools
2011-04-21 08:41 . 2010-11-24 19:18   89192   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-04-21 08:41 . 2010-07-08 19:49   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2011-04-21 08:41 . 2010-02-05 19:26   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2011-04-21 08:41 . 2010-11-25 20:42   124992   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2011-04-21 08:41 . 2011-04-21 08:52   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2011-04-18 06:00 . 2011-04-18 06:27   --------   d-----w-   c:\documents and settings\Owner\Application Data\vlc
2011-04-17 01:14 . 2011-04-17 01:54   --------   d-----w-   C:\Vids 2 b transferred
2011-04-17 01:11 . 2011-04-18 07:26   --------   d-----w-   C:\Recovered
2011-04-17 00:39 . 2008-04-14 00:11   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2011-04-17 00:39 . 2008-04-14 00:11   21504   ----a-w-   c:\windows\system32\hidserv.dll
2011-04-16 22:51 . 2011-04-16 22:51   --------   d-----w-   c:\program files\Recuva
2011-04-15 21:30 . 2011-04-20 23:11   --------   d-----w-   C:\pics
2011-04-15 04:11 . 2011-04-16 21:49   --------   d-----w-   C:\ITunes Music
2011-04-09 05:33 . 2011-04-09 05:34   --------   d-----w-   C:\dvd rips
2011-04-08 01:42 . 2011-04-18 20:55   --------   d-----w-   C:\YT Ready
2011-04-06 09:08 . 2011-04-06 09:08   --------   d-----w-   c:\program files\Yahoo!
2011-04-06 00:50 . 2011-04-06 00:50   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2011-04-05 22:05 . 2011-04-20 07:36   --------   d-----w-   C:\DVR *censored*
2011-04-05 21:51 . 2011-04-05 21:51   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\VHS to DVD
2011-04-05 21:37 . 2008-04-13 18:46   15232   -c--a-w-   c:\windows\system32\dllcache\mpe.sys
2011-04-05 21:37 . 2008-04-13 18:46   15232   ----a-w-   c:\windows\system32\drivers\MPE.sys
2011-04-05 21:36 . 2008-04-14 00:12   56832   ----a-w-   c:\windows\system32\MSDvbNP.ax
2011-04-05 21:36 . 2008-04-14 00:12   33280   ----a-w-   c:\windows\system32\PsisRndr.ax
2011-04-05 21:36 . 2008-04-14 00:12   18432   ----a-w-   c:\windows\system32\BdaPlgIn.ax
2011-04-05 21:36 . 2008-04-14 00:12   363520   -c--a-w-   c:\windows\system32\dllcache\psisdecd.dll
2011-04-05 21:36 . 2008-04-14 00:12   363520   ----a-w-   c:\windows\system32\PsisDecd.dll
2011-04-05 21:36 . 2008-04-13 18:46   11776   -c--a-w-   c:\windows\system32\dllcache\bdasup.sys
2011-04-05 21:36 . 2008-04-13 18:46   11776   ----a-w-   c:\windows\system32\drivers\BdaSup.sys
2011-04-05 21:28 . 2007-06-23 03:59   479232   ----a-w-   c:\windows\system32\drivers\emBDA.sys
2011-04-05 21:28 . 2007-06-23 03:57   106496   ----a-w-   c:\windows\system32\emPRP.ax
2011-04-05 21:28 . 2007-02-07 02:38   28288   ----a-w-   c:\windows\system32\drivers\emOEM.sys
2011-04-05 21:28 . 2006-12-16 02:54   61440   ----a-w-   c:\windows\emMON.exe
2011-04-05 21:28 . 2011-04-05 21:28   --------   d-----w-   c:\program files\VIDBOX NW03
2011-04-05 21:25 . 2011-04-05 21:25   --------   d-----w-   c:\program files\honestech
2011-04-05 21:25 . 2011-04-05 21:25   --------   d-----w-   c:\program files\honestech VHS to DVD 4.0 Plus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-03-31 03:20   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 10:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 10:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-03-04 03:33   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 10:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 10:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 10:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 10:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 10:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 05:59   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 10:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 10:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 10:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 10:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 07:40 . 2010-04-24 09:07   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-03 05:19 . 2010-04-24 09:07   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-03-31 03:19   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-03-31 03:19   677888   ----a-w-   c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-02-09 210208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-30 249064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-05 102400]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"FLMK08KB"="c:\program files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE" [2011-04-23 207360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-05 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 23:38   524632   ----a-w-   c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 04:07   141608   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/1/2009 1:38 PM 64160]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/23/2011 11:00 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/23/2011 11:00 AM 307288]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/20/2011 10:42 PM 249616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 8:25 AM 12872]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/23/2011 11:43 AM 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 9:06 AM 1029456]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [4/20/2011 10:41 PM 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [4/20/2011 10:41 PM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [4/20/2011 10:41 PM 124992]
S1 SASKUTIL;SASKUTIL;

S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [4/20/2011 10:42 PM 160448]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [11/15/2007 6:05 PM 151552]
S3 gstkbus;3Gstick USB Composite Device (WDM);c:\windows\system32\drivers\gstkbus.sys [3/15/2011 9:38 PM 98560]
S3 gstkserd;3Gstick Diagnostic Port Driver;c:\windows\system32\drivers\gstkserd.sys [3/15/2011 9:38 PM 100352]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [4/20/2011 10:41 PM 57536]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys --> c:\windows\system32\Drivers\VMUVC.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:38]
.
2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 22:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\
FF - prefs.js: browser.startup.homepage - hxxp://74.125.93.104/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\progra~1\AVASTS~1\Avast\WebRep\FF
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Owner\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PC Tools AntiVirus Free - D:\avinstall.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 12:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(5312)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-23 12:36:13
ComboFix-quarantined-files.txt 2011-04-23 22:36
.
Pre-Run: 101,898,731,520 bytes free
Post-Run: 102,177,054,720 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AE55C4F0A284DDA87171E4A4F4ABDB50

SuperDave · « **Reply #14 on:** April 23, 2011, 07:19:44 PM »

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

MauiFaka · « **Reply #15 on:** April 23, 2011, 07:49:57 PM »

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/04/23 15:47
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xB8448000   Size: 22144   File Visible: -   Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB7F79000   Size: 187776   File Visible: -   Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000   Size: 2154496   File Visible: -   Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA6D6000   Size: 138496   File Visible: -   Signed: -
Status: -

Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xA761E000   Size: 93952   File Visible: -   Signed: -
Status: -

Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xB8418000   Size: 16896   File Visible: -   Signed: -
Status: -

Name: aswSnx.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSnx.SYS
Address: 0xAA534000   Size: 458752   File Visible: -   Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xAA5A4000   Size: 298752   File Visible: -   Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xB8218000   Size: 40704   File Visible: -   Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7F31000   Size: 96512   File Visible: -   Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBD060000   Size: 708608   File Visible: -   Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBD012000   Size: 319488   File Visible: -   Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB6EAE000   Size: 5140480   File Visible: -   Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBD213000   Size: 3694592   File Visible: -   Signed: -
Status: -

Name: AtiHdmi.sys
Image Path: C:\WINDOWS\system32\drivers\AtiHdmi.sys
Address: 0xAACFE000   Size: 114688   File Visible: -   Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBD10D000   Size: 659456   File Visible: -   Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBD1AE000   Size: 413696   File Visible: -   Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBD599000   Size: 2252800   File Visible: -   Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBD7BF000   Size: 290816   File Visible: -   Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB869C000   Size: 3072   File Visible: -   Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0xB8628000   Size: 6144   File Visible: -   Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xA792D000   Size: 86016   File Visible: -   Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xAA5ED000   Size: 155648   File Visible: -   Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB861C000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000   Size: 12288   File Visible: -   Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA7775000   Size: 63744   File Visible: -   Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB8308000   Size: 62976   File Visible: -   Signed: -
Status: -

Name: cercsr6.sys
Image Path: cercsr6.sys
Address: 0xB8338000   Size: 29120   File Visible: -   Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xB80E8000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xB80D8000   Size: 36352   File Visible: -   Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB81D8000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA4BB000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85D6000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB7DA5000   Size: 12288   File Visible: -   Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000   Size: 73728   File Visible: -   Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB86F6000   Size: 4096   File Visible: -   Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xB6E31000   Size: 266240   File Visible: -   Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xB84B0000   Size: 27392   File Visible: -   Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB8248000   Size: 44544   File Visible: -   Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB7EF9000   Size: 129792   File Visible: -   Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB861A000   Size: 7936   File Visible: -   Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB7F49000   Size: 125056   File Visible: -   Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xB8358000   Size: 21120   File Visible: -   Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000   Size: 134400   File Visible: -   Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB6E72000   Size: 163840   File Visible: -   Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB82C8000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB83E8000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xAA518000   Size: 10368   File Visible: -   Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA6CE1000   Size: 265728   File Visible: -   Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB7425000   Size: 42112   File Visible: -   Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB82F8000   Size: 36352   File Visible: -   Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA75B000   Size: 152832   File Visible: -   Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA7DA000   Size: 75264   File Visible: -   Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xB80A8000   Size: 37248   File Visible: -   Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB83A8000   Size: 24576   File Visible: -   Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xAA819000   Size: 14592   File Visible: -   Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xB85A8000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA5FE9000   Size: 172416   File Visible: -   Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB6DEA000   Size: 143360   File Visible: -   Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB7ED0000   Size: 92928   File Visible: -   Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xB80F8000   Size: 57472   File Visible: -   Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB861E000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB83B0000   Size: 23040   File Visible: -   Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xAA50C000   Size: 12160   File Visible: -   Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xB80B8000   Size: 42368   File Visible: -   Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA6E34000   Size: 180608   File Visible: -   Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA613000   Size: 455936   File Visible: -   Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xB83F8000   Size: 19072   File Visible: -   Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8138000   Size: 35072   File Visible: -   Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB7DA1000   Size: 15488   File Visible: -   Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB7DE9000   Size: 105344   File Visible: -   Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB7E03000   Size: 182656   File Visible: -   Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB7DB9000   Size: 10112   File Visible: -   Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA797E000   Size: 14592   File Visible: -   Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB6DD3000   Size: 91520   File Visible: -   Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB8198000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB8238000   Size: 34688   File Visible: -   Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA6F8000   Size: 162816   File Visible: -   Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xB8400000   Size: 30848   File Visible: -   Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB7E30000   Size: 574976   File Visible: -   Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000   Size: 2154496   File Visible: -   Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB877A000   Size: 2944   File Visible: -   Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xB8330000   Size: 19712   File Visible: -   Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB7F68000   Size: 68224   File Visible: -   Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xB8670000   Size: 3328   File Visible: -   Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: pctgntdi.sys
Image Path: C:\WINDOWS\system32\drivers\pctgntdi.sys
Address: 0xAA720000   Size: 241408   File Visible: -   Signed: -
Status: -

Name: pctNdis-PacketFilter.sys
Image Path: C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
Address: 0xA69A5000   Size: 81920   File Visible: -   Signed: -
Status: -

Name: pctNdis.sys
Image Path: C:\WINDOWS\system32\DRIVERS\pctNdis.sys
Address: 0xB8168000   Size: 50432   File Visible: -   Signed: -
Status: -

Name: pctplfw.sys
Image Path: C:\WINDOWS\system32\drivers\pctplfw.sys
Address: 0xA68C0000   Size: 117504   File Visible: -   Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000   Size: 2154496   File Visible: -   Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAACDA000   Size: 147456   File Visible: -   Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB6DC2000   Size: 69120   File Visible: -   Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xB8398000   Size: 17792   File Visible: -   Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xB8108000   Size: 36320   File Visible: -   Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB6D58000   Size: 8832   File Visible: -   Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB73B5000   Size: 51328   File Visible: -   Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB73A5000   Size: 41472   File Visible: -   Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB7395000   Size: 48384   File Visible: -   Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xB83A0000   Size: 16512   File Visible: -   Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000   Size: 2154496   File Visible: -   Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA6AB000   Size: 175744   File Visible: -   Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB8620000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB8318000   Size: 57600   File Visible: -   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6528000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAA85D000   Size: 4575232   File Visible: -   Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xB8430000   Size: 24576   File Visible: -   Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB7F19000   Size: 98304   File Visible: -   Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB7EE7000   Size: 73472   File Visible: -   Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA6B71000   Size: 357888   File Visible: -   Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xB8428000   Size: 23040   File Visible: -   Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xB85E4000   Size: 4352   File Visible: -   Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA71FE000   Size: 60800   File Visible: -   Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA781000   Size: 361600   File Visible: -   Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xB8390000   Size: 20480   File Visible: -   Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB8148000   Size: 40704   File Visible: -   Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xAA4D3000   Size: 66048   File Visible: -   Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB6D64000   Size: 384768   File Visible: -   Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xB8498000   Size: 32128   File Visible: -   Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB85F2000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB84A8000   Size: 30208   File Visible: -   Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB81E8000   Size: 59520   File Visible: -   Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB6E0D000   Size: 147456   File Visible: -   Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xB84A0000   Size: 20608   File Visible: -   Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB83F0000   Size: 20992   File Visible: -   Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB6E9A000   Size: 81920   File Visible: -   Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xB80C8000   Size: 52352   File Visible: -   Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB8228000   Size: 34560   File Visible: -   Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xB8388000   Size: 20480   File Visible: -   Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA6FC9000   Size: 83072   File Visible: -   Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000   Size: 1859584   File Visible: -   Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000   Size: 1859584   File Visible: -   Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xB85AA000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000   Size: 2154496   File Visible: -   Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xB7EBD000   Size: 77568   File Visible: -   Signed: -
Status: -

SuperDave · « **Reply #16 on:** April 24, 2011, 12:20:45 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

MauiFaka · « **Reply #17 on:** April 24, 2011, 05:44:00 PM »

Dave,
For some reason, I cant get past downloading the updates. It will get to 98% and then display 'Error 2002' or 'Can not get update. Is proxy configured?' During one attempt, it reached 100% and then displayed 'Error 2002'. I have tried via Firefox and IE and both give the same results.

What am I missing here to get past this?

Thanks.

SuperDave · « **Reply #18 on:** April 24, 2011, 05:58:03 PM »

Let's try this one:

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

MauiFaka · « **Reply #19 on:** April 24, 2011, 06:28:54 PM »

Dave, attached is the report.

[recovering disk space - old attachment deleted by admin]

SuperDave · « **Reply #20 on:** April 24, 2011, 07:45:14 PM »

That looks good. If there are no other issues, let's do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

MauiFaka · « **Reply #21 on:** April 25, 2011, 03:04:20 PM »

Aloha Dave,
A big thank you as it appears that everything is getting back to normal with my desktop. I have a few concerns though. My desktop was the rig infected and I used my laptop as my backup to getting programs installed on desktop.

Today, I began working on the details of your last post. First thing, upon typing in ComboFix /uninstall in Run bar, nothing came back with that name or program. TFC by OldTimer worked perfectly for me. Now then, Secunia has been a little strange. Last night I begun working on your last post and was able to access Secunia just fine and did a scan and began working on updates. Upon continuance today, Secunia is no longer accessible on my desktop. On my laptop, when clicking on Secunia link within in your post, I'm redirected to the proper site to perform scan. On my desktop(one w/ issues), I'm redirected to a Geeks-to-go website with Error 404. I have tried googling the name to gain access to the site, and upon clicking on proper site, I get the same Error 404. I even typed in the address bar the exact address as shown on laptop with working page and still get Error 404 on desktop. These errors were the original point of contention with figuring my desktop had issues.

I decided to check ahead with the links provided in your last post to see if any others presented the same or similar issues. The Microsoft Windows Update link either redirects me to Superantispyware or a blank white page. I can circumvent this issue by going to start->programs and find the update there, so the update would be no issue really. On my laptop, again, I'm redirected to the proper site.

With WOT, my laptop goes to direct site. On my desktop, I'm redirected to Major Geeks. SpywareBlaster was redirected fine on both machines. Same with Spybot, both machines were redirected perfectly.

Hopefully these can be worked out or explained as to why the difference is what it is between both rigs. Dave, a hearty big mahalo for the time taken and answers given to what I thought was beyond repair. You deserve much more than a thank you by way of seeing all you have helped on here.

Edit--I was able to update to Mozilla Firefox 4.0. Adobe Reader 10 was unable to update, giving error code 13052.

SuperDave · « **Reply #22 on:** April 25, 2011, 05:46:46 PM »

Quote

Today, I began working on the details of your last post. First thing, upon typing in ComboFix /uninstall in Run bar, nothing came back with that name or program

You can check by going to your C drive to see if ComboFix is there.
You can try uninstalling Secunia and trying it again. As for the others, what browser are you using?

MauiFaka · « **Reply #23 on:** April 25, 2011, 06:15:20 PM »

I am using Mozilla Firefox 4.0. Same thing with using IE.

SuperDave · « **Reply #24 on:** April 26, 2011, 01:22:42 PM »

Did you notice if ComboFix was still on your C drive?
Let's try this to see if we can get rid of those re-directs.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

MauiFaka · « **Reply #25 on:** April 26, 2011, 02:33:49 PM »

Aloha Dave,
Yes, I was able to clear ComboFix. Below is log from GooredFix.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:30 on 26/04/2011 (Owner)
Firefox version 4.0 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [08:47 25/04/2011]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [23:36 14/09/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [00:01 04/11/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [09:07 24/04/2010]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [03:24 16/03/2011]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\
{02450954-cdd9-410f-b1da-db804e18c671} [06:56 26/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [04:45 21/04/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [20:21 26/04/2011]
{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [22:06 31/03/2009]
{e001c731-5e37-4538-a5cb-8168736a2360} [00:13 25/04/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:35 10/06/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:07 24/04/2010]
"[email protected]"="C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF" [21:00 23/04/2011]

-=E.O.F=-

SuperDave · « **Reply #26 on:** April 26, 2011, 04:59:13 PM »

I can't see anything else that could be causing the re-directs.

MauiFaka · « **Reply #27 on:** April 26, 2011, 05:24:34 PM »

Dave,
What brought me here originally was someone from the chat room had me take a look at my hosts file and had a bunch of questionable things there. I did some research and after checking my hosts file following our steps taken here, everything is still present in hosts file. My question would be this, are the re-directs and what is contained in the host file be the root or cause of the re-directs?

SuperDave · « **Reply #28 on:** April 27, 2011, 10:49:46 AM »

Ok. Let's check that out.

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

MauiFaka · « **Reply #29 on:** April 27, 2011, 02:37:53 PM »

Below is Extras.Txt

OTL Extras logfile created on: 4/27/2011 10:29:51 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 94.61 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: WOS-1394F7D3658 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C353F1-F003-815A-846B-11A49573F510}" = CCC Help Japanese
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{146381FF-4E2E-37C6-142B-96487BFFF68C}" = CCC Help Finnish
"{1C028B3C-72BB-6AF8-5023-17CADA0C68CA}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{266C3874-7805-4519-4887-7C2CC5AF7723}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29D18D4E-4A48-A2FE-D40F-BF8E9BBEF364}" = CCC Help Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3E7FB03D-1F9D-C2BF-2E3D-E1754697C1FA}" = CCC Help French
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B2F267-98D6-2100-34C9-68E0EE215DF2}" = CCC Help Korean
"{495A1231-6598-4E5E-A9F9-B281739A6021}" = honestech VHS to DVD 4.0 Plus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4DDF19-F79C-3C68-CAF2-BD67843E4D19}" = Catalyst Control Center InstallProxy
"{4B6AD13A-E60C-5DEB-0A1C-BE914FB9E6BE}" = CCC Help Turkish
"{4E58F5DE-D0E0-A363-3984-AF355ACE196F}" = CCC Help Swedish
"{4EB03D52-BB1C-98F5-7FA4-0EE0A131103B}" = Catalyst Control Center Graphics Full New
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{571138E3-595A-8B69-D89A-1D5ED30DB400}" = CCC Help Portuguese
"{5833E1EC-2D52-A08E-8316-9CF117795360}" = Catalyst Control Center HydraVision Full
"{5DAE8059-7157-63F4-5AC3-BBA571E93848}" = CCC Help Danish
"{61D4B21F-EC4D-56F5-9460-2C44D7EF46EA}" = CCC Help Dutch
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6F55031B-A4E9-B9C1-079C-4D3C229A8644}" = CCC Help Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75722E6F-FCCA-7C44-E4BB-7BC0390F65E3}" = CCC Help Chinese Standard
"{7635BF2D-18B7-3D85-D84E-4393743A13D8}" = CCC Help Italian
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{78090C44-154F-E296-3AC3-A2FC16D08DF2}" = CCC Help Greek
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{832C9764-D951-059D-05C7-E8EC41A5E510}" = ATI Problem Report Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87F12DCD-4288-29D4-C327-FE47B42D5B80}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96677085-CCD8-EE14-B9E0-407A7EF5F8B4}" = ccc-core-preinstall
"{9D7C03B7-59C9-9BE7-CE28-4CD3FEAC85CE}" = Catalyst Control Center Graphics Light
"{9DE879FB-2FE2-3D61-D4F5-F9BD33A33B0C}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A30637EC-B31B-24DA-92EF-5D7C15589D52}" = ccc-core-static
"{A4ABFA60-DE8E-4237-BDF9-4015FE673AD1}" = Nitro PDF Professional
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B055306F-39F6-C306-D71A-0D8FA334EDFD}" = CCC Help Chinese Traditional
"{B1BC4391-9F83-575D-9D5E-B2429DE7FBB2}" = CCC Help Thai
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7B280B6-E4C7-CF6A-A144-40709AFFFFAB}" = CCC Help Czech
"{B8D3BF6A-EB43-E27B-3A5C-E1563A1B92BB}" = CCC Help German
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA84775E-C53D-41F4-A0C9-B9000D1BF95B}" = honestech VHS to DVD 4.0 Plus
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7817822-57E6-7564-8400-CEF1C8DEF7CA}" = ATI AVIVO Codecs
"{CB83A428-1CEE-4E8C-8C20-3EEAFA522225}" = Franklin Access Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}" = Mindjet MindManager 8
"{D853AC86-E781-D62E-4327-E94FDF050FF4}" = ccc-utility
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF849B8D-325A-0B01-7DE9-5EC3EF48B054}" = CCC Help Polish
"{E10EF44B-BB6E-6633-5207-8A2D22A9950D}" = Catalyst Control Center Graphics Full Existing
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C757C9-C40E-07A0-9397-56A7C66F84F3}" = ATI Catalyst Install Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34307E0-E6BA-BEB7-3CF0-9EF56DF9D18F}" = Catalyst Control Center Core Implementation
"{F64B592A-C33F-4D15-5FEA-C5C0CBF358EA}" = CCC Help English
"3Gstick Modem" = 3Gstick Modem Software
"8BBB2780BBE11BA83C188DD7E5979A81A1C0C9D 7" = Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C8AFBF4F38217578E84BCEC15B9F583F6303763 9" = Windows Driver Package - Sonix (SNP2STD) Image (01/23/2008 5.7.19104.101)
"CCleaner" = CCleaner
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.4.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muiltmedia keyboard utility 1.1" = Muiltmedia keyboard utility 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"PDF-XChange 3_is1" = PDF-XChange 3
"Picasa 3" = Picasa 3
"QuickPar" = QuickPar 0.9
"Reason4_is1" = Reason 4.0
"Recuva" = Recuva
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2011 6:09:35 AM | Computer Name = WOS-1394F7D3658 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2011 8:57:14 AM | Computer Name = WOS-1394F7D3658 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2011 8:59:23 AM | Computer Name = WOS-1394F7D3658 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2011 4:28:22 PM | Computer Name = WOS-1394F7D3658 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 4/23/2011 4:29:25 PM | Computer Name = WOS-1394F7D3658 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 4/23/2011 4:41:44 PM | Computer Name = WOS-1394F7D3658 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 4/23/2011 4:42:28 PM | Computer Name = WOS-1394F7D3658 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 4/23/2011 5:04:02 PM | Computer Name = WOS-1394F7D3658 | Source = Application Hang | ID = 1002
Description = Hanging application AvastUI.exe, version 6.0.1091.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2011 5:12:13 PM | Computer Name = WOS-1394F7D3658 | Source = Microsoft Security Client | ID = 1001
Description =

Error - 4/25/2011 8:26:01 PM | Computer Name = WOS-1394F7D3658 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/27/2011 4:02:51 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:02:55 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:02:56 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:02:57 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:02:58 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:02:59 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:03:00 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:03:01 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:03:02 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 4/27/2011 4:03:02 PM | Computer Name = WOS-1394F7D3658 | Source = Service Control Manager | ID = 7023
Description = The Process Monitor service terminated with the following error: %%110

< End of report >

MauiFaka · « **Reply #30 on:** April 27, 2011, 02:39:09 PM »

Below is OTL.Txt

OTL logfile created on: 4/27/2011 10:29:51 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 94.61 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: WOS-1394F7D3658 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Muiltmedia keyboard utility\1.1\KBDAP32A.EXE ()
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
PRC - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (bepldr) -- C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe ()
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()

========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctNdisMP) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (pctNdis) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (gstkserd) -- C:\WINDOWS\system32\drivers\gstkserd.sys (MCCI)
DRV - (gstkbus) 3Gstick USB Composite Device (WDM) -- C:\WINDOWS\system32\drivers\gstkbus.sys (MCCI)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.90
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.rice.edu/proxy.pac"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2011/04/23 11:00:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 22:47:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 22:47:52 | 000,000,000 | ---D | M]

[2009/03/30 21:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/26 10:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions
[2010/03/25 20:56:10 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/04/20 18:45:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/26 10:21:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/31 12:06:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/04/24 14:13:18 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uijvqo7y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/24 22:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 23:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/15 17:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/07/22 11:16:19 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
[2011/04/23 11:00:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRA~1\AVASTS~1\AVAST\WEBREP\FF
[2010/04/23 23:07:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 07:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/09/03 14:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/31 22:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/06/28 18:09:57 | 000,408,553 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 14129 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238481082031 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/30 17:22:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/26 10:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GooredFix Backups
[2011/04/25 10:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2011/04/25 01:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/04/25 01:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2011/04/25 01:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/04/25 01:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/04/24 14:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2011/04/24 12:17:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/24 10:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/24 01:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/04/24 01:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/04/23 18:59:17 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/04/23 18:59:17 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/04/23 15:44:44 | 000,472,064 | ---- | C] ( ) -- C:\RootRepeal.exe
[2011/04/23 14:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/23 13:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/23 12:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/04/23 12:14:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/23 11:57:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/23 11:57:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/23 11:57:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/23 11:57:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/23 11:55:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/23 11:52:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/23 11:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/23 11:43:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/23 11:43:09 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/23 11:43:09 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/23 11:43:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/23 11:43:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/23 11:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/23 11:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/23 11:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/23 11:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/04/23 11:00:46 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/23 11:00:46 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/23 11:00:43 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/23 11:00:43 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/23 11:00:42 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/23 11:00:41 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/23 11:00:41 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/23 11:00:41 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/23 11:00:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/23 11:00:23 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/23 11:00:22 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/23 11:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/23 11:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/23 03:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/23 03:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/04/23 02:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/23 02:52:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/23 02:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/23 02:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/23 02:52:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/23 02:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/23 00:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/04/22 23:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/22 23:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/22 22:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/22 14:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Muiltmedia keyboard utility 1.1
[2011/04/22 14:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Muiltmedia keyboard utility
[2011/04/21 12:04:48 | 010,687,672 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\fffram.exe
[2011/04/21 11:56:32 | 035,624,744 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Owner\My Documents\SafariSetup.exe
[2011/04/21 03:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/04/21 03:19:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/04/21 03:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/20 22:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2011/04/20 22:42:20 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/04/20 22:42:20 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/04/20 22:42:18 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/04/20 22:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/20 22:41:25 | 000,089,192 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2011/04/20 22:41:25 | 000,057,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2011/04/20 22:41:25 | 000,032,808 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2011/04/20 22:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Firewall Plus
[2011/04/20 22:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/20 22:41:24 | 000,124,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2011/04/20 22:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2011/04/17 20:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011/04/17 10:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Maps
[2011/04/16 15:14:11 | 000,000,000 | ---D | C] -- C:\Vids 2 b transferred
[2011/04/16 15:11:00 | 000,000,000 | ---D | C] -- C:\Recovered
[2011/04/16 14:39:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/04/16 12:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/04/16 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/04/15 11:30:31 | 000,000,000 | ---D | C] -- C:\pics
[2011/04/14 18:11:06 | 000,000,000 | ---D | C] -- C:\ITunes Music
[2011/04/08 19:33:56 | 000,000,000 | ---D | C] -- C:\dvd rips
[2011/04/07 15:42:18 | 000,000,000 | ---D | C] -- C:\YT Ready
[2011/04/05 23:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/04/05 14:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
[2011/04/05 12:05:49 | 000,000,000 | ---D | C] -- C:\DVR *censored*
[2011/04/05 11:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VHS to DVD
[2011/04/05 11:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\HTVideoEditor
[2011/04/05 11:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VHS to DVD
[2011/04/05 11:37:09 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys
[2011/04/05 11:37:09 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011/04/05 11:36:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/04/05 11:36:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2011/04/05 11:36:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2011/04/05 11:36:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/04/05 11:28:10 | 000,479,232 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emBDA.sys
[2011/04/05 11:28:10 | 000,106,496 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emPRP.ax
[2011/04/05 11:28:10 | 000,061,440 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\emMON.exe
[2011/04/05 11:28:10 | 000,028,288 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emOEM.sys
[2011/04/05 11:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\VIDBOX NW03
[2011/04/05 11:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\honestech
[2011/04/05 11:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\honestech VHS to DVD 4.0 Plus
[2011/04/05 11:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\honestech VHS to DVD 4.0 Plus
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/27 10:12:17 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/27 10:01:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/26 10:28:48 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to GooredFix.lnk
[2011/04/25 13:38:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/25 11:38:26 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/25 01:08:15 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/04/25 01:08:15 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/04/25 00:49:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/24 22:47:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/24 22:47:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/24 11:04:45 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to esetsmartinstaller_enu.lnk
[2011/04/23 15:45:02 | 000,000,000 | ---- | M] () -- C:\settings.dat
[2011/04/23 12:14:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/23 11:43:25 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/23 11:10:20 | 000,513,008 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\avinstall.exe
[2011/04/23 11:00:42 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/23 10:19:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2011/04/23 04:18:11 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/23 04:18:11 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 03:23:27 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to sniper.exe.lnk
[2011/04/23 03:22:25 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sniper.exe (2).lnk
[2011/04/23 03:21:20 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sniper.exe.lnk
[2011/04/23 02:52:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/22 23:18:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/21 19:45:51 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2011/04/21 12:04:48 | 010,687,672 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\fffram.exe
[2011/04/21 11:56:33 | 035,624,744 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Owner\My Documents\SafariSetup.exe
[2011/04/21 03:10:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/20 22:35:43 | 000,019,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\avg scan.csv
[2011/04/19 18:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/18 07:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 07:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 07:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 07:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 07:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 07:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 07:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 07:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 07:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 07:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/16 12:51:07 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/04/16 10:32:42 | 002,818,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/05 11:25:51 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\honestech VHS to DVD 4.0 Plus.lnk
[2011/04/05 11:25:51 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\honestech VHS to DVD 4.0 Plus User Guide.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/26 10:28:48 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to GooredFix.lnk
[2011/04/25 11:40:48 | 000,513,008 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\avinstall.exe
[2011/04/25 01:08:15 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/04/25 01:08:15 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/04/24 22:47:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/24 22:47:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/24 11:04:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to esetsmartinstaller_enu.lnk
[2011/04/23 15:45:02 | 000,000,000 | ---- | C] () -- C:\settings.dat
[2011/04/23 12:14:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/23 12:14:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/23 11:57:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/23 11:57:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/23 11:57:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/23 11:57:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/23 11:57:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/23 11:43:25 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/23 10:28:43 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/23 03:23:27 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to sniper.exe.lnk
[2011/04/23 03:22:25 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sniper.exe (2).lnk
[2011/04/23 03:21:20 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sniper.exe.lnk
[2011/04/23 02:52:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/22 23:18:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/21 03:36:51 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2011/04/21 03:10:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/20 22:35:43 | 000,019,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\avg scan.csv
[2011/04/16 12:51:07 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/04/05 11:36:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/04/05 11:36:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/04/05 11:36:58 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2011/04/05 11:36:58 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/04/05 11:36:58 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2011/04/05 11:36:58 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/04/05 11:28:10 | 000,016,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\merlinC.rom
[2011/04/05 11:25:51 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\honestech VHS to DVD 4.0 Plus.lnk
[2011/04/05 11:25:51 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\honestech VHS to DVD 4.0 Plus User Guide.lnk
[2011/03/15 19:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/03/15 19:08:44 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/03/15 19:08:44 | 000,203,331 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/03/15 19:08:44 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/03/15 19:08:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2011/03/15 19:08:24 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2011/03/15 17:32:37 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/15 17:32:34 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/15 17:32:34 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/15 17:32:27 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/03/07 22:58:41 | 000,000,623 | ---- | C] () -- C:\WINDOWS\System32\Franklin Access Manager.ini
[2010/06/09 22:04:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2009/12/18 01:23:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/11/01 21:46:56 | 000,145,852 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 15:44:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/01 13:58:02 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/12 22:30:58 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 19:42:27 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/31 11:51:15 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 11:50:00 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/31 11:49:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/31 11:49:59 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/31 11:49:59 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/31 11:49:58 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/30 21:51:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/30 20:21:08 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/03/30 18:54:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/30 18:45:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/03/30 17:24:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/30 17:20:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/30 07:11:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/30 07:10:35 | 002,818,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005/03/22 08:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 08:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 00:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/23 11:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/23 10:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 19:34:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/04/01 12:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/03/22 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2009/09/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/03/31 14:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/04/27 10:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/31 13:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/10 18:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/01 13:35:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/07 20:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/13 12:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/05/10 17:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Binary Fortress Software
[2011/04/23 09:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/03/31 12:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/01 12:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/07/02 22:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2010/01/21 15:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/03/31 19:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/09/14 15:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nitro PDF
[2009/09/14 13:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/04/20 22:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2009/03/31 14:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2011/04/25 16:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2011/04/25 13:38:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

SuperDave · « **Reply #31 on:** April 27, 2011, 05:11:51 PM »

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 14129 more lines...

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

MauiFaka · « **Reply #32 on:** April 27, 2011, 05:31:17 PM »

All processes killed
========== OTL ==========
127.0.0.1 localhost removed from HOSTS file successfully
127.0.0.1 www.007guard.com removed from HOSTS file successfully
127.0.0.1 007guard.com removed from HOSTS file successfully
127.0.0.1 008i.com removed from HOSTS file successfully
127.0.0.1 www.008k.com removed from HOSTS file successfully
127.0.0.1 008k.com removed from HOSTS file successfully
127.0.0.1 www.00hq.com removed from HOSTS file successfully
127.0.0.1 00hq.com removed from HOSTS file successfully
127.0.0.1 010402.com removed from HOSTS file successfully
127.0.0.1 www.032439.com removed from HOSTS file successfully
127.0.0.1 032439.com removed from HOSTS file successfully
127.0.0.1 www.0scan.com removed from HOSTS file successfully
127.0.0.1 0scan.com removed from HOSTS file successfully
127.0.0.1 www.1000gratisproben.com removed from HOSTS file successfully
127.0.0.1 1000gratisproben.com removed from HOSTS file successfully
127.0.0.1 www.1001namen.com removed from HOSTS file successfully
127.0.0.1 1001namen.com removed from HOSTS file successfully
127.0.0.1 100888290cs.com removed from HOSTS file successfully
127.0.0.1 100sexlinks.com removed from HOSTS file successfully
127.0.0.1 10sek.com removed from HOSTS file successfully
127.0.0.1 www.1-2005-search.com removed from HOSTS file successfully
127.0.0.1 1-2005-search.com removed from HOSTS file successfully
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3565192 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Owner
->Temp folder emptied: 8211847 bytes
->Temporary Internet Files folder emptied: 40727780 bytes
->Java cache emptied: 827956 bytes
->FireFox cache emptied: 74246591 bytes
->Flash cache emptied: 1966155 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3487765 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 150482452 bytes

Total Files Cleaned = 274.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04272011_132304

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\AdobeARM.log moved successfully.

Registry entries deleted on Reboot...

MauiFaka · « **Reply #33 on:** April 27, 2011, 05:39:49 PM »

Aloha Dave,
After clicking on links you provided in earlier posts, it appears that the re-directs have subsided and go through correctly. I hope that puts me in the free and clear with this mess. You have been terrific during this whole process. Please let me know of any further instruction. You're simply amazing with donating your time and resources to assist those in need. Mahalo.

SuperDave · « **Reply #34 on:** April 28, 2011, 11:59:58 AM »

Ok. You can proceed with the cleanup as outlined in Reply # 20 plus this one. Please do this one last.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Computer Hope Forum

News:

Author Topic: Malware Removal Help and Assistance Requested (Read 24984 times)

MauiFaka

Allan

MauiFaka

MauiFaka

SuperDave

MauiFaka

MauiFaka

MauiFaka

MauiFaka

SuperDave

MauiFaka

MauiFaka

MauiFaka

MauiFaka

SuperDave

MauiFaka

SuperDave

MauiFaka

SuperDave

MauiFaka

SuperDave

MauiFaka

SuperDave

MauiFaka

SuperDave

MauiFaka

SuperDave

MauiFaka

SuperDave

MauiFaka

MauiFaka

SuperDave

MauiFaka

MauiFaka

SuperDave