Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

directrdr.com redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 TackOtis

TackOtis

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 10 July 2010 - 07:00 PM

Every time I click on a search result in google, bing, yahoo, etc. it redirects to a completely different website. Also, random pop-ups will come up that start as directrdr.com, then change to something else. What should I do?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:55 PM, on 7/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kit\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [{698A86A6-898C-B04C-D9B8-834FAADB754F}] "C:\Documents and Settings\Kit\Application Data\Ebor\xuque.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.psapoll.com/CopyGuardIE.cab
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} (TrivialPursuit Control) - http://www.worldwinn...vialpursuit.cab
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} (Jeopardy Control) - http://www.worldwinn...dy/jeopardy.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0261345F-58CD-4C2F-9B86-8F5D9A198C42}: NameServer = 68.87.71.230,68.87.73.246
O17 - HKLM\System\CS1\Services\Tcpip\..\{0261345F-58CD-4C2F-9B86-8F5D9A198C42}: NameServer = 68.87.71.230,68.87.73.246
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7309 bytes

Edited by TackOtis, 10 July 2010 - 07:07 PM.

    Advertisements

Register to Remove


#2 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 10 July 2010 - 07:07 PM

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#3 TackOtis

TackOtis

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 11 July 2010 - 06:55 AM

1. Every time I try to post a log, it fails and says "Internet Explorer cannot display the webpage."

#4 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 11 July 2010 - 10:54 AM

Hello,

Please run this tool below, and then attempt to post your logs.

Running TDSSKiller


Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.


Download TDSSKiller from one of the links below:

Zipped Version or Executable (Not Zipped) Version


Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.


Please ensure that you save the TDSSKiller file to you desktop.


If TDSSKiller asks you to close all programs please allow it to do so.


If you see the following:
To finalize removal of infection and avoid loosing of data program will reboot your PC now.
Close all programs and choose Y to restart or N to continue.


Please enter Y and allow TDSSKiller to reboot your computer.


Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.


Please post the content of the TDSSKiller log.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#5 TackOtis

TackOtis

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 11 July 2010 - 05:22 PM

OTL logfile created on: 7/10/2010 10:52:22 PM - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Kit\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 26.00% Memory free
920.00 Mb Paging File | 683.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.61 Gb Total Space | 111.77 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.24 Gb Free Space | 50.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: Kit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\CSHelper.exe ()
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kit\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (CSHelper) -- C:\WINDOWS\system32\CSHelper.exe ()
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825


[2010/02/24 20:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Mozilla\Extensions
[2010/06/13 00:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\fk63r345.default\extensions
[2010/06/05 14:45:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\fk63r345.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/20 20:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 22:32:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [{698A86A6-898C-B04C-D9B8-834FAADB754F}] C:\Documents and Settings\Kit\Application Data\Ebor\xuque.exe File not found
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinn...vialpursuit.cab (TrivialPursuit Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{1e8132ef-fd66-11de-8eec-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1e8132ef-fd66-11de-8eec-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/07/10 22:51:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
[2010/07/10 21:05:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kit\Desktop\HiJackThis.exe
[2010/07/10 20:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/10 15:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/10 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/10 15:06:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/10 15:06:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/10 15:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 05:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/07/07 05:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/06/22 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Add-in Express
[2010/06/20 00:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/16 19:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\My Documents\download
[2010/06/13 11:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Local Settings\Application Data\Threat Expert
[2010/06/13 10:29:45 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/12 20:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/12 20:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/12 14:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/06/12 12:46:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/12 12:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/12 12:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

========== Files - Modified Within 30 Days ==========

[2010/07/10 22:51:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
[2010/07/10 22:46:23 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{670440B2-6652-4BDA-86EC-35F89ADC2A7B}.job
[2010/07/10 22:43:07 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/10 22:42:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 22:42:10 | 401,068,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 22:36:00 | 003,232,604 | -H-- | M] () -- C:\Documents and Settings\Kit\Local Settings\Application Data\IconCache.db
[2010/07/10 21:55:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/10 21:28:26 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\x80hdnl4.exe
[2010/07/10 21:13:00 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Kit\NTUSER.DAT
[2010/07/10 21:04:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kit\Desktop\HiJackThis.exe
[2010/07/10 19:58:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kit\ntuser.ini
[2010/07/10 15:24:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/10 15:06:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/09 11:49:49 | 000,016,166 | ---- | M] () -- C:\Documents and Settings\Kit\My Documents\Senate.xlsx
[2010/07/05 22:04:08 | 000,125,983 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\British Open.xlsx
[2010/07/05 15:04:59 | 000,102,289 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\John Deere Classic.xlsx
[2010/07/05 12:31:11 | 000,067,337 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Pitchers.xlsx
[2010/07/05 12:24:53 | 000,009,770 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Ben.xlsx
[2010/07/04 11:10:20 | 000,045,640 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Hitters.xlsx
[2010/07/03 17:12:37 | 000,508,296 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 17:12:37 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 17:12:37 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/03 17:12:31 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Kit\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/02 21:22:24 | 000,009,168 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Book1.xlsx
[2010/07/02 21:16:47 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/30 20:50:39 | 000,018,989 | ---- | M] () -- C:\Documents and Settings\Kit\My Documents\Coll.xlsx
[2010/06/26 10:53:27 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\Kit\Application Data\wklnhst.dat
[2010/06/25 21:47:23 | 000,012,396 | ---- | M] () -- C:\Documents and Settings\Kit\My Documents\World Cup.xlsx
[2010/06/22 14:51:57 | 000,010,751 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Formulas.docx
[2010/06/21 17:03:36 | 000,010,941 | ---- | M] () -- C:\Documents and Settings\Kit\My Documents\2010 World Cup Picks.xlsx
[2010/06/13 13:30:52 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/11 23:06:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2010/07/10 21:28:26 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\x80hdnl4.exe
[2010/07/10 19:59:27 | 401,068,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 15:24:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/10 15:06:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 22:04:00 | 000,125,983 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\British Open.xlsx
[2010/07/05 15:04:58 | 000,102,289 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\John Deere Classic.xlsx
[2010/07/03 17:12:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Kit\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/21 17:03:35 | 000,010,941 | ---- | C] () -- C:\Documents and Settings\Kit\My Documents\2010 World Cup Picks.xlsx
[2010/06/13 20:49:51 | 000,012,396 | ---- | C] () -- C:\Documents and Settings\Kit\My Documents\World Cup.xlsx
[2010/06/13 10:29:56 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/05 21:18:28 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\MetaLib.dll
[2010/04/05 21:11:23 | 000,000,264 | ---- | C] () -- C:\WINDOWS\ASPEN.INI
[2010/04/05 21:11:11 | 000,409,639 | ---- | C] () -- C:\WINDOWS\System32\agdde32.dll
[2010/01/13 14:22:48 | 000,005,696 | ---- | C] () -- C:\WINDOWS\POWERUP.INI
[2010/01/13 12:01:48 | 000,010,621 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2010/01/09 18:58:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/01/09 16:56:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/01/09 16:56:17 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/01/09 16:47:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/31 21:08:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/31 21:08:20 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/31 21:08:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/31 21:08:15 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/31 21:08:15 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/01/31 21:08:15 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/01/31 21:08:09 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/12 20:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/10 22:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/11 16:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/05 16:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/13 13:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/22 12:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Add-in Express
[2010/01/10 11:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Aim
[2010/06/21 23:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Ebor
[2010/04/05 21:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\FX.Software Development
[2010/05/19 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Moyea
[2010/02/05 16:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\NCH Swift Sound
[2010/04/23 15:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Oakdale Engineering
[2010/06/11 23:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\RayV
[2010/05/23 15:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\SampleView
[2010/01/29 17:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Template
[2010/06/20 10:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Tomuga
[2010/07/10 22:46:23 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{670440B2-6652-4BDA-86EC-35F89ADC2A7B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/09 16:57:10 | 000,000,189 | ---- | M] () -- C:\audio.log
[2004/08/26 14:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/18 11:18:46 | 000,000,199 | RHS- | M] () -- C:\boot.ini
[2004/08/26 14:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/10 22:42:10 | 401,068,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/30 17:32:29 | 000,040,753 | ---- | M] () -- C:\hpfr3740.log
[2004/08/26 14:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/09 17:05:00 | 000,001,082 | -H-- | M] () -- C:\IPH.PH
[2010/04/09 22:45:57 | 000,008,046 | ---- | M] () -- C:\JavaRa.log
[2010/04/09 22:42:48 | 000,000,000 | ---- | M] () -- C:\jdk-6u19-windows-i586.exe
[2010/04/09 22:42:32 | 000,004,587 | ---- | M] () -- C:\jdk-6u19-windows-i586.exe.sdm
[2010/01/09 16:42:05 | 000,000,086 | ---- | M] () -- C:\lan.log
[2010/05/23 18:43:10 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/01/09 16:14:18 | 000,000,064 | ---- | M] () -- C:\MOVE_RECOVERY
[2004/08/26 14:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/10 09:37:50 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/09 16:57:43 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2010/07/10 22:42:09 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2010/01/09 16:35:28 | 000,000,002 | RHS- | M] () -- C:\USER

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/04 15:00:00 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-26 02:48:26

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 7/10/2010 10:52:22 PM - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Kit\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 26.00% Memory free
920.00 Mb Paging File | 683.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.61 Gb Total Space | 111.77 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.24 Gb Free Space | 50.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: Kit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UACDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- File not found
"C:\Documents and Settings\Kit\Application Data\RayV\Viewer\RayV.dll" = C:\Documents and Settings\Kit\Application Data\RayV\Viewer\RayV.dll:*:Enabled:RayV -- (RayV)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{32A3A4F4-B792-11D6-A78A-00B0D0160190}" = Java™ SE Development Kit 6 Update 19
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C26E039-BE18-4B5E-A723-45390C451819}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Channalyze" = Channalyze
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Merge Tables Wizard for Excel_is1" = Merge Tables Wizard for Excel 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Switch" = Switch Sound File Converter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/12/2010 11:01:38 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 11:01:38 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 11:01:38 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 11:01:41 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 11:01:42 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 11:01:42 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 11:01:42 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 11:02:30 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 11:02:48 PM | Computer Name = OWNER | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/12/2010 11:38:43 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 6/27/2010 9:34:25 AM | Computer Name = OWNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1295
seconds with 540 seconds of active time. This session ended with a crash.

Error - 6/27/2010 9:34:35 AM | Computer Name = OWNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1053
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/10/2010 9:14:25 PM | Computer Name = OWNER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/10/2010 9:14:28 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/10/2010 10:42:38 PM | Computer Name = OWNER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/10/2010 10:42:39 PM | Computer Name = OWNER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/10/2010 10:42:39 PM | Computer Name = OWNER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/10/2010 10:42:44 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/10/2010 10:45:09 PM | Computer Name = OWNER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/10/2010 10:45:09 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/10/2010 10:52:34 PM | Computer Name = OWNER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/10/2010 10:52:34 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-11 07:53:03
Windows 5.1.2600 Service Pack 3
Running: vebjxmim.exe; Driver: C:\DOCUME~1\Kit\LOCALS~1\Temp\kxtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\mraid35x.sys entry point in ".rsrc" section [0xF775FD94]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF57FA360, 0x1FE48D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00EA000A
.text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EE000A
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1920] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 8322CEC5

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\mraid35x.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

19:14:27:734 2852 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
19:14:27:734 2852 ================================================================================
19:14:27:734 2852 SystemInfo:

19:14:27:734 2852 OS Version: 5.1.2600 ServicePack: 3.0
19:14:27:734 2852 Product type: Workstation
19:14:27:734 2852 ComputerName: OWNER
19:14:27:734 2852 UserName: Kit
19:14:27:734 2852 Windows directory: C:\WINDOWS
19:14:27:734 2852 System windows directory: C:\WINDOWS
19:14:27:734 2852 Processor architecture: Intel x86
19:14:27:734 2852 Number of processors: 1
19:14:27:734 2852 Page size: 0x1000
19:14:27:781 2852 Boot type: Normal boot
19:14:27:781 2852 ================================================================================
19:14:29:593 2852 Initialize success
19:14:29:593 2852
19:14:29:593 2852 Scanning Services ...
19:14:31:046 2852 Raw services enum returned 317 services
19:14:31:078 2852
19:14:31:078 2852 Scanning Drivers ...
19:14:34:859 2852 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:14:35:250 2852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:14:35:484 2852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:14:35:734 2852 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:14:36:109 2852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:14:36:453 2852 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:14:36:750 2852 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:14:36:984 2852 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:14:37:234 2852 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:14:37:484 2852 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:14:37:843 2852 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:14:38:203 2852 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:14:38:609 2852 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:14:38:875 2852 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:14:39:109 2852 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:14:39:359 2852 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:14:39:609 2852 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:14:39:875 2852 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:14:40:125 2852 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:14:40:375 2852 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
19:14:40:609 2852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:14:40:890 2852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:14:41:296 2852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:14:41:531 2852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:14:41:843 2852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:14:42:078 2852 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:14:42:328 2852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:14:42:578 2852 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:14:42:812 2852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:14:43:062 2852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:14:43:359 2852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:14:43:906 2852 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:14:44:140 2852 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:14:44:406 2852 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:14:44:671 2852 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:14:44:906 2852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:14:45:156 2852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:14:45:500 2852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:14:45:718 2852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:14:45:937 2852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:14:46:171 2852 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:14:46:375 2852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:14:46:671 2852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:14:46:906 2852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:14:47:140 2852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:14:47:359 2852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:14:47:625 2852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:14:47:875 2852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:14:48:109 2852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:14:48:359 2852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:14:48:593 2852 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:14:48:906 2852 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:14:49:171 2852 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:14:49:515 2852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:14:49:843 2852 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:14:50:093 2852 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:14:50:328 2852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:14:50:578 2852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:14:50:906 2852 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:14:51:140 2852 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:14:51:359 2852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:14:51:578 2852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:14:51:781 2852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:14:52:015 2852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:14:52:265 2852 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:14:52:546 2852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:14:52:859 2852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:14:53:109 2852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:14:53:328 2852 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
19:14:53:562 2852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:14:53:812 2852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:14:54:234 2852 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:14:54:468 2852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:14:54:765 2852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:14:55:015 2852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:14:55:250 2852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:14:55:484 2852 mraid35x (dde7144db1726242a01c270ebc5ea7d7) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:14:55:484 2852 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mraid35x.sys. Real md5: dde7144db1726242a01c270ebc5ea7d7, Fake md5: 3f4bb95e5a44f3be34824e8e7caf0737
19:14:55:484 2852 File "C:\WINDOWS\system32\DRIVERS\mraid35x.sys" infected by TDSS rootkit ... 19:15:01:921 2852 Backup copy not found, trying to cure infected file..
19:15:01:921 2852 Cure success, using it..
19:15:02:000 2852 will be cured on next reboot
19:15:02:234 2852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:15:02:500 2852 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:15:02:859 2852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:15:03:093 2852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:15:03:296 2852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:15:03:500 2852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:15:03:765 2852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:15:04:031 2852 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:15:04:250 2852 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
19:15:04:484 2852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:15:04:734 2852 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:15:05:015 2852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:15:05:250 2852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:15:05:500 2852 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:15:05:734 2852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:15:05:984 2852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:15:06:218 2852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:15:06:484 2852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:15:06:843 2852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:15:07:609 2852 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:15:08:000 2852 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:15:08:234 2852 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:15:08:468 2852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:15:08:765 2852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:15:08:953 2852 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
19:15:09:156 2852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:15:09:437 2852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:15:09:812 2852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:15:10:046 2852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:15:10:468 2852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:15:10:703 2852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:15:11:765 2852 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:15:12:000 2852 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:15:12:250 2852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:15:12:500 2852 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:15:12:781 2852 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:15:13:015 2852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:15:13:265 2852 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:15:13:515 2852 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:15:13:921 2852 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:15:14:171 2852 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:15:14:406 2852 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:15:14:687 2852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:15:14:921 2852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:15:15:171 2852 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:15:15:406 2852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:15:15:703 2852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:15:15:921 2852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:15:16:156 2852 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:15:16:375 2852 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:15:16:593 2852 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:15:16:703 2852 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:15:16:734 2852 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:15:17:015 2852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:15:17:234 2852 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:15:17:468 2852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:15:17:718 2852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:15:18:187 2852 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:15:18:421 2852 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:15:18:718 2852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:15:19:046 2852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:15:19:296 2852 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:15:19:546 2852 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:15:19:812 2852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:15:20:046 2852 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:15:20:281 2852 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:15:20:531 2852 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:15:20:796 2852 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:15:21:062 2852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:15:21:328 2852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:15:21:562 2852 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:15:21:765 2852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:15:22:000 2852 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:15:22:234 2852 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:15:22:468 2852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:15:22:750 2852 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:15:23:015 2852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:15:23:265 2852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:15:23:500 2852 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:15:23:812 2852 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:15:24:046 2852 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:15:24:296 2852 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:15:24:531 2852 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:15:24:812 2852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:15:25:062 2852 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:15:25:296 2852 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:15:25:546 2852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:15:25:781 2852 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:15:26:015 2852 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:15:26:421 2852 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:15:26:671 2852 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:15:26:953 2852 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:15:27:171 2852 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:15:27:390 2852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:15:27:390 2852 Reboot required for cure complete..
19:15:27:828 2852 Cure on reboot scheduled successfully
19:15:27:828 2852
19:15:27:828 2852 Completed
19:15:27:828 2852
19:15:27:828 2852 Results:
19:15:27:828 2852 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:15:27:828 2852 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:15:27:828 2852
19:15:27:843 2852 KLMD(ARK) unloaded successfully

4. I clicked on a few search results, and they all went to the correct websites.

#6 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 11 July 2010 - 05:28 PM

Hello,

Lets run a few additional scans to ensure that their is nothing else lurking.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKCU..\Run: [{698A86A6-898C-B04C-D9B8-834FAADB754F}] C:\Documents and Settings\Kit\Application Data\Ebor\xuque.exe File not found
    O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
    O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{1e8132ef-fd66-11de-8eec-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{1e8132ef-fd66-11de-8eec-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\J\Shell - "" = AutoRun
    O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Kaspersky Online Scanner
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.





Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that is produced after running the OTL fix.
3. The log that is produced after running the MalwareBytes' Anti-Malware scan.
4. The log that is produced after running the Kaspersk Online Virus Scanner.
5. The log that is produced after running the SecurityCheck scan.
6. The log that is produced after running the OTL scan.
7. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#7 TackOtis

TackOtis

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 12 July 2010 - 07:33 AM

Every time I run the Kaspersky Scan, it stops at around the 12 minute mark, while the scanning progress is still at 0%. When I click "View Report" it is blank.

#8 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 12 July 2010 - 01:38 PM

Hello,

Please try this scanner instead.

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#9 TackOtis

TackOtis

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 12 July 2010 - 09:00 PM

2.

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF18EF.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF18F4.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF19DA.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF1C8C.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF1EB3.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF1EE2.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF1F35.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF21C7.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF221A.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2249.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF229C.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2371.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF23C4.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF24C3.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2587.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2606.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2659.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF265E.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2768.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF276D.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF27C0.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF27C5.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2818.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF281D.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2870.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2875.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF28C8.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF28CD.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2920.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2925.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2978.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF297D.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF29D0.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF29EA.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2A52.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2A57.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2AAB.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2AB0.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2B03.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2B08.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2B5B.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2B60.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2BB3.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2BB8.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2C0B.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2C11.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2C64.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2C6E.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2CC1.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2CC6.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2D3D.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2D42.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2D95.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2DA6.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2DF9.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2DFE.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2E51.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2E56.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2EA9.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2EAE.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2F01.tmp not found!
File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF2F06.tmp not found!
C:\Documents and Settings\Kit\Local Settings\Temporary Internet Files\Content.IE5\R8LF7NF3\index[6].htm moved successfully.
C:\Documents and Settings\Kit\Local Settings\Temporary Internet Files\Content.IE5\OQ0HZ8C5\iframe[2].htm moved successfully.
C:\Documents and Settings\Kit\Local Settings\Temporary Internet Files\Content.IE5\2PHDHQ70\like[1].htm moved successfully.

Registry entries deleted on Reboot...

3.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/11/2010 7:49:19 PM
mbam-log-2010-07-11 (19-49-19).txt

Scan type: Quick scan
Objects scanned: 141583
Time elapsed: 11 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\system32\wbem\svchost.exe (Trojan.Agent) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvuxone (Trojan.Hiloti) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\nvwsp32.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\GBOv.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wbem\svchost.exe (Trojan.Agent) -> Delete on reboot.

4.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\azinol.exe a variant of Win32/Kryptik.FJB trojan
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ogylbo.exe a variant of Win32/Kryptik.FJB trojan
C:\Documents and Settings\Kit\Application Data\Coixa\ovdiu.exe a variant of Win32/Kryptik.FJB trojan
C:\Documents and Settings\Owner\Application Data\Duiwci\efyq.exe a variant of Win32/Kryptik.FJB trojan
C:\My Backup -- 09-10-17 0909AM\WINDOWS\system32\awepepez.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\Temp\jar_cache3327556116292398608.tmp probably a variant of Win32/Agent trojan
C:\WINDOWS\Temp\jar_cache3460652174819736679.tmp multiple threats

5.
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java DB 10.5.3.0
Java™ 6 Update 20
Java™ SE Development Kit 6 Update 19
Adobe Flash Player
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:


``````````End of Log````````````

6.
OTL logfile created on: 7/12/2010 10:45:45 PM - Run 4
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Kit\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 137.00 Mb Available Physical Memory | 36.00% Memory free
920.00 Mb Paging File | 671.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.61 Gb Total Space | 111.06 Gb Free Space | 76.80% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.24 Gb Free Space | 50.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: Kit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\CSHelper.exe ()
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kit\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (svchost32) -- C:\WINDOWS\System32\wbem\svchost.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (CSHelper) -- C:\WINDOWS\system32\CSHelper.exe ()
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825


[2010/02/24 20:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Mozilla\Extensions
[2010/06/13 00:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\fk63r345.default\extensions
[2010/06/05 14:45:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\fk63r345.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/20 20:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 22:32:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [{698A86A6-898C-B04C-D9B8-834FAADB754F}] C:\Documents and Settings\Kit\Application Data\Coixa\ovdiu.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinn...vialpursuit.cab (TrivialPursuit Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 16:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/12 03:14:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/11 21:13:28 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/07/11 19:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\Next Post
[2010/07/11 19:31:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/11 19:13:59 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Kit\Desktop\tdsskiller.exe
[2010/07/10 22:51:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
[2010/07/10 21:05:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kit\Desktop\HiJackThis.exe
[2010/07/10 20:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/10 15:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/10 15:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/10 15:06:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/10 15:06:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/10 15:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 05:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/07/07 05:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/06/22 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Add-in Express
[2010/06/20 00:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/16 19:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\My Documents\download
[2010/06/13 11:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Local Settings\Application Data\Threat Expert
[2010/06/13 10:29:45 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old

========== Files - Modified Within 30 Days ==========

[2010/07/12 22:46:08 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{670440B2-6652-4BDA-86EC-35F89ADC2A7B}.job
[2010/07/12 22:42:58 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\SecurityCheck.exe
[2010/07/12 16:48:40 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/12 14:44:54 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Kit\NTUSER.DAT
[2010/07/12 14:44:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kit\ntuser.ini
[2010/07/12 14:44:45 | 004,303,922 | -H-- | M] () -- C:\Documents and Settings\Kit\Local Settings\Application Data\IconCache.db
[2010/07/12 10:48:39 | 000,165,765 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\British Open.xlsx
[2010/07/12 08:13:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 08:13:34 | 401,068,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 08:13:34 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/12 03:26:56 | 000,000,671 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 03:23:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/12 03:15:51 | 000,488,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/12 03:15:51 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/12 03:15:51 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/11 19:18:30 | 000,017,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\mraid35x.sys
[2010/07/11 19:14:03 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Kit\Desktop\tdsskiller.exe
[2010/07/11 18:01:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/11 12:19:21 | 000,071,572 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Pitchers.xlsx
[2010/07/11 11:30:19 | 000,045,918 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Hitters.xlsx
[2010/07/10 22:58:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\vebjxmim.exe
[2010/07/10 22:51:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
[2010/07/10 21:04:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kit\Desktop\HiJackThis.exe
[2010/07/10 15:24:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/10 15:06:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/09 11:49:49 | 000,016,166 | ---- | M] () -- C:\Documents and Settings\Kit\My Documents\Senate.xlsx
[2010/07/05 12:24:53 | 000,009,770 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Ben.xlsx
[2010/07/03 17:12:31 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Kit\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/02 21:22:24 | 000,009,168 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Book1.xlsx
[2010/06/30 20:50:39 | 000,018,989 | ---- | M] () -- C:\Documents and Settings\Kit\My Documents\Coll.xlsx
[2010/06/26 10:53:27 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\Kit\Application Data\wklnhst.dat
[2010/06/25 21:47:23 | 000,012,396 | ---- | M] () -- C:\Documents and Settings\Kit\My Documents\World Cup.xlsx
[2010/06/22 14:51:57 | 000,010,751 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Formulas.docx
[2010/06/21 17:03:36 | 000,010,941 | ---- | M] () -- C:\Documents and Settings\Kit\My Documents\2010 World Cup Picks.xlsx
[2010/06/13 13:30:52 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2010/07/12 22:42:57 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\SecurityCheck.exe
[2010/07/10 22:58:29 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\vebjxmim.exe
[2010/07/10 19:59:27 | 401,068,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 15:24:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/10 15:06:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 22:04:00 | 000,165,765 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\British Open.xlsx
[2010/07/03 17:12:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Kit\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/21 17:03:35 | 000,010,941 | ---- | C] () -- C:\Documents and Settings\Kit\My Documents\2010 World Cup Picks.xlsx
[2010/06/13 20:49:51 | 000,012,396 | ---- | C] () -- C:\Documents and Settings\Kit\My Documents\World Cup.xlsx
[2010/06/13 10:29:56 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/05 21:18:28 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\MetaLib.dll
[2010/04/05 21:11:23 | 000,000,264 | ---- | C] () -- C:\WINDOWS\ASPEN.INI
[2010/04/05 21:11:11 | 000,409,639 | ---- | C] () -- C:\WINDOWS\System32\agdde32.dll
[2010/01/13 14:22:48 | 000,005,696 | ---- | C] () -- C:\WINDOWS\POWERUP.INI
[2010/01/13 12:01:48 | 000,010,621 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2010/01/09 18:58:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/01/09 16:56:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/01/09 16:56:17 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/01/09 16:47:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/17 12:01:45 | 000,017,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\mraid35x.sys
[2006/01/31 21:08:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/31 21:08:20 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/31 21:08:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/31 21:08:15 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/31 21:08:15 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/01/31 21:08:15 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/01/31 21:08:09 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/09 16:57:10 | 000,000,189 | ---- | M] () -- C:\audio.log
[2004/08/26 14:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/18 11:18:46 | 000,000,199 | RHS- | M] () -- C:\boot.ini
[2004/08/26 14:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/12 08:13:34 | 401,068,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/30 17:32:29 | 000,040,753 | ---- | M] () -- C:\hpfr3740.log
[2004/08/26 14:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/09 17:05:00 | 000,001,082 | -H-- | M] () -- C:\IPH.PH
[2010/04/09 22:45:57 | 000,008,046 | ---- | M] () -- C:\JavaRa.log
[2010/04/09 22:42:48 | 000,000,000 | ---- | M] () -- C:\jdk-6u19-windows-i586.exe
[2010/04/09 22:42:32 | 000,004,587 | ---- | M] () -- C:\jdk-6u19-windows-i586.exe.sdm
[2010/01/09 16:42:05 | 000,000,086 | ---- | M] () -- C:\lan.log
[2010/05/23 18:43:10 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/01/09 16:14:18 | 000,000,064 | ---- | M] () -- C:\MOVE_RECOVERY
[2004/08/26 14:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/10 09:37:50 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/09 16:57:43 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2010/07/12 08:13:33 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2010/07/11 19:15:27 | 000,041,066 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_11.07.2010_19.14.27_log.txt
[2010/01/09 16:35:28 | 000,000,002 | RHS- | M] () -- C:\USER

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/04 15:00:00 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-12 07:33:09
< End of report >

7.
All searches are working fine.

#10 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 12 July 2010 - 09:17 PM

Hello,

It appears the scans have found some bad files that I did not originally see. I'm going to ask that you run a OTL fix below, update java, and run an updated MBAM scan.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    SRV - (svchost32) -- C:\WINDOWS\System32\wbem\svchost.exe File not found
    [2010/07/10 22:58:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\vebjxmim.exe
    :Files
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\azinol.exe
    C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ogylbo.exe
    C:\Documents and Settings\Kit\Application Data\Coixa\ovdiu.exe
    C:\Documents and Settings\Owner\Application Data\Duiwci\efyq.exe
    C:\My Backup -- 09-10-17 0909AM\WINDOWS\system32\awepepez.ini
    C:\WINDOWS\Temp\jar_cache3327556116292398608.tmp
    C:\WINDOWS\Temp\jar_cache3460652174819736679.tmp
    C:\WINDOWS\System32\wbem\svchost.exe
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image

    Advertisements

Register to Remove


#11 TackOtis

TackOtis

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 13 July 2010 - 07:23 AM

All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Service svchost32 stopped successfully! Service svchost32 deleted successfully! File C:\WINDOWS\System32\wbem\svchost.exe File not found not found. C:\Documents and Settings\Kit\Desktop\vebjxmim.exe moved successfully. ========== FILES ========== C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\azinol.exe moved successfully. C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ogylbo.exe moved successfully. C:\Documents and Settings\Kit\Application Data\Coixa\ovdiu.exe moved successfully. C:\Documents and Settings\Owner\Application Data\Duiwci\efyq.exe moved successfully. C:\My Backup -- 09-10-17 0909AM\WINDOWS\system32\awepepez.ini moved successfully. C:\WINDOWS\Temp\jar_cache3327556116292398608.tmp moved successfully. C:\WINDOWS\Temp\jar_cache3460652174819736679.tmp moved successfully. File\Folder C:\WINDOWS\System32\wbem\svchost.exe not found. ========== COMMANDS ========== HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Kit ->Temp folder emptied: 131877349 bytes ->Temporary Internet Files folder emptied: 140895513 bytes ->Java cache emptied: 194077 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 3654 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2570093 bytes ->Java cache emptied: 29 bytes ->Flash cache emptied: 11515 bytes User: Owner ->Temp folder emptied: 66658 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4702948 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 28632846 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 16810345 bytes Total Files Cleaned = 311.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User User: Kit ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService ->Flash cache emptied: 0 bytes User: Owner ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.9.0 log created on 07132010_085743 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\hsperfdata_Kit\1532 not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF3F47.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF3F4C.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF6956.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF695C.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF6DD2.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF6DD7.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF6F82.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF6F9C.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF83E6.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF83EB.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF9447.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DF944F.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFA573.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFA578.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFADB0.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB03A.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB0E6.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB0EC.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB13F.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB144.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB197.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB19C.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB1F0.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB1F5.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB248.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB24D.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB3AB.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB3B0.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB403.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB408.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB8A5.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFB8AA.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC152.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC18B.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC1F0.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC208.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC262.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC268.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC36D.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC372.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC3C6.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC3CB.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC41A.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC41E.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC41F.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC423.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC630.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC636.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC689.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFC68E.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFD935.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFD93A.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFE589.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFE58E.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFEE5D.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFEE62.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFF0A2.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFF0A7.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFFCF.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFFD5.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFFE6D.tmp not found! File\Folder C:\Documents and Settings\Kit\Local Settings\Temp\~DFFE72.tmp not found! C:\Documents and Settings\Kit\Local Settings\Temporary Internet Files\Content.IE5\UO20OL01\like[1].htm moved successfully. C:\Documents and Settings\Kit\Local Settings\Temporary Internet Files\Content.IE5\97Q7LOJS\iframe[2].htm moved successfully. C:\Documents and Settings\Kit\Local Settings\Temporary Internet Files\Content.IE5\47FKMTUH\index[1].htm moved successfully. Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4308 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/13/2010 9:23:58 AM mbam-log-2010-07-13 (09-23-58).txt Scan type: Quick scan Objects scanned: 141816 Time elapsed: 8 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#12 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 13 July 2010 - 08:37 AM

Hello,

Lets run one more scan to ensure we got it all. We are almost done. :)

AVP Tool by Kaspersky

IMPORTANT: Save these instructions so you can have access to them while in Safe Mode.

Download the AVP Tool by Kaspersky from Here & save it to your desktop. Be aware that this is a large file.... approximately 60mb.
  • Reboot your computer into Safe Mode

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears
    Use your up arrow key to highlight Safe Mode then press Enter


  • Double click the setup file to run it
  • Click Next to continue
  • Accept the License agreement then click Next
  • It will by default install to your desktop folder. Click Next
  • Once installed it will open a box. Click the Automatic scan tab
  • Under Automatic scan make sure the following are checked:

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors
  • My Computer
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear

  • Click on Scan at the top right hand corner
  • It will automatically neutralize any objects found
  • If some objects are left un-neutralized, click on Neutralize all
  • If you receive a message that an item cannot be neutralized then choose the Delete option when prompted
  • Once finished click the Reports button at the bottom
  • Name the file Kas & save it somewhere convenient like your desktop
  • Copy/paste only the detected Virus\malware from the report. It will be at the very top under Detected & post those results in your next reply

    Note: This program will self uninstall when you close it so save the log before closing it


Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#13 TackOtis

TackOtis

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 13 July 2010 - 04:22 PM

7/13/2010 1:56:20 PM Detected: Packed.Win32.Krap.hm C:\_OTL\MovedFiles\07132010_085743\C_Documents and Settings\Administrator\Start Menu\Programs\Startup\azinol.exe 7/13/2010 1:56:20 PM Detected: Packed.Win32.Krap.hm C:\_OTL\MovedFiles\07132010_085743\C_Documents and Settings\Default User\Start Menu\Programs\Startup\ogylbo.exe 7/13/2010 1:56:20 PM Detected: Packed.Win32.Krap.hm C:\_OTL\MovedFiles\07132010_085743\C_Documents and Settings\Kit\Application Data\Coixa\ovdiu.exe 7/13/2010 2:00:57 PM Detected: Packed.Win32.Krap.hm C:\_OTL\MovedFiles\07132010_085743\C_Documents and Settings\Owner\Application Data\Duiwci\efyq.exe 7/13/2010 2:00:58 PM Detected: Trojan-Downloader.Java.Agent.ea C:\_OTL\MovedFiles\07132010_085743\C_WINDOWS\Temp\jar_cache3327556116292398608.tmp/AppleT.class 7/13/2010 2:01:04 PM Detected: Exploit.Java.Agent.f C:\_OTL\MovedFiles\07132010_085743\C_WINDOWS\Temp\jar_cache3460652174819736679.tmp/quote/Mailvue.class 7/13/2010 2:01:09 PM Detected: Trojan-Downloader.Java.Agent.fi C:\_OTL\MovedFiles\07132010_085743\C_WINDOWS\Temp\jar_cache3460652174819736679.tmp/quote/Skypeqd.class 7/13/2010 2:01:24 PM Detected: Trojan-Downloader.Java.Agent.fi C:\_OTL\MovedFiles\07132010_085743\C_WINDOWS\Temp\jar_cache3460652174819736679.tmp/quote/Twitters.class

#14 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 13 July 2010 - 04:36 PM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



OTL Clean-Up
Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#15 TackOtis

TackOtis

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 13 July 2010 - 07:54 PM

Thanks for all your help. My computer runs great now.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users