Jump to content

Help with trojan.TDSS plz


Recommended Posts

cant seem to get rid of this, and i see others are having the same problems.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:17:56 PM, on 7/23/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.cartoonnetwork.com/tv_shows/starwars/games/game_02_ext.html"

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\Kevin\Desktop\Video Programs\Movies to DL\rapget.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217926645609

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://archives.gametap.com/static/cab_hea...pWebUpdater.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6058 bytes

Link to post
Share on other sites

Hello raziel82 and welcome to MalwareBytes forums.

Let's have you start this:

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

=

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

OTL

OTL logfile created on: 7/23/2009 8:35:01 PM - Run 1

OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\Kevin\Desktop\Trojan.tdss removal

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.59% Memory free

3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.17% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 62.27 Gb Free Space | 13.37% Space Free | Partition Type: NTFS

Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MONSTER

Current User Name: Kevin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2009/06/22 14:27:30 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/06/22 14:27:33 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/05/07 09:54:44 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/07/04 11:29:46 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe

PRC - [2009/06/22 14:27:33 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009/06/22 14:27:31 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2008/08/08 07:11:12 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

PRC - [2009/07/23 20:33:14 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\Trojan.tdss removal\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 19:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])

SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009/07/04 11:29:46 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])

SRV - [2009/06/22 14:27:30 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])

SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2009/06/10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])

SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2008/08/15 01:26:03 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])

SRV - [2008/08/15 01:26:09 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])

SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/04/01 20:15:57 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])

DRV - [2009/07/04 11:29:47 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

DRV - [2009/06/22 14:27:33 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

DRV - [2009/05/07 09:54:43 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [system | Running])

DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2008/05/07 20:21:40 | 04,739,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2009/04/01 20:15:56 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])

DRV - [2009/06/22 15:42:55 | 00,020,480 | ---- | M] (NT Kernel Resources) -- C:\WINDOWS\System32\DRIVERS\ndisrd.sys -- (ndisrd [On_Demand | Running])

DRV - [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])

DRV - [2009/06/10 06:03:00 | 08,087,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2007/12/25 00:32:34 | 00,054,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])

DRV - [2008/01/17 12:51:30 | 00,102,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [boot | Running])

DRV - [2007/12/25 00:32:38 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

DRV - [2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])

DRV - [2001/08/23 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])

DRV - [2001/08/23 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])

DRV - [2001/08/23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008/07/23 11:50:48 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2008/07/07 02:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2008/08/15 01:12:21 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2009/06/27 17:42:03 | 00,036,480 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\srenum.sys -- (srenum [Auto | Running])

DRV - [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [system | Running])

DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

DRV - [2009/05/05 17:26:54 | 00,024,576 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\GameTap Web Player\bin\Release\X4HSX32.Sys -- (X4HSX32 [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/22 14:28:12 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/29 21:07:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/23 20:03:34 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/03/16 11:13:38 | 00,000,000 | ---D | M]

[2008/10/13 15:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mozilla\Extensions

[2008/10/13 15:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/07/06 20:36:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2008/10/13 15:38:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/11/29 21:07:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

[2009/06/24 01:42:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2008/09/25 08:52:10 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2008/09/25 08:52:11 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2008/11/06 11:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2008/12/10 19:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2008/09/25 08:52:12 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2003/07/14 17:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL

[2008/06/30 23:02:00 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2008/09/24 20:21:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2008/09/24 20:21:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2008/09/24 20:21:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2008/09/24 20:21:16 | 00,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2008/09/24 20:21:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2008/09/24 20:21:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2008/09/24 20:21:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\RunOnce: [shockwave Updater] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm ()

O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\Kevin\Desktop\Video Programs\Movies to DL\rapget.htm File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1217926645609 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://archives.gametap.com/static/cab_hea...pWebUpdater.cab (GameTap Web Updater)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/05 03:29:07 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/05/14 17:58:47 | 00,000,153 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2009/05/14 17:58:47 | 00,000,153 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{3ce830c8-62c9-11dd-8555-b4087d8039c0}\Shell - "" = AutoRun

O33 - MountPoints2\{3ce830c8-62c9-11dd-8555-b4087d8039c0}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3ce830c8-62c9-11dd-8555-b4087d8039c0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{3ed76143-6293-11dd-8554-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{3ed76143-6293-11dd-8554-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3ed76143-6293-11dd-8554-806d6172696f}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe -- [2007/08/15 20:55:00 | 00,051,048 | R--- | M] (Activision)

O33 - MountPoints2\{3ed76143-6293-11dd-8554-806d6172696f}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe -- [2008/10/27 14:36:58 | 00,526,160 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{57041311-8043-11dd-8563-00044b028944}\Shell - "" = AutoRun

O33 - MountPoints2\{57041311-8043-11dd-8563-00044b028944}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{57041311-8043-11dd-8563-00044b028944}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{db803a94-111d-11de-8a94-00044b028944}\Shell\AutoRun\command - "" = I:\StartPortableApps.exe -- File not found

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe -- [2007/08/15 20:55:00 | 00,051,048 | R--- | M] (Activision)

O33 - MountPoints2\D\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe -- [2008/10/27 14:36:58 | 00,526,160 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- [2007/08/15 20:55:00 | 00,051,048 | R--- | M] (Activision)

O33 - MountPoints2\E\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- [2008/10/27 14:36:58 | 00,526,160 | R--- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]

[2009/07/23 20:21:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/07/23 20:20:08 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\NTREGOPT.lnk

[2009/07/23 20:20:08 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\ERUNT.lnk

[2009/07/23 20:20:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/07/23 20:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Trojan.tdss removal

[2009/07/23 20:15:32 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\aydr.sys

[2009/07/23 20:09:32 | 00,186,880 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\Kevin\Desktop\LSPFix.exe

[2009/07/23 15:55:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Upgrading BIOS

[2009/07/22 23:58:41 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\trine.exe.lnk

[2009/07/22 23:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trine

[2009/07/22 20:49:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\HijackThis.lnk

[2009/07/22 20:49:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/07/18 13:11:24 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

[2009/07/18 13:11:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009/07/18 13:11:10 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/07/18 13:11:10 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2009/07/18 13:11:10 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009/07/18 13:11:10 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009/07/18 13:10:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2009/07/18 13:10:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/07/14 21:27:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Call of Juarez - Bound in Blood

[2009/07/14 21:26:05 | 00,002,042 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Call of Juarez - Bound in Blood.lnk

[2009/07/14 19:46:32 | 00,001,684 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Peggle Nights Deluxe.lnk

[2009/07/14 19:46:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Peggle Nights Deluxe

[2009/07/14 19:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Peggle Nights Deluxe

[2009/07/14 19:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XLab

[2009/07/14 19:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Oberon Media

[2009/07/14 19:39:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/07/06 00:00:38 | 00,001,000 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to UI.lnk

[2009/06/24 01:42:10 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/06/24 01:42:10 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/06/24 01:42:10 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/06/22 15:43:12 | 00,036,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\srenum.sys

[2009/06/10 08:29:34 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/06/10 08:29:34 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/06/10 08:29:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/06/10 08:29:32 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/04/01 20:15:56 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/04/01 20:15:56 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/03/16 11:13:51 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/12/08 21:07:20 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/11/22 03:11:04 | 00,001,607 | ---- | C] () -- C:\WINDOWS\System32\Load.ini

[2008/11/06 11:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/09/03 17:10:28 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008/08/23 20:40:06 | 00,974,848 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2008/08/23 20:40:06 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll

[2008/08/23 20:40:06 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\vorbisfile.dll

[2008/08/15 01:26:38 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/08/15 01:12:21 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008/08/05 05:20:31 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/08/05 04:06:04 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/08/05 04:06:04 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/06/29 08:24:32 | 00,311,128 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2008/06/29 08:24:32 | 00,168,960 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008/06/29 08:24:31 | 01,526,468 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2008/04/28 07:55:27 | 00,162,816 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll

[2003/03/30 14:27:39 | 00,286,208 | ---- | C] () -- C:\WINDOWS\System32\Cncs232.dll

[2003/01/07 10:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/08/23 13:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini

[2001/08/23 13:00:00 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2009/07/23 20:20:08 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\NTREGOPT.lnk

[2009/07/23 20:20:08 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\ERUNT.lnk

[2009/07/23 20:15:32 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\aydr.sys

[2009/07/23 20:09:33 | 00,186,880 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\Kevin\Desktop\LSPFix.exe

[2009/07/23 20:03:13 | 00,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009/07/23 20:03:11 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/23 20:03:10 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2009/07/23 20:01:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/07/23 20:01:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/07/23 18:51:43 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/07/23 18:51:17 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/23 14:51:25 | 39,176,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/07/23 14:51:25 | 00,040,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/07/22 23:58:41 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\trine.exe.lnk

[2009/07/22 23:01:24 | 00,000,047 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

[2009/07/22 20:49:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\HijackThis.lnk

[2009/07/22 20:34:29 | 00,001,026 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg

[2009/07/19 22:48:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/07/19 16:26:24 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/07/14 21:26:05 | 00,002,042 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Call of Juarez - Bound in Blood.lnk

[2009/07/14 19:46:32 | 00,001,684 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Peggle Nights Deluxe.lnk

[2009/07/14 19:14:19 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/07/06 20:29:54 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin

[2009/07/06 00:00:38 | 00,001,000 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to UI.lnk

[2009/07/04 11:29:47 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/07/04 02:56:31 | 01,578,772 | -H-- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\IconCache.db

[2009/06/29 13:03:10 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/06/27 17:42:03 | 00,036,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\srenum.sys

[2009/06/25 20:27:03 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2009/06/25 02:13:35 | 00,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2009/07/21 01:50:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2008/10/17 22:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy

[2009/06/23 13:55:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision

[2008/10/24 15:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard

[2009/05/09 01:01:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dbg

[2009/04/01 01:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player

[2008/12/27 02:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2009/06/01 22:27:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2009/05/30 12:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

[2009/07/14 19:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/08/15 01:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2009/07/14 19:39:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab

[2009/07/14 19:39:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kevin\Application Data

[2009/06/23 13:55:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Activision

[2008/08/15 01:12:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools

[2008/08/19 21:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Gaijin Ent

[2009/07/22 03:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\GetRight

[2008/10/27 15:35:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\GlarySoft

[2008/11/02 14:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IGN_DLM

[2008/11/04 00:48:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech

[2008/09/15 00:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Legends of pirates

[2009/07/14 19:39:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oberon Media

[2008/11/24 01:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Orbit

[2008/12/27 02:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PlayFirst

[2008/12/16 13:09:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kevin\Application Data\SecuROM

[2009/04/01 20:49:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SEGA

[2009/04/01 20:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\The Path

[2009/02/10 21:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\U3

[2009/07/22 15:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\uTorrent

[2009/01/30 04:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Ventrilo

[2001/08/23 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/07/23 20:03:10 | 00,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2009/07/23 20:01:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3B92717

< End of report >

EXTRAS:

OTL Extras logfile created on: 7/23/2009 8:35:01 PM - Run 1

OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\Kevin\Desktop\Trojan.tdss removal

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.59% Memory free

3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.17% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 62.27 Gb Free Space | 13.37% Space Free | Partition Type: NTFS

Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MONSTER

Current User Name: Kevin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not Raziel82 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to C:\WINDOWS\System32\drivers\aydr.sys, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

==

Use your browser to go Threatexpert

http://www.threatexpert.com/filescan.aspx

Click the Browse button and then navigate to C:\WINDOWS\System32\drivers\aydr.sys,

click the checkbox to checkmark "I agree to be bound by the Terms and Conditions"

then click the Submit button.

Save the results, and post back here in a reply.

>

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Scan inside archives
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into your next reply

>

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:

Rookit_found.gif

then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

=

Next, Download the Microsoft

Link to post
Share on other sites

"Use your browser to go here at Virustotal website

Click the Browse button and then navigate to C:\WINDOWS\System32\drivers\aydr.sys, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply"

i can't find this file, i even typed it in manually. should i skip this step and proceed with the rest of given instructions?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.