Jump to content

HelpMe


Recommended Posts

Hello ,

And :( My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Link to post
Share on other sites

Alright here We go First the logs from OTL

OTL logfile created on: 4/22/2010 5:38:00 AM - Run 1

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFS

Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DELL

Current User Name: Daniel Briggs

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exe

PRC - [2010/04/02 11:53:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/01/26 12:23:01 | 001,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe

PRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/02/03 11:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Daniel Briggs\Desktop\procexp.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxdccoms.exe

========== Modules (SafeList) ==========

MOD - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exe

MOD - [2008/09/13 02:01:20 | 000,061,440 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\polhook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ventrilo)

SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Stopped] -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE)

SRV - [2007/05/25 05:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)

SRV - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)

SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2009/12/07 13:29:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)

DRV - [2009/09/09 19:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\xusb21.sys -- (xusb21)

DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)

DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)

DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2007/09/06 06:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvdmmg.sys -- (dvdmmg)

DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFilter.SYS -- (KMWDFilter)

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)

DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)

DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)

DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)

DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)

DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)

DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)

DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)

DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)

DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)

DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)

DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)

DRV - [2004/03/15 02:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)

DRV - [2004/03/15 02:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)

DRV - [2004/03/15 02:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)

DRV - [2004/03/15 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)

DRV - [2004/03/15 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)

DRV - [2004/03/15 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)

DRV - [2004/03/15 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)

DRV - [2004/03/15 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)

DRV - [2004/03/15 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)

DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)

DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)

DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)

DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)

DRV - [2004/03/03 11:29:00 | 001,893,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)

DRV - [2004/02/27 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)

DRV - [2004/02/13 04:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)

DRV - [2004/01/14 20:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)

DRV - [2004/01/14 20:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)

DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)

DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/

IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.fanfiction.net"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 11:53:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 16:10:24 | 000,000,000 | ---D | M]

[2009/02/10 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Extensions

[2010/04/22 03:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions

[2009/09/03 06:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/02/10 07:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/21 18:49:22 | 000,393,698 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 13597 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe KMConfig.exe File not found

O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()

O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found

O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)

O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/08/10 08:00:00 | 000,588,800 | R--- | M] (Microsoft Corporation) - E:\autochk.exe -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found

O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

O37 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/22 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010/04/11 15:58:35 | 000,000,000 | -HSD | C] -- C:\found.002

[2010/04/10 02:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities

[2010/04/10 02:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities

[2010/04/08 12:58:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/08 12:58:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/08 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/25 14:15:40 | 008,351,672 | ---- | C] (Mozilla) -- C:\Documents and Settings\Daniel Briggs\Desktop\Firefox Setup 3.6.2.exe

[2008/04/02 00:32:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll

[2008/04/02 00:32:39 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll

[2008/04/02 00:32:38 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll

[2008/04/02 00:32:38 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll

[2008/04/02 00:32:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll

[2008/04/02 00:32:37 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll

[2008/04/02 00:32:37 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll

[2008/04/02 00:32:37 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll

[2008/04/02 00:32:37 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll

[2008/04/02 00:32:36 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll

[2008/04/02 00:32:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll

[2008/04/02 00:32:34 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/22 05:39:03 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk

[2010/04/22 05:38:59 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk

[2010/04/22 02:56:32 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/04/22 02:54:07 | 000,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/04/22 02:53:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/22 02:53:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/04/22 02:53:47 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys

[2010/04/22 02:52:33 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat

[2010/04/21 18:49:22 | 000,393,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS

[2010/04/21 17:21:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\NTUSER.INI

[2010/04/21 17:21:25 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\IconCache.db

[2010/04/20 11:52:25 | 000,017,190 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C

[2010/04/17 05:14:05 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys

[2010/04/16 03:33:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/04/16 03:30:27 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW

[2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW

[2010/04/15 19:04:22 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1052525308

[2010/04/15 19:04:21 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443

[2010/04/15 19:03:31 | 000,004,786 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1743246443

[2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6

[2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6

[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/03/25 14:17:06 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/03/25 14:16:26 | 008,351,672 | ---- | M] (Mozilla) -- C:\Documents and Settings\Daniel Briggs\Desktop\Firefox Setup 3.6.2.exe

[2010/03/25 12:33:57 | 000,017,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S

[2010/03/25 12:33:56 | 000,017,170 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\2Q757bFxJ7S

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/22 05:39:03 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk

[2010/04/22 05:38:59 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk

[2010/04/21 18:38:56 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys

[2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4l2MhhmX3C

[2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C

[2010/04/16 03:30:26 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443

[2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1052525308

[2010/04/15 19:03:30 | 000,004,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1743246443

[2010/04/15 19:03:30 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW

[2010/04/15 19:02:12 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\21a34KM55vORW

[2010/04/15 19:02:12 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW

[2010/04/08 12:23:37 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6

[2010/04/08 12:14:55 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6

[2010/04/08 12:14:55 | 000,002,396 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\QsAgA3xk6

[2010/04/07 09:02:21 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat

[2010/04/06 02:00:16 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\AttendanceApr.txt

[2010/03/25 14:17:06 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/03/25 12:21:47 | 000,017,170 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\2Q757bFxJ7S

[2010/03/25 12:11:11 | 000,017,230 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\2Q757bFxJ7S

[2010/03/25 12:11:11 | 000,017,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S

[2008/12/02 18:39:53 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2008/04/02 00:45:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll

[2008/04/02 00:45:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll

[2008/04/02 00:33:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini

[2008/04/02 00:32:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll

[2008/04/02 00:32:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll

[2008/03/06 20:02:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2007/12/12 08:03:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2007/11/26 11:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI

[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI

[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI

[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI

[2007/11/26 11:13:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI

[2007/09/06 06:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys

[2006/05/01 22:38:13 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini

[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2005/04/03 07:51:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2005/04/03 07:51:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2005/04/03 07:51:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2005/02/27 13:39:41 | 000,002,766 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2004/09/22 04:24:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/09/22 04:11:34 | 000,000,957 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/09/22 03:58:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/09/22 03:58:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/09/22 03:32:50 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2002/08/29 06:00:00 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\ACLEDIT.DLL

[2002/08/29 06:00:00 | 000,109,456 | ---- | C] () -- C:\WINDOWS\System32\AVIFILE.DLL

[2002/08/29 06:00:00 | 000,069,584 | ---- | C] () -- C:\WINDOWS\System32\AVICAP.DLL

< End of report >

OTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFS

Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DELL

Current User Name: Daniel Briggs

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found

"C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)

"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found

"C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- ()

"C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- ()

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- ()

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide

"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition

"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2

"{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver

"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AV DVD Player Morpher" = AV DVD Player Morpher

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"ffdshow" = ffdshow (remove only)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master

"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs

"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan

"InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Lexmark 1300 Series" = Lexmark 1300 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSN Music Assistant" = MSN Music Assistant

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Driver" = NVIDIA Display Driver

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"QuickTime" = QuickTime

"Shockwave" = Shockwave

"SimCity2000CDv1" = SimCity 2000

Link to post
Share on other sites

GMER File next

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-22 08:07:50

Windows 5.1.2600 Service Pack 3

Running: fqd8vcj6.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pxtdapod.sys

---- System - GMER 1.0.15 ----

SSDT F8DED1FE ZwCreateKey

SSDT F8DED1F4 ZwCreateThread

SSDT F8DED203 ZwDeleteKey

SSDT F8DED20D ZwDeleteValueKey

SSDT F8DED212 ZwLoadKey

SSDT F8DED1E0 ZwOpenProcess

SSDT F8DED1E5 ZwOpenThread

SSDT F8DED21C ZwReplaceKey

SSDT F8DED217 ZwRestoreKey

SSDT F8DED208 ZwSetValueKey

SSDT F8DED1EF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF86B7794]

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C

.text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0595000A

.text C:\WINDOWS\System32\svchost.exe[1120] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0594000A

.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A

.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A

.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

.text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0131000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0132000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0130000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device -> \Driver\atapi \Device\Harddisk0\DR0 832EEB4C

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

I don't think I gave you both OTL files...

Here's Extra.txt again

OTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFS

Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DELL

Current User Name: Daniel Briggs

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found

"C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)

"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found

"C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- ()

"C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- ()

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- ()

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide

"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition

"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2

"{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver

"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AV DVD Player Morpher" = AV DVD Player Morpher

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"ffdshow" = ffdshow (remove only)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master

"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs

"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan

"InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Lexmark 1300 Series" = Lexmark 1300 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSN Music Assistant" = MSN Music Assistant

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Driver" = NVIDIA Display Driver

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"QuickTime" = QuickTime

"Shockwave" = Shockwave

"SimCity2000CDv1" = SimCity 2000

Link to post
Share on other sites

OTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFS

Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DELL

Current User Name: Daniel Briggs

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found

"C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)

"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found

"C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- ()

"C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- ()

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- ()

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide

"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition

"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2

"{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver

"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AV DVD Player Morpher" = AV DVD Player Morpher

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"ffdshow" = ffdshow (remove only)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master

"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs

"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan

"InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Lexmark 1300 Series" = Lexmark 1300 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSN Music Assistant" = MSN Music Assistant

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Driver" = NVIDIA Display Driver

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"QuickTime" = QuickTime

"Shockwave" = Shockwave

"SimCity2000CDv1" = SimCity 2000

Link to post
Share on other sites

Hello again, unfortunately you have a nasty rootkit on your computer. Please consider the following first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi again,

  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.

A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

Link to post
Share on other sites

14:54:40:750 2592 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

14:54:40:750 2592 ================================================================================

14:54:40:750 2592 SystemInfo:

14:54:40:750 2592 OS Version: 5.1.2600 ServicePack: 3.0

14:54:40:750 2592 Product type: Workstation

14:54:40:750 2592 ComputerName: DELL

14:54:40:750 2592 UserName: Daniel Briggs

14:54:40:750 2592 Windows directory: C:\WINDOWS

14:54:40:750 2592 Processor architecture: Intel x86

14:54:40:750 2592 Number of processors: 1

14:54:40:750 2592 Page size: 0x1000

14:54:40:765 2592 Boot type: Normal boot

14:54:40:765 2592 ================================================================================

14:54:41:000 2592 UnloadDriverW: NtUnloadDriver error 2

14:54:41:000 2592 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

14:54:41:750 2592 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

14:54:41:750 2592 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

14:54:41:750 2592 wfopen_ex: Trying to KLMD file open

14:54:41:750 2592 wfopen_ex: File opened ok (Flags 2)

14:54:41:750 2592 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

14:54:41:750 2592 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

14:54:41:750 2592 wfopen_ex: Trying to KLMD file open

14:54:41:750 2592 wfopen_ex: File opened ok (Flags 2)

14:54:41:750 2592 Initialize success

14:54:41:750 2592

14:54:41:765 2592 Scanning Services ...

14:54:43:015 2592 Raw services enum returned 361 services

14:54:43:015 2592

14:54:43:031 2592 Scanning Kernel memory ...

14:54:43:031 2592 Devices to scan: 4

14:54:43:031 2592

14:54:43:031 2592 Driver Name: Disk

14:54:43:031 2592 IRP_MJ_CREATE : F877EBB0

14:54:43:031 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E

14:54:43:031 2592 IRP_MJ_CLOSE : F877EBB0

14:54:43:031 2592 IRP_MJ_READ : F8778D1F

14:54:43:031 2592 IRP_MJ_WRITE : F8778D1F

14:54:43:031 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E

14:54:43:031 2592 IRP_MJ_SET_INFORMATION : 804FA88E

14:54:43:031 2592 IRP_MJ_QUERY_EA : 804FA88E

14:54:43:031 2592 IRP_MJ_SET_EA : 804FA88E

14:54:43:031 2592 IRP_MJ_FLUSH_BUFFERS : F87792E2

14:54:43:031 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E

14:54:43:031 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E

14:54:43:031 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E

14:54:43:031 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E

14:54:43:031 2592 IRP_MJ_DEVICE_CONTROL : F87793BB

14:54:43:031 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF28

14:54:43:031 2592 IRP_MJ_SHUTDOWN : F87792E2

14:54:43:031 2592 IRP_MJ_LOCK_CONTROL : 804FA88E

14:54:43:031 2592 IRP_MJ_CLEANUP : 804FA88E

14:54:43:031 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E

14:54:43:031 2592 IRP_MJ_QUERY_SECURITY : 804FA88E

14:54:43:031 2592 IRP_MJ_SET_SECURITY : 804FA88E

14:54:43:031 2592 IRP_MJ_POWER : F877AC82

14:54:43:031 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E

14:54:43:031 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E

14:54:43:031 2592 IRP_MJ_QUERY_QUOTA : 804FA88E

14:54:43:031 2592 IRP_MJ_SET_QUOTA : 804FA88E

14:54:43:078 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

14:54:43:078 2592

14:54:43:078 2592 Driver Name: Disk

14:54:43:078 2592 IRP_MJ_CREATE : F877EBB0

14:54:43:078 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E

14:54:43:078 2592 IRP_MJ_CLOSE : F877EBB0

14:54:43:078 2592 IRP_MJ_READ : F8778D1F

14:54:43:078 2592 IRP_MJ_WRITE : F8778D1F

14:54:43:078 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E

14:54:43:078 2592 IRP_MJ_SET_INFORMATION : 804FA88E

14:54:43:078 2592 IRP_MJ_QUERY_EA : 804FA88E

14:54:43:078 2592 IRP_MJ_SET_EA : 804FA88E

14:54:43:078 2592 IRP_MJ_FLUSH_BUFFERS : F87792E2

14:54:43:078 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E

14:54:43:078 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E

14:54:43:078 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E

14:54:43:078 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E

14:54:43:078 2592 IRP_MJ_DEVICE_CONTROL : F87793BB

14:54:43:078 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF28

14:54:43:078 2592 IRP_MJ_SHUTDOWN : F87792E2

14:54:43:078 2592 IRP_MJ_LOCK_CONTROL : 804FA88E

14:54:43:078 2592 IRP_MJ_CLEANUP : 804FA88E

14:54:43:078 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E

14:54:43:078 2592 IRP_MJ_QUERY_SECURITY : 804FA88E

14:54:43:078 2592 IRP_MJ_SET_SECURITY : 804FA88E

14:54:43:078 2592 IRP_MJ_POWER : F877AC82

14:54:43:078 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E

14:54:43:078 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E

14:54:43:078 2592 IRP_MJ_QUERY_QUOTA : 804FA88E

14:54:43:078 2592 IRP_MJ_SET_QUOTA : 804FA88E

14:54:43:250 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

14:54:43:250 2592

14:54:43:250 2592 Driver Name: Disk

14:54:43:250 2592 IRP_MJ_CREATE : F877EBB0

14:54:43:250 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E

14:54:43:250 2592 IRP_MJ_CLOSE : F877EBB0

14:54:43:250 2592 IRP_MJ_READ : F8778D1F

14:54:43:250 2592 IRP_MJ_WRITE : F8778D1F

14:54:43:250 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E

14:54:43:250 2592 IRP_MJ_SET_INFORMATION : 804FA88E

14:54:43:250 2592 IRP_MJ_QUERY_EA : 804FA88E

14:54:43:250 2592 IRP_MJ_SET_EA : 804FA88E

14:54:43:250 2592 IRP_MJ_FLUSH_BUFFERS : F87792E2

14:54:43:250 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E

14:54:43:250 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E

14:54:43:250 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E

14:54:43:250 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E

14:54:43:250 2592 IRP_MJ_DEVICE_CONTROL : F87793BB

14:54:43:250 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF28

14:54:43:250 2592 IRP_MJ_SHUTDOWN : F87792E2

14:54:43:250 2592 IRP_MJ_LOCK_CONTROL : 804FA88E

14:54:43:250 2592 IRP_MJ_CLEANUP : 804FA88E

14:54:43:250 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E

14:54:43:250 2592 IRP_MJ_QUERY_SECURITY : 804FA88E

14:54:43:250 2592 IRP_MJ_SET_SECURITY : 804FA88E

14:54:43:250 2592 IRP_MJ_POWER : F877AC82

14:54:43:250 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E

14:54:43:250 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E

14:54:43:250 2592 IRP_MJ_QUERY_QUOTA : 804FA88E

14:54:43:250 2592 IRP_MJ_SET_QUOTA : 804FA88E

14:54:43:265 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

14:54:43:265 2592

14:54:43:265 2592 Driver Name: atapi

14:54:43:265 2592 IRP_MJ_CREATE : 832EEB4C

14:54:43:265 2592 IRP_MJ_CREATE_NAMED_PIPE : 832EEB4C

14:54:43:265 2592 IRP_MJ_CLOSE : 832EEB4C

14:54:43:265 2592 IRP_MJ_READ : 832EEB4C

14:54:43:265 2592 IRP_MJ_WRITE : 832EEB4C

14:54:43:265 2592 IRP_MJ_QUERY_INFORMATION : 832EEB4C

14:54:43:265 2592 IRP_MJ_SET_INFORMATION : 832EEB4C

14:54:43:265 2592 IRP_MJ_QUERY_EA : 832EEB4C

14:54:43:265 2592 IRP_MJ_SET_EA : 832EEB4C

14:54:43:265 2592 IRP_MJ_FLUSH_BUFFERS : 832EEB4C

14:54:43:265 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 832EEB4C

14:54:43:265 2592 IRP_MJ_SET_VOLUME_INFORMATION : 832EEB4C

14:54:43:265 2592 IRP_MJ_DIRECTORY_CONTROL : 832EEB4C

14:54:43:265 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 832EEB4C

14:54:43:265 2592 IRP_MJ_DEVICE_CONTROL : 832EEB4C

14:54:43:265 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : 832EEB4C

14:54:43:265 2592 IRP_MJ_SHUTDOWN : 832EEB4C

14:54:43:265 2592 IRP_MJ_LOCK_CONTROL : 832EEB4C

14:54:43:265 2592 IRP_MJ_CLEANUP : 832EEB4C

14:54:43:265 2592 IRP_MJ_CREATE_MAILSLOT : 832EEB4C

14:54:43:265 2592 IRP_MJ_QUERY_SECURITY : 832EEB4C

14:54:43:265 2592 IRP_MJ_SET_SECURITY : 832EEB4C

14:54:43:265 2592 IRP_MJ_POWER : 832EEB4C

14:54:43:265 2592 IRP_MJ_SYSTEM_CONTROL : 832EEB4C

14:54:43:265 2592 IRP_MJ_DEVICE_CHANGE : 832EEB4C

14:54:43:265 2592 IRP_MJ_QUERY_QUOTA : 832EEB4C

14:54:43:265 2592 IRP_MJ_SET_QUOTA : 832EEB4C

14:54:43:265 2592 Driver "atapi" infected by TDSS rootkit!

14:54:43:265 2592 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1

14:54:43:265 2592 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 14:54:43:281 2592 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

14:54:43:281 2592 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3

14:54:43:640 2592 vfvi6

14:54:43:859 2592 !dsvbh1

14:54:47:093 2592 dsvbh2

14:54:47:093 2592 fdfb2

14:54:47:093 2592 Backup copy found, using it..

14:54:47:328 2592 will be cured on next reboot

14:54:47:343 2592 Reboot required for cure complete..

14:54:47:406 2592 Cure on reboot scheduled successfully

14:54:47:406 2592

14:54:47:406 2592 Completed

14:54:47:406 2592

14:54:47:406 2592 Results:

14:54:47:406 2592 Memory objects infected / cured / cured on reboot: 1 / 0 / 0

14:54:47:406 2592 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

14:54:47:406 2592 File objects infected / cured / cured on reboot: 1 / 0 / 1

14:54:47:406 2592

14:54:47:406 2592 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

14:54:47:406 2592 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

14:54:47:406 2592 UnloadDriverW: NtUnloadDriver error 1

14:54:47:406 2592 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-24 19:09:36

Windows 5.1.2600 Service Pack 3

Running: fqd8vcj6.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pxtdapod.sys

---- System - GMER 1.0.15 ----

SSDT F8E0B026 ZwCreateKey

SSDT F8E0B01C ZwCreateThread

SSDT F8E0B02B ZwDeleteKey

SSDT F8E0B035 ZwDeleteValueKey

SSDT F8E0B03A ZwLoadKey

SSDT F8E0B008 ZwOpenProcess

SSDT F8E0B00D ZwOpenThread

SSDT F8E0B044 ZwReplaceKey

SSDT F8E0B03F ZwRestoreKey

SSDT F8E0B030 ZwSetValueKey

SSDT F8E0B017 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat F1A75D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Things have been lots better. Here is OTL log

OTL logfile created on: 4/25/2010 11:56:28 PM - Run 3

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 11.00% Memory free

1.00 Gb Paging File | 0.00 Gb Available in Paging File | 38.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.70 Gb Total Space | 4.87 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DELL

Current User Name: Daniel Briggs

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exe

PRC - [2010/04/02 11:53:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/01/26 12:23:01 | 001,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe

PRC - [2009/09/30 18:57:20 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

PRC - [2009/07/21 15:40:24 | 000,404,737 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exe

PRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exe

PRC - [2007/06/08 11:19:22 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMCONFIG.exe

PRC - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxdccoms.exe

PRC - [2007/04/30 04:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

PRC - [2007/04/04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMProcess.exe

PRC - [2007/03/06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe

========== Modules (SafeList) ==========

MOD - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exe

MOD - [2008/09/13 02:01:20 | 000,061,440 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\polhook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ventrilo)

SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE)

SRV - [2007/05/25 05:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)

SRV - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)

SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2009/12/07 13:29:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)

DRV - [2009/09/09 19:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\xusb21.sys -- (xusb21)

DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)

DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)

DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2007/09/06 06:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvdmmg.sys -- (dvdmmg)

DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFilter.SYS -- (KMWDFilter)

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)

DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)

DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)

DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)

DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)

DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)

DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)

DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)

DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)

DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)

DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)

DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)

DRV - [2004/03/15 02:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)

DRV - [2004/03/15 02:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)

DRV - [2004/03/15 02:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)

DRV - [2004/03/15 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)

DRV - [2004/03/15 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)

DRV - [2004/03/15 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)

DRV - [2004/03/15 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)

DRV - [2004/03/15 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)

DRV - [2004/03/15 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)

DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)

DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)

DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)

DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)

DRV - [2004/03/03 11:29:00 | 001,893,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)

DRV - [2004/02/27 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)

DRV - [2004/02/13 04:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)

DRV - [2004/01/14 20:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)

DRV - [2004/01/14 20:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)

DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)

DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/

IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.fanfiction.net"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 11:53:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 16:10:24 | 000,000,000 | ---D | M]

[2009/02/10 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Extensions

[2010/04/25 03:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions

[2009/09/03 06:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/02/10 07:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/21 18:49:22 | 000,393,698 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 13597 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe KMConfig.exe File not found

O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()

O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found

O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)

O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found

O15 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/08/10 08:00:00 | 000,588,800 | R--- | M] (Microsoft Corporation) - E:\autochk.exe -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found

O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

O37 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 14:54:13 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Daniel Briggs\Desktop\TDSSKiller.exe

[2010/04/23 04:39:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/04/23 04:38:32 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp

[2010/04/11 15:58:35 | 000,000,000 | -HSD | C] -- C:\found.002

[2010/04/10 02:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities

[2010/04/10 02:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities

[2010/04/08 12:58:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/08 12:58:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/08 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/04/02 00:32:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll

[2008/04/02 00:32:39 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll

[2008/04/02 00:32:38 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll

[2008/04/02 00:32:38 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll

[2008/04/02 00:32:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll

[2008/04/02 00:32:37 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll

[2008/04/02 00:32:37 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll

[2008/04/02 00:32:37 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll

[2008/04/02 00:32:37 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll

[2008/04/02 00:32:36 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll

[2008/04/02 00:32:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll

[2008/04/02 00:32:34 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/25 20:27:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/04/25 20:27:06 | 000,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/04/25 20:26:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/25 20:26:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/04/25 20:26:21 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys

[2010/04/25 20:23:23 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat

[2010/04/25 20:22:49 | 004,313,256 | -H-- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\IconCache.db

[2010/04/24 14:53:09 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\tdsskiller.zip

[2010/04/24 09:10:17 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\ComboFix.exe

[2010/04/24 07:13:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\NTUSER.INI

[2010/04/22 05:39:03 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk

[2010/04/22 05:38:59 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk

[2010/04/21 18:49:22 | 000,393,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS

[2010/04/20 11:52:25 | 000,017,190 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C

[2010/04/17 05:14:05 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys

[2010/04/16 03:33:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/04/16 03:30:27 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW

[2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW

[2010/04/15 19:04:22 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1052525308

[2010/04/15 19:04:21 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443

[2010/04/15 19:03:31 | 000,004,786 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1743246443

[2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6

[2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6

[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 14:52:21 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\tdsskiller.zip

[2010/04/24 09:10:17 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\ComboFix.exe

[2010/04/24 07:15:08 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys

[2010/04/22 05:39:03 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk

[2010/04/22 05:38:59 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk

[2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4l2MhhmX3C

[2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C

[2010/04/16 03:30:26 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443

[2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1052525308

[2010/04/15 19:03:30 | 000,004,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1743246443

[2010/04/15 19:03:30 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW

[2010/04/15 19:02:12 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\21a34KM55vORW

[2010/04/15 19:02:12 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW

[2010/04/08 12:23:37 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6

[2010/04/08 12:14:55 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6

[2010/04/08 12:14:55 | 000,002,396 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\QsAgA3xk6

[2010/04/07 09:02:21 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat

[2010/04/06 02:00:16 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\AttendanceApr.txt

[2008/12/02 18:39:53 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2008/04/02 00:45:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll

[2008/04/02 00:45:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll

[2008/04/02 00:33:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini

[2008/04/02 00:32:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll

[2008/04/02 00:32:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll

[2008/03/06 20:02:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2007/12/12 08:03:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2007/11/26 11:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI

[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI

[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI

[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI

[2007/11/26 11:13:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI

[2007/09/06 06:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys

[2006/05/01 22:38:13 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini

[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2005/04/03 07:51:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2005/04/03 07:51:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2005/04/03 07:51:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2005/02/27 13:39:41 | 000,002,766 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2004/09/22 04:24:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/09/22 04:11:34 | 000,000,957 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/09/22 03:58:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/09/22 03:58:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/09/22 03:32:50 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2002/08/29 06:00:00 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\ACLEDIT.DLL

[2002/08/29 06:00:00 | 000,109,456 | ---- | C] () -- C:\WINDOWS\System32\AVIFILE.DLL

[2002/08/29 06:00:00 | 000,069,584 | ---- | C] () -- C:\WINDOWS\System32\AVICAP.DLL

< End of report >

Link to post
Share on other sites

Hi again,

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
    O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
    O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
    O37 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Now please rerun MBAM, update it first and run a full scan. Post me the results afterwards.

Link to post
Share on other sites

Both reports here.

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Classes\secfile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007_Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007_Classes\exefile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.DELL

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Daniel Briggs

->Temp folder emptied: 2141764314 bytes

->Temporary Internet Files folder emptied: 121670518 bytes

->Java cache emptied: 15365694 bytes

->FireFox cache emptied: 187929181 bytes

->Flash cache emptied: 1408159 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 21118368 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 41167 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1573266 bytes

->Java cache emptied: 1 bytes

->Flash cache emptied: 43805 bytes

User: Owner

%systemdrive% .tmp files removed: 2918629 bytes

%systemroot% .tmp files removed: 219321 bytes

%systemroot%\System32 .tmp files removed: 11078161 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 226526888 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23940876 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 370950 bytes

RecycleBin emptied: 5078 bytes

Total Files Cleaned = 2,628.00 mb

OTL by OldTimer - Version 3.2.2.0 log created on 04262010_071533

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Daniel Briggs\Local Settings\Temp\Perflib_Perfdata_94.dat not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4036

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/26/2010 9:43:18 AM

mbam-log-2010-04-26 (09-43-18).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)

Objects scanned: 213283

Time elapsed: 2 hour(s), 15 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi again,

How are things running now? Do you have any problems left?

Lets do one last scan to doublecheck everything is gone.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.