Promathia Posted April 22, 2010 ID:237272 Share Posted April 22, 2010 XP Security Virus been on my PC for a week or two...can't seem to get rid of it. Every time I remove it with malwarebytes seems to come back in a few weeks. Help Link to post Share on other sites More sharing options...
Promathia Posted April 22, 2010 Author ID:237273 Share Posted April 22, 2010 XP Security Virus been on my PC for a week or two...can't seem to get rid of it. Every time I remove it with malwarebytes seems to come back in a few days. Help Link to post Share on other sites More sharing options...
Elise Posted April 22, 2010 ID:237306 Share Posted April 22, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)GMER log Link to post Share on other sites More sharing options...
Promathia Posted April 22, 2010 Author ID:237370 Share Posted April 22, 2010 Alright here We go First the logs from OTLOTL logfile created on: 4/22/2010 5:38:00 AM - Run 1OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFSDrive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DELLCurrent User Name: Daniel BriggsLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exePRC - [2010/04/02 11:53:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010/01/26 12:23:01 | 001,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exePRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2009/02/03 11:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Daniel Briggs\Desktop\procexp.exePRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxdccoms.exe========== Modules (SafeList) ==========MOD - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exeMOD - [2008/09/13 02:01:20 | 000,061,440 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\polhook.dll========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- -- (Ventrilo)SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Stopped] -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE)SRV - [2007/05/25 05:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)SRV - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)========== Driver Services (SafeList) ==========DRV - [2009/12/07 13:29:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)DRV - [2009/09/09 19:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\xusb21.sys -- (xusb21)DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)DRV - [2007/09/06 06:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvdmmg.sys -- (dvdmmg)DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFilter.SYS -- (KMWDFilter)DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)DRV - [2004/03/15 02:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)DRV - [2004/03/15 02:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)DRV - [2004/03/15 02:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)DRV - [2004/03/15 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)DRV - [2004/03/15 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)DRV - [2004/03/15 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)DRV - [2004/03/15 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)DRV - [2004/03/15 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)DRV - [2004/03/15 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)DRV - [2004/03/03 11:29:00 | 001,893,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)DRV - [2004/02/27 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)DRV - [2004/02/13 04:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)DRV - [2004/01/14 20:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)DRV - [2004/01/14 20:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywayIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywayIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundIE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.startup.homepage: "www.fanfiction.net"FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 11:53:26 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 16:10:24 | 000,000,000 | ---D | M][2009/02/10 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Extensions[2010/04/22 03:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions[2009/09/03 06:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2009/02/10 07:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensionsO1 HOSTS File: ([2010/04/21 18:49:22 | 000,393,698 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTSO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.123topsearch.comO1 - Hosts: 127.0.0.1 123topsearch.comO1 - Hosts: 127.0.0.1 www.132.comO1 - Hosts: 127.0.0.1 132.comO1 - Hosts: 127.0.0.1 www.136136.netO1 - Hosts: 127.0.0.1 136136.netO1 - Hosts: 127.0.0.1 www.163ns.comO1 - Hosts: 127.0.0.1 163ns.comO1 - Hosts: 13597 more lines...O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe KMConfig.exe File not foundO4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not foundO4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not foundO4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not foundO9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O15 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..Trusted Domains: ([]msn in My Computer)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2004/08/10 08:00:00 | 000,588,800 | R--- | M] (Microsoft Corporation) - E:\autochk.exe -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not foundO37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not foundO37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not foundO37 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found========== Files/Folders - Created Within 30 Days ==========[2010/04/22 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood[2010/04/11 15:58:35 | 000,000,000 | -HSD | C] -- C:\found.002[2010/04/10 02:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities[2010/04/10 02:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities[2010/04/08 12:58:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/04/08 12:58:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/04/08 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/03/25 14:15:40 | 008,351,672 | ---- | C] (Mozilla) -- C:\Documents and Settings\Daniel Briggs\Desktop\Firefox Setup 3.6.2.exe[2008/04/02 00:32:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll[2008/04/02 00:32:39 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll[2008/04/02 00:32:38 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll[2008/04/02 00:32:38 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll[2008/04/02 00:32:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll[2008/04/02 00:32:37 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll[2008/04/02 00:32:37 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll[2008/04/02 00:32:37 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll[2008/04/02 00:32:37 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll[2008/04/02 00:32:36 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll[2008/04/02 00:32:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll[2008/04/02 00:32:34 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/04/22 05:39:03 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk[2010/04/22 05:38:59 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk[2010/04/22 02:56:32 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL[2010/04/22 02:54:07 | 000,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2010/04/22 02:53:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/04/22 02:53:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT[2010/04/22 02:53:47 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys[2010/04/22 02:52:33 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat[2010/04/21 18:49:22 | 000,393,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS[2010/04/21 17:21:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\NTUSER.INI[2010/04/21 17:21:25 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\IconCache.db[2010/04/20 11:52:25 | 000,017,190 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C[2010/04/17 05:14:05 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys[2010/04/16 03:33:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/04/16 03:30:27 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI[2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW[2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW[2010/04/15 19:04:22 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1052525308[2010/04/15 19:04:21 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443[2010/04/15 19:03:31 | 000,004,786 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1743246443[2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6[2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/03/25 14:17:06 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/03/25 14:16:26 | 008,351,672 | ---- | M] (Mozilla) -- C:\Documents and Settings\Daniel Briggs\Desktop\Firefox Setup 3.6.2.exe[2010/03/25 12:33:57 | 000,017,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S[2010/03/25 12:33:56 | 000,017,170 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\2Q757bFxJ7S[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ]========== Files Created - No Company Name ==========[2010/04/22 05:39:03 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk[2010/04/22 05:38:59 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk[2010/04/21 18:38:56 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys[2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4l2MhhmX3C[2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C[2010/04/16 03:30:26 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI[2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443[2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1052525308[2010/04/15 19:03:30 | 000,004,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1743246443[2010/04/15 19:03:30 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW[2010/04/15 19:02:12 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\21a34KM55vORW[2010/04/15 19:02:12 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW[2010/04/08 12:23:37 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6[2010/04/08 12:14:55 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6[2010/04/08 12:14:55 | 000,002,396 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\QsAgA3xk6[2010/04/07 09:02:21 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat[2010/04/06 02:00:16 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\AttendanceApr.txt[2010/03/25 14:17:06 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/03/25 12:21:47 | 000,017,170 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\2Q757bFxJ7S[2010/03/25 12:11:11 | 000,017,230 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\2Q757bFxJ7S[2010/03/25 12:11:11 | 000,017,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S[2008/12/02 18:39:53 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll[2008/04/02 00:45:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll[2008/04/02 00:45:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll[2008/04/02 00:33:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini[2008/04/02 00:32:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll[2008/04/02 00:32:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll[2008/03/06 20:02:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini[2007/12/12 08:03:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI[2007/11/26 11:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI[2007/11/26 11:13:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI[2007/09/06 06:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys[2006/05/01 22:38:13 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll[2005/04/03 07:51:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll[2005/04/03 07:51:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll[2005/04/03 07:51:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll[2005/02/27 13:39:41 | 000,002,766 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini[2004/09/22 04:24:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2004/09/22 04:11:34 | 000,000,957 | ---- | C] () -- C:\WINDOWS\wininit.ini[2004/09/22 03:58:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2004/09/22 03:58:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2004/09/22 03:32:50 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll[2002/08/29 06:00:00 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\ACLEDIT.DLL[2002/08/29 06:00:00 | 000,109,456 | ---- | C] () -- C:\WINDOWS\System32\AVIFILE.DLL[2002/08/29 06:00:00 | 000,069,584 | ---- | C] () -- C:\WINDOWS\System32\AVICAP.DLL< End of report >OTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFSDrive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DELLCurrent User Name: Daniel BriggsLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- Reg Error: Value error. File not found[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found[HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>].exe [@ = exefile] -- Reg Error: Key error. File not found.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusOverride" = 1"FirewallOverride" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found"C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found"C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( )"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- ()"C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- ()"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- ()"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2"{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"AV DVD Player Morpher" = AV DVD Player Morpher"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver"ffdshow" = ffdshow (remove only)"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan"InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem"Lexmark 1300 Series" = Lexmark 1300 Series"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MSN Music Assistant" = MSN Music Assistant"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA Display Driver" = NVIDIA Display Driver"OggDS" = Direct Show Ogg Vorbis Filter (remove only)"QuickTime" = QuickTime"Shockwave" = Shockwave"SimCity2000CDv1" = SimCity 2000 Link to post Share on other sites More sharing options...
Promathia Posted April 22, 2010 Author ID:237375 Share Posted April 22, 2010 GMER File nextGMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-04-22 08:07:50Windows 5.1.2600 Service Pack 3Running: fqd8vcj6.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pxtdapod.sys---- System - GMER 1.0.15 ----SSDT F8DED1FE ZwCreateKeySSDT F8DED1F4 ZwCreateThreadSSDT F8DED203 ZwDeleteKeySSDT F8DED20D ZwDeleteValueKeySSDT F8DED212 ZwLoadKeySSDT F8DED1E0 ZwOpenProcessSSDT F8DED1E5 ZwOpenThreadSSDT F8DED21C ZwReplaceKeySSDT F8DED217 ZwRestoreKeySSDT F8DED208 ZwSetValueKeySSDT F8DED1EF ZwTerminateProcess---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF86B7794]? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84].text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0595000A .text C:\WINDOWS\System32\svchost.exe[1120] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0594000A .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C .text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0131000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0132000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0130000C ---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device -> \Driver\atapi \Device\Harddisk0\DR0 832EEB4C---- Files - GMER 1.0.15 ----File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
Promathia Posted April 22, 2010 Author ID:237399 Share Posted April 22, 2010 I don't think I gave you both OTL files... Here's Extra.txt againOTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFSDrive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DELLCurrent User Name: Daniel BriggsLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- Reg Error: Value error. File not found[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found[HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>].exe [@ = exefile] -- Reg Error: Key error. File not found.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusOverride" = 1"FirewallOverride" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found"C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found"C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( )"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- ()"C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- ()"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- ()"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2"{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"AV DVD Player Morpher" = AV DVD Player Morpher"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver"ffdshow" = ffdshow (remove only)"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan"InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem"Lexmark 1300 Series" = Lexmark 1300 Series"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MSN Music Assistant" = MSN Music Assistant"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA Display Driver" = NVIDIA Display Driver"OggDS" = Direct Show Ogg Vorbis Filter (remove only)"QuickTime" = QuickTime"Shockwave" = Shockwave"SimCity2000CDv1" = SimCity 2000 Link to post Share on other sites More sharing options...
Promathia Posted April 22, 2010 Author ID:237401 Share Posted April 22, 2010 OTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFSDrive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DELLCurrent User Name: Daniel BriggsLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- Reg Error: Value error. File not found[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found[HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>].exe [@ = exefile] -- Reg Error: Key error. File not found.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusOverride" = 1"FirewallOverride" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found"C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found"C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( )"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- ()"C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- ()"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- ()"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2"{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"AV DVD Player Morpher" = AV DVD Player Morpher"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver"ffdshow" = ffdshow (remove only)"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan"InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem"Lexmark 1300 Series" = Lexmark 1300 Series"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MSN Music Assistant" = MSN Music Assistant"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA Display Driver" = NVIDIA Display Driver"OggDS" = Direct Show Ogg Vorbis Filter (remove only)"QuickTime" = QuickTime"Shockwave" = Shockwave"SimCity2000CDv1" = SimCity 2000 Link to post Share on other sites More sharing options...
Elise Posted April 22, 2010 ID:237407 Share Posted April 22, 2010 Hello again, unfortunately you have a nasty rootkit on your computer. Please consider the following first.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
Promathia Posted April 23, 2010 Author ID:237911 Share Posted April 23, 2010 When I tried to run ComboFix Would say that I had my antivirus up even when I'd closed the umbrella as it were...when I then tried to run got an error stating C:\32788r~1 not in correct placeinform sUBs now. Link to post Share on other sites More sharing options...
Elise Posted April 24, 2010 ID:238459 Share Posted April 24, 2010 Can you please try to run Combofix from Safe mode? Link to post Share on other sites More sharing options...
Promathia Posted April 24, 2010 Author ID:238508 Share Posted April 24, 2010 Same problem in safe mode. Says Antivir is running when it doesn't seem to be then same not in correct place error. Link to post Share on other sites More sharing options...
Elise Posted April 24, 2010 ID:238529 Share Posted April 24, 2010 Can you please delete that copy and download a new one and try to run it? as long as you have stopped Avira, you can safely ignore that warning. Link to post Share on other sites More sharing options...
Promathia Posted April 24, 2010 Author ID:238541 Share Posted April 24, 2010 Same Deal...Deleted and Redownloaded, Tried in regular and safe mode and get same error...says can't run because of antivir then when I try to just hit ok and go by gives that error then shuts down Link to post Share on other sites More sharing options...
Elise Posted April 24, 2010 ID:238647 Share Posted April 24, 2010 Hi again,Please download TDSSKiller.zip and save it to your desktop.Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!Click Start > Run and copy paste the following bolded text in the run box"%userprofile%\desktop\tdsskiller.exe" -l report.txtWhen it finished press any key to continue.If needed reboot the computer.A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply. Link to post Share on other sites More sharing options...
Promathia Posted April 24, 2010 Author ID:238657 Share Posted April 24, 2010 14:54:40:750 2592 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:0414:54:40:750 2592 ================================================================================14:54:40:750 2592 SystemInfo:14:54:40:750 2592 OS Version: 5.1.2600 ServicePack: 3.014:54:40:750 2592 Product type: Workstation14:54:40:750 2592 ComputerName: DELL14:54:40:750 2592 UserName: Daniel Briggs14:54:40:750 2592 Windows directory: C:\WINDOWS14:54:40:750 2592 Processor architecture: Intel x8614:54:40:750 2592 Number of processors: 114:54:40:750 2592 Page size: 0x100014:54:40:765 2592 Boot type: Normal boot14:54:40:765 2592 ================================================================================14:54:41:000 2592 UnloadDriverW: NtUnloadDriver error 214:54:41:000 2592 ForceUnloadDriverW: UnloadDriverW(klmd21) error 214:54:41:750 2592 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system14:54:41:750 2592 wfopen_ex: MyNtCreateFileW error 32 (C0000043)14:54:41:750 2592 wfopen_ex: Trying to KLMD file open14:54:41:750 2592 wfopen_ex: File opened ok (Flags 2)14:54:41:750 2592 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software14:54:41:750 2592 wfopen_ex: MyNtCreateFileW error 32 (C0000043)14:54:41:750 2592 wfopen_ex: Trying to KLMD file open14:54:41:750 2592 wfopen_ex: File opened ok (Flags 2)14:54:41:750 2592 Initialize success14:54:41:750 2592 14:54:41:765 2592 Scanning Services ...14:54:43:015 2592 Raw services enum returned 361 services14:54:43:015 2592 14:54:43:031 2592 Scanning Kernel memory ...14:54:43:031 2592 Devices to scan: 414:54:43:031 2592 14:54:43:031 2592 Driver Name: Disk14:54:43:031 2592 IRP_MJ_CREATE : F877EBB014:54:43:031 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E14:54:43:031 2592 IRP_MJ_CLOSE : F877EBB014:54:43:031 2592 IRP_MJ_READ : F8778D1F14:54:43:031 2592 IRP_MJ_WRITE : F8778D1F14:54:43:031 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E14:54:43:031 2592 IRP_MJ_SET_INFORMATION : 804FA88E14:54:43:031 2592 IRP_MJ_QUERY_EA : 804FA88E14:54:43:031 2592 IRP_MJ_SET_EA : 804FA88E14:54:43:031 2592 IRP_MJ_FLUSH_BUFFERS : F87792E214:54:43:031 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E14:54:43:031 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E14:54:43:031 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E14:54:43:031 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E14:54:43:031 2592 IRP_MJ_DEVICE_CONTROL : F87793BB14:54:43:031 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF2814:54:43:031 2592 IRP_MJ_SHUTDOWN : F87792E214:54:43:031 2592 IRP_MJ_LOCK_CONTROL : 804FA88E14:54:43:031 2592 IRP_MJ_CLEANUP : 804FA88E14:54:43:031 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E14:54:43:031 2592 IRP_MJ_QUERY_SECURITY : 804FA88E14:54:43:031 2592 IRP_MJ_SET_SECURITY : 804FA88E14:54:43:031 2592 IRP_MJ_POWER : F877AC8214:54:43:031 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E14:54:43:031 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E14:54:43:031 2592 IRP_MJ_QUERY_QUOTA : 804FA88E14:54:43:031 2592 IRP_MJ_SET_QUOTA : 804FA88E14:54:43:078 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 114:54:43:078 2592 14:54:43:078 2592 Driver Name: Disk14:54:43:078 2592 IRP_MJ_CREATE : F877EBB014:54:43:078 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E14:54:43:078 2592 IRP_MJ_CLOSE : F877EBB014:54:43:078 2592 IRP_MJ_READ : F8778D1F14:54:43:078 2592 IRP_MJ_WRITE : F8778D1F14:54:43:078 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E14:54:43:078 2592 IRP_MJ_SET_INFORMATION : 804FA88E14:54:43:078 2592 IRP_MJ_QUERY_EA : 804FA88E14:54:43:078 2592 IRP_MJ_SET_EA : 804FA88E14:54:43:078 2592 IRP_MJ_FLUSH_BUFFERS : F87792E214:54:43:078 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E14:54:43:078 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E14:54:43:078 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E14:54:43:078 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E14:54:43:078 2592 IRP_MJ_DEVICE_CONTROL : F87793BB14:54:43:078 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF2814:54:43:078 2592 IRP_MJ_SHUTDOWN : F87792E214:54:43:078 2592 IRP_MJ_LOCK_CONTROL : 804FA88E14:54:43:078 2592 IRP_MJ_CLEANUP : 804FA88E14:54:43:078 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E14:54:43:078 2592 IRP_MJ_QUERY_SECURITY : 804FA88E14:54:43:078 2592 IRP_MJ_SET_SECURITY : 804FA88E14:54:43:078 2592 IRP_MJ_POWER : F877AC8214:54:43:078 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E14:54:43:078 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E14:54:43:078 2592 IRP_MJ_QUERY_QUOTA : 804FA88E14:54:43:078 2592 IRP_MJ_SET_QUOTA : 804FA88E14:54:43:250 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 114:54:43:250 2592 14:54:43:250 2592 Driver Name: Disk14:54:43:250 2592 IRP_MJ_CREATE : F877EBB014:54:43:250 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E14:54:43:250 2592 IRP_MJ_CLOSE : F877EBB014:54:43:250 2592 IRP_MJ_READ : F8778D1F14:54:43:250 2592 IRP_MJ_WRITE : F8778D1F14:54:43:250 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E14:54:43:250 2592 IRP_MJ_SET_INFORMATION : 804FA88E14:54:43:250 2592 IRP_MJ_QUERY_EA : 804FA88E14:54:43:250 2592 IRP_MJ_SET_EA : 804FA88E14:54:43:250 2592 IRP_MJ_FLUSH_BUFFERS : F87792E214:54:43:250 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E14:54:43:250 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E14:54:43:250 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E14:54:43:250 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E14:54:43:250 2592 IRP_MJ_DEVICE_CONTROL : F87793BB14:54:43:250 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF2814:54:43:250 2592 IRP_MJ_SHUTDOWN : F87792E214:54:43:250 2592 IRP_MJ_LOCK_CONTROL : 804FA88E14:54:43:250 2592 IRP_MJ_CLEANUP : 804FA88E14:54:43:250 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E14:54:43:250 2592 IRP_MJ_QUERY_SECURITY : 804FA88E14:54:43:250 2592 IRP_MJ_SET_SECURITY : 804FA88E14:54:43:250 2592 IRP_MJ_POWER : F877AC8214:54:43:250 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E14:54:43:250 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E14:54:43:250 2592 IRP_MJ_QUERY_QUOTA : 804FA88E14:54:43:250 2592 IRP_MJ_SET_QUOTA : 804FA88E14:54:43:265 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 114:54:43:265 2592 14:54:43:265 2592 Driver Name: atapi14:54:43:265 2592 IRP_MJ_CREATE : 832EEB4C14:54:43:265 2592 IRP_MJ_CREATE_NAMED_PIPE : 832EEB4C14:54:43:265 2592 IRP_MJ_CLOSE : 832EEB4C14:54:43:265 2592 IRP_MJ_READ : 832EEB4C14:54:43:265 2592 IRP_MJ_WRITE : 832EEB4C14:54:43:265 2592 IRP_MJ_QUERY_INFORMATION : 832EEB4C14:54:43:265 2592 IRP_MJ_SET_INFORMATION : 832EEB4C14:54:43:265 2592 IRP_MJ_QUERY_EA : 832EEB4C14:54:43:265 2592 IRP_MJ_SET_EA : 832EEB4C14:54:43:265 2592 IRP_MJ_FLUSH_BUFFERS : 832EEB4C14:54:43:265 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 832EEB4C14:54:43:265 2592 IRP_MJ_SET_VOLUME_INFORMATION : 832EEB4C14:54:43:265 2592 IRP_MJ_DIRECTORY_CONTROL : 832EEB4C14:54:43:265 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 832EEB4C14:54:43:265 2592 IRP_MJ_DEVICE_CONTROL : 832EEB4C14:54:43:265 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : 832EEB4C14:54:43:265 2592 IRP_MJ_SHUTDOWN : 832EEB4C14:54:43:265 2592 IRP_MJ_LOCK_CONTROL : 832EEB4C14:54:43:265 2592 IRP_MJ_CLEANUP : 832EEB4C14:54:43:265 2592 IRP_MJ_CREATE_MAILSLOT : 832EEB4C14:54:43:265 2592 IRP_MJ_QUERY_SECURITY : 832EEB4C14:54:43:265 2592 IRP_MJ_SET_SECURITY : 832EEB4C14:54:43:265 2592 IRP_MJ_POWER : 832EEB4C14:54:43:265 2592 IRP_MJ_SYSTEM_CONTROL : 832EEB4C14:54:43:265 2592 IRP_MJ_DEVICE_CHANGE : 832EEB4C14:54:43:265 2592 IRP_MJ_QUERY_QUOTA : 832EEB4C14:54:43:265 2592 IRP_MJ_SET_QUOTA : 832EEB4C14:54:43:265 2592 Driver "atapi" infected by TDSS rootkit!14:54:43:265 2592 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 114:54:43:265 2592 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 14:54:43:281 2592 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys14:54:43:281 2592 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 314:54:43:640 2592 vfvi614:54:43:859 2592 !dsvbh114:54:47:093 2592 dsvbh214:54:47:093 2592 fdfb214:54:47:093 2592 Backup copy found, using it..14:54:47:328 2592 will be cured on next reboot14:54:47:343 2592 Reboot required for cure complete..14:54:47:406 2592 Cure on reboot scheduled successfully14:54:47:406 2592 14:54:47:406 2592 Completed14:54:47:406 2592 14:54:47:406 2592 Results:14:54:47:406 2592 Memory objects infected / cured / cured on reboot: 1 / 0 / 014:54:47:406 2592 Registry objects infected / cured / cured on reboot: 0 / 0 / 014:54:47:406 2592 File objects infected / cured / cured on reboot: 1 / 0 / 114:54:47:406 2592 14:54:47:406 2592 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system14:54:47:406 2592 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software14:54:47:406 2592 UnloadDriverW: NtUnloadDriver error 114:54:47:406 2592 KLMD(ARK) unloaded successfully Link to post Share on other sites More sharing options...
Elise Posted April 24, 2010 ID:238668 Share Posted April 24, 2010 Hi, can you now please try to run Combofix. Also let me know if you are experiencing any more redirects now. Link to post Share on other sites More sharing options...
Promathia Posted April 24, 2010 Author ID:238677 Share Posted April 24, 2010 Same problem with combofix. Still shows antivir as being up when not...and still same error/shutdown Link to post Share on other sites More sharing options...
Elise Posted April 24, 2010 ID:238691 Share Posted April 24, 2010 Could you please rerun GMER and post me the log. Link to post Share on other sites More sharing options...
Promathia Posted April 24, 2010 Author ID:238769 Share Posted April 24, 2010 GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-04-24 19:09:36Windows 5.1.2600 Service Pack 3Running: fqd8vcj6.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pxtdapod.sys---- System - GMER 1.0.15 ----SSDT F8E0B026 ZwCreateKeySSDT F8E0B01C ZwCreateThreadSSDT F8E0B02B ZwDeleteKeySSDT F8E0B035 ZwDeleteValueKeySSDT F8E0B03A ZwLoadKeySSDT F8E0B008 ZwOpenProcessSSDT F8E0B00D ZwOpenThreadSSDT F8E0B044 ZwReplaceKeySSDT F8E0B03F ZwRestoreKeySSDT F8E0B030 ZwSetValueKeySSDT F8E0B017 ZwTerminateProcess---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)---- Devices - GMER 1.0.15 ----Device \FileSystem\Fastfat \Fat F1A75D20AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
Elise Posted April 25, 2010 ID:238905 Share Posted April 25, 2010 GMER looks clean, which means TDSSkiller did its job Please let me know how things are running now and post me a new OTL log (no need for extra.txt). Link to post Share on other sites More sharing options...
Promathia Posted April 26, 2010 Author ID:239381 Share Posted April 26, 2010 Things have been lots better. Here is OTL logOTL logfile created on: 4/25/2010 11:56:28 PM - Run 3OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy510.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 11.00% Memory free1.00 Gb Paging File | 0.00 Gb Available in Paging File | 38.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 33.70 Gb Total Space | 4.87 Gb Free Space | 14.46% Space Free | Partition Type: NTFSDrive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DELLCurrent User Name: Daniel BriggsLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exePRC - [2010/04/02 11:53:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010/01/26 12:23:01 | 001,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exePRC - [2009/09/30 18:57:20 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exePRC - [2009/07/21 15:40:24 | 000,404,737 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exePRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exePRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exePRC - [2007/06/08 11:19:22 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMCONFIG.exePRC - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxdccoms.exePRC - [2007/04/30 04:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exePRC - [2007/04/04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMProcess.exePRC - [2007/03/06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe========== Modules (SafeList) ==========MOD - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exeMOD - [2008/09/13 02:01:20 | 000,061,440 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\polhook.dll========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- -- (Ventrilo)SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE)SRV - [2007/05/25 05:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)SRV - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)========== Driver Services (SafeList) ==========DRV - [2009/12/07 13:29:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)DRV - [2009/09/09 19:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\xusb21.sys -- (xusb21)DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)DRV - [2007/09/06 06:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvdmmg.sys -- (dvdmmg)DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFilter.SYS -- (KMWDFilter)DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)DRV - [2004/03/15 02:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)DRV - [2004/03/15 02:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)DRV - [2004/03/15 02:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)DRV - [2004/03/15 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)DRV - [2004/03/15 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)DRV - [2004/03/15 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)DRV - [2004/03/15 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)DRV - [2004/03/15 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)DRV - [2004/03/15 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)DRV - [2004/03/03 11:29:00 | 001,893,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)DRV - [2004/02/27 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)DRV - [2004/02/13 04:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)DRV - [2004/01/14 20:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)DRV - [2004/01/14 20:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywayIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywayIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundIE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.startup.homepage: "www.fanfiction.net"FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 11:53:26 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 16:10:24 | 000,000,000 | ---D | M][2009/02/10 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Extensions[2010/04/25 03:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions[2009/09/03 06:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2009/02/10 07:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensionsO1 HOSTS File: ([2010/04/21 18:49:22 | 000,393,698 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTSO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.123topsearch.comO1 - Hosts: 127.0.0.1 123topsearch.comO1 - Hosts: 127.0.0.1 www.132.comO1 - Hosts: 127.0.0.1 132.comO1 - Hosts: 127.0.0.1 www.136136.netO1 - Hosts: 127.0.0.1 136136.netO1 - Hosts: 127.0.0.1 www.163ns.comO1 - Hosts: 127.0.0.1 163ns.comO1 - Hosts: 13597 more lines...O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe KMConfig.exe File not foundO4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not foundO4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not foundO4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not foundO9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not foundO15 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..Trusted Domains: ([]msn in My Computer)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2004/08/10 08:00:00 | 000,588,800 | R--- | M] (Microsoft Corporation) - E:\autochk.exe -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not foundO37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not foundO37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not foundO37 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found========== Files/Folders - Created Within 30 Days ==========[2010/04/24 14:54:13 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Daniel Briggs\Desktop\TDSSKiller.exe[2010/04/23 04:39:26 | 000,000,000 | ---D | C] -- C:\Qoobox[2010/04/23 04:38:32 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp[2010/04/11 15:58:35 | 000,000,000 | -HSD | C] -- C:\found.002[2010/04/10 02:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities[2010/04/10 02:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities[2010/04/08 12:58:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/04/08 12:58:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/04/08 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2008/04/02 00:32:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll[2008/04/02 00:32:39 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll[2008/04/02 00:32:38 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll[2008/04/02 00:32:38 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll[2008/04/02 00:32:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll[2008/04/02 00:32:37 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll[2008/04/02 00:32:37 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll[2008/04/02 00:32:37 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll[2008/04/02 00:32:37 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll[2008/04/02 00:32:36 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll[2008/04/02 00:32:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll[2008/04/02 00:32:34 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][2 C:\*.tmp files -> C:\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/04/25 20:27:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL[2010/04/25 20:27:06 | 000,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2010/04/25 20:26:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/04/25 20:26:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT[2010/04/25 20:26:21 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys[2010/04/25 20:23:23 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat[2010/04/25 20:22:49 | 004,313,256 | -H-- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\IconCache.db[2010/04/24 14:53:09 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\tdsskiller.zip[2010/04/24 09:10:17 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\ComboFix.exe[2010/04/24 07:13:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\NTUSER.INI[2010/04/22 05:39:03 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk[2010/04/22 05:38:59 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk[2010/04/21 18:49:22 | 000,393,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS[2010/04/20 11:52:25 | 000,017,190 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C[2010/04/17 05:14:05 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys[2010/04/16 03:33:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/04/16 03:30:27 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI[2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW[2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW[2010/04/15 19:04:22 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1052525308[2010/04/15 19:04:21 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443[2010/04/15 19:03:31 | 000,004,786 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1743246443[2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6[2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][2 C:\*.tmp files -> C:\*.tmp -> ]========== Files Created - No Company Name ==========[2010/04/24 14:52:21 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\tdsskiller.zip[2010/04/24 09:10:17 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\ComboFix.exe[2010/04/24 07:15:08 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys[2010/04/22 05:39:03 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk[2010/04/22 05:38:59 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk[2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4l2MhhmX3C[2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C[2010/04/16 03:30:26 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI[2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443[2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1052525308[2010/04/15 19:03:30 | 000,004,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1743246443[2010/04/15 19:03:30 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW[2010/04/15 19:02:12 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\21a34KM55vORW[2010/04/15 19:02:12 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW[2010/04/08 12:23:37 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6[2010/04/08 12:14:55 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6[2010/04/08 12:14:55 | 000,002,396 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\QsAgA3xk6[2010/04/07 09:02:21 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat[2010/04/06 02:00:16 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\AttendanceApr.txt[2008/12/02 18:39:53 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll[2008/04/02 00:45:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll[2008/04/02 00:45:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll[2008/04/02 00:33:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini[2008/04/02 00:32:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll[2008/04/02 00:32:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll[2008/03/06 20:02:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini[2007/12/12 08:03:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI[2007/11/26 11:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI[2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI[2007/11/26 11:13:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI[2007/09/06 06:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys[2006/05/01 22:38:13 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll[2005/04/03 07:51:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll[2005/04/03 07:51:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll[2005/04/03 07:51:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll[2005/02/27 13:39:41 | 000,002,766 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini[2004/09/22 04:24:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2004/09/22 04:11:34 | 000,000,957 | ---- | C] () -- C:\WINDOWS\wininit.ini[2004/09/22 03:58:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2004/09/22 03:58:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2004/09/22 03:32:50 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll[2002/08/29 06:00:00 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\ACLEDIT.DLL[2002/08/29 06:00:00 | 000,109,456 | ---- | C] () -- C:\WINDOWS\System32\AVIFILE.DLL[2002/08/29 06:00:00 | 000,069,584 | ---- | C] () -- C:\WINDOWS\System32\AVICAP.DLL< End of report > Link to post Share on other sites More sharing options...
Elise Posted April 26, 2010 ID:239388 Share Posted April 26, 2010 Hi again,OTL FIX------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox. Do not include the word "Code":otlO37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not foundO37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not foundO37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not foundO37 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found:commands[emptytemp]Push OTL may ask to reboot the machine. Please do so if asked.Click .A report will open. Copy and Paste that report in your next reply.UPDATE JAVA------------------Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.Look for "JDK 6 Update 20 (JDK or JRE)".Click the "Download JRE" button to the right.Select your Platform: "Windows".Select your Language: "Multi-language".Read the License Agreement, and then check the box that says: "Accept License Agreement".Click Continue and the page will refresh.Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.When the Java Setup - Welcome window opens, click the Install > button.If offered to install a Toolbar, just uncheck the box before continuing unless you want it.-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.Now please rerun MBAM, update it first and run a full scan. Post me the results afterwards. Link to post Share on other sites More sharing options...
Promathia Posted April 26, 2010 Author ID:239481 Share Posted April 26, 2010 Both reports here.All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully.HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.Registry key HKEY_USERS\S-1-5-18\Software\Classes\secfile\ not found.HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007_Classes\.exe\ deleted successfully.Registry key HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007_Classes\exefile\ not found.HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temporary Internet Files folder emptied: 32768 bytesUser: Administrator.DELL->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32768 bytesUser: All UsersUser: Daniel Briggs->Temp folder emptied: 2141764314 bytes->Temporary Internet Files folder emptied: 121670518 bytes->Java cache emptied: 15365694 bytes->FireFox cache emptied: 187929181 bytes->Flash cache emptied: 1408159 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytesUser: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 21118368 bytes->Java cache emptied: 0 bytes->Flash cache emptied: 41167 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 1573266 bytes->Java cache emptied: 1 bytes->Flash cache emptied: 43805 bytesUser: Owner%systemdrive% .tmp files removed: 2918629 bytes%systemroot% .tmp files removed: 219321 bytes%systemroot%\System32 .tmp files removed: 11078161 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 226526888 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23940876 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 370950 bytesRecycleBin emptied: 5078 bytesTotal Files Cleaned = 2,628.00 mbOTL by OldTimer - Version 3.2.2.0 log created on 04262010_071533Files\Folders moved on Reboot...File\Folder C:\Documents and Settings\Daniel Briggs\Local Settings\Temp\Perflib_Perfdata_94.dat not found!Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Promathia Posted April 26, 2010 Author ID:239482 Share Posted April 26, 2010 Malwarebytes' Anti-Malware 1.45www.malwarebytes.orgDatabase version: 4036Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187024/26/2010 9:43:18 AMmbam-log-2010-04-26 (09-43-18).txtScan type: Full scan (A:\|C:\|D:\|E:\|)Objects scanned: 213283Time elapsed: 2 hour(s), 15 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Elise Posted April 26, 2010 ID:239508 Share Posted April 26, 2010 Hi again,How are things running now? Do you have any problems left?Lets do one last scan to doublecheck everything is gone.ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.Push the button.Push Link to post Share on other sites More sharing options...
Recommended Posts