Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect/Pop up Tab [Solved]

Started by wmeflg , Apr 09 2010 02:31 PM

  • This topic is locked This topic is locked

#1
wmeflg
Posted 09 April 2010 - 02:31 PM

wmeflg

    Member

  • Member
  • PipPip
  • 48 posts
I thought it was just google redirect so followed those instructions, running GooredFix and TDSSKiller, but still having problems with both the redirect and random tabs being created. The GMER program would not run successfully, freezing twice and completely crashing computer once so I don't have those results to post. I have run a full AVG scan. Here are the logs I do have. Thanks in advance.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3970

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

4/9/2010 9:01:13 AM
mbam-log-2010-04-09 (09-01-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 212292
Time elapsed: 1 hour(s), 18 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 4/9/2010 4:10:04 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Linder\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 221.12 Gb Free Space | 76.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Linder
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/09 16:09:02 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Linder\Desktop\OTL.exe
PRC - [2010/03/21 09:28:28 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/17 15:32:28 | 000,711,384 | ---- | M] () -- C:\Users\Linder\AppData\Local\Autobahn\autobahn.exe
PRC - [2009/08/22 10:57:20 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 10:57:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/10 17:18:02 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/04/25 14:28:34 | 000,954,368 | ---- | M] () -- C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/15 09:32:14 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/27 09:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 16:09:02 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Linder\Desktop\OTL.exe
MOD - [2009/08/22 10:57:20 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2009/08/22 10:57:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/10 17:18:02 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=6070811

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/08 10:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/01/11 19:36:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 19:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 19:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/09/28 18:46:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/09/06 08:22:55 | 000,000,000 | ---D | M] -- C:\Users\Linder\AppData\Roaming\Mozilla\Extensions
[2010/04/09 15:33:50 | 000,000,000 | ---D | M] -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\extensions
[2009/09/10 08:08:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/09 15:33:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/13 08:12:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/24 10:50:41 | 000,001,504 | ---- | M] () -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\searchplugins\imdb.xml
[2010/03/28 17:47:57 | 000,001,835 | ---- | M] () -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\searchplugins\weathercom.xml
[2008/12/24 10:50:41 | 000,000,681 | ---- | M] () -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\searchplugins\webster.xml
[2008/12/24 10:50:41 | 000,000,872 | ---- | M] () -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\searchplugins\wikipedia-en.xml
[2010/04/09 15:33:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/07/03 08:19:08 | 000,316,848 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 10872 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Linder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk = C:\Users\Linder\AppData\Local\Autobahn\autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Linder\Pictures\Smokey & Sundance.jpg
O24 - Desktop BackupWallPaper: C:\Users\Linder\Pictures\Smokey & Sundance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22b91c2d-b15a-11dd-b914-001aa0524fa8}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/26 12:40:58 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/09 16:08:50 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Linder\Desktop\OTL.exe
[2010/04/09 12:46:27 | 000,036,488 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
[2010/04/09 12:44:18 | 000,000,000 | ---D | C] -- C:\Users\Linder\Desktop\tdsskiller
[2010/04/09 12:42:20 | 000,000,000 | ---D | C] -- C:\Users\Linder\Desktop\GooredFix Backups
[2010/04/09 12:41:12 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Linder\Desktop\GooredFix.exe
[2010/04/09 12:32:31 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Linder\Desktop\TFC.exe
[2010/04/09 12:27:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/09 12:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/30 18:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/30 18:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 14 Days ==========

[2010/04/09 16:09:30 | 006,029,312 | -HS- | M] () -- C:\Users\Linder\NTUSER.DAT
[2010/04/09 16:09:16 | 000,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/09 16:09:16 | 000,636,754 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/09 16:09:16 | 000,117,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/09 16:09:02 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Linder\Desktop\OTL.exe
[2010/04/09 16:06:49 | 000,284,915 | ---- | M] () -- C:\Users\Linder\Desktop\gmer.zip
[2010/04/09 16:04:47 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/09 16:04:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 16:04:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 16:04:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/09 16:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/09 16:04:20 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 16:04:19 | 207,255,765 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/09 14:59:44 | 000,524,288 | -HS- | M] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/09 14:59:44 | 000,065,536 | -HS- | M] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/09 14:59:12 | 002,395,390 | -H-- | M] () -- C:\Users\Linder\AppData\Local\IconCache.db
[2010/04/09 14:36:55 | 000,029,184 | ---- | M] () -- C:\Users\Linder\Documents\Estimated Tax 2010 Apr.xls
[2010/04/09 14:31:09 | 000,059,904 | ---- | M] () -- C:\Users\Linder\Documents\Loans.xls
[2010/04/09 14:14:03 | 000,121,733 | ---- | M] () -- C:\Users\Linder\Documents\f1040es.pdf
[2010/04/09 12:56:34 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
[2010/04/09 12:41:20 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Linder\Desktop\GooredFix.exe
[2010/04/09 12:32:42 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Linder\Desktop\TFC.exe
[2010/04/09 12:29:06 | 000,009,334 | ---- | M] () -- C:\Users\Linder\Desktop\SysRestorePoint_v13.zip
[2010/04/09 10:14:12 | 000,017,920 | ---- | M] () -- C:\Users\Linder\Documents\Passwords.xls
[2010/04/09 09:16:55 | 058,724,319 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 18:25:56 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/03/26 18:20:52 | 000,015,360 | ---- | M] () -- C:\Users\Linder\Documents\Magazines.xls

========== Files Created - No Company Name ==========

[2010/04/09 16:06:37 | 000,284,915 | ---- | C] () -- C:\Users\Linder\Desktop\gmer.zip
[2010/04/09 16:04:19 | 207,255,765 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/09 14:14:03 | 000,121,733 | ---- | C] () -- C:\Users\Linder\Documents\f1040es.pdf
[2010/04/09 13:49:57 | 000,029,184 | ---- | C] () -- C:\Users\Linder\Documents\Estimated Tax 2010 Apr.xls
[2010/04/09 12:29:01 | 000,009,334 | ---- | C] () -- C:\Users\Linder\Desktop\SysRestorePoint_v13.zip
[2009/10/20 18:08:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/03 16:32:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2009/02/15 15:00:49 | 000,000,082 | ---- | C] () -- C:\Users\Linder\AppData\Local\X-Plane Installer.prf
[2009/02/15 13:06:18 | 000,000,036 | ---- | C] () -- C:\Users\Linder\AppData\Local\x-plane_install.txt
[2008/06/13 20:52:37 | 000,000,680 | ---- | C] () -- C:\Users\Linder\AppData\Local\d3d9caps.dat
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/11/02 20:07:20 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/11/02 20:07:20 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/11/02 20:07:19 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/11/02 20:05:50 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2007/09/28 21:46:33 | 000,002,212 | ---- | C] () -- C:\Windows\IFPClient.ini
[2007/09/22 09:56:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/18 18:47:52 | 000,027,136 | ---- | C] () -- C:\Users\Linder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/18 17:31:34 | 000,000,020 | -HS- | C] () -- C:\Users\Linder\ntuser.ini
[2007/08/18 17:31:33 | 000,524,288 | -HS- | C] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/08/18 17:31:32 | 006,029,312 | -HS- | C] () -- C:\Users\Linder\NTUSER.DAT
[2007/08/18 17:31:32 | 000,524,288 | -HS- | C] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/08/18 17:31:32 | 000,262,144 | -H-- | C] () -- C:\Users\Linder\ntuser.dat.LOG1
[2007/08/18 17:31:32 | 000,065,536 | -HS- | C] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/08/18 17:31:32 | 000,000,000 | -H-- | C] () -- C:\Users\Linder\ntuser.dat.LOG2
[2007/08/11 00:59:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/10 17:18:55 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2007/08/10 17:18:54 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2007/08/10 17:18:54 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NSREG.DLL
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/08/02 09:32:30 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/09/24 19:22:02 | 000,000,000 | ---D | M] -- C:\Users\Linder\AppData\Roaming\GetRightToGo
[2007/08/19 15:42:57 | 000,000,000 | ---D | M] -- C:\Users\Linder\AppData\Roaming\Thunderbird
[2010/04/09 15:00:05 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/11 00:55:43 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/08/11 00:55:43 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/08/11 00:55:43 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/08/11 00:55:43 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/08/11 00:56:21 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/08/11 00:56:13 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/08/11 00:56:13 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/08/11 00:56:21 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/08/11 00:56:21 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 03:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 03:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVRD32.SYS >
[2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Drivers\storage\R152146\nvrd32.sys
[2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Windows\System32\drivers\nvrd32.sys
[2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/03/23 07:09:16 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=215816305E18C3305ED3407FC375B3FD -- C:\Drivers\storage\R152146\nvstor32.sys
[2010/04/09 12:57:46 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=215816305E18C3305ED3407FC375B3FD -- C:\Windows\System32\drivers\nvstor32.sys
[2007/03/23 07:09:16 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=215816305E18C3305ED3407FC375B3FD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 4/9/2010 4:10:04 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Linder\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 221.12 Gb Free Space | 76.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Linder
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4D86B3-5B18-4479-A0F6-F40555FF55BF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{113B0E70-DC14-4E01-993C-1326A2A603FE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{1D4E4427-06BB-49B7-B5C5-8569679E57CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FE7C397-8672-4D97-AEEF-2476F1A606B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38F3C70B-FAD6-4495-A810-D9F03471E3FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3991D84C-24B3-4447-9D98-53939B3354AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DFFD2DD-1DA5-4DBB-A011-7AFAA5C6DD02}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{3F945801-9BC2-4F97-B1E3-839238489CCD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{5669E4E8-0818-46E6-8307-0863CE6EE774}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E1496B6-2E33-4365-B19C-5DB7B59D6DDE}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5E6BDF7E-7DF1-45DF-B748-1D745D312131}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6938B08C-F92F-4464-BF37-589DB285568E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{6AE4DC50-6EDD-44CE-A865-D2AF18015E2E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{8D4A93A6-EABC-48C3-AB26-16072EAF32B6}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{909B9A04-A637-4EE8-9C3A-87BAF5F3BBEB}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B0F2C854-E9A1-4368-8827-1F76C69E6D7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D64A1A9B-5A4F-4948-AE49-AAD4D618ABCA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{DD6A89FC-6074-4AED-84CA-D4CF282A29ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1CB438E-7236-4074-B567-416B9006B650}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E717E2C5-5043-4ABD-A10A-EC720145090F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F34458A4-D583-43CC-A1A9-FECFE4662702}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{F9CC4D26-E815-407B-8CBD-78633D691A98}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{FA2A4C9A-2A11-4229-A0C3-0A8130E238B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{05589119-F6D3-4098-898B-BE7BA24F804F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{0B7BB5F3-1D78-40C4-ACAC-DFDCD6B32D39}C:\users\linder\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\linder\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{A374C3DE-41F2-4E17-ADF5-B1489AE207A1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AE225986-4B82-410E-ACC7-85A8F559F4D5}C:\users\linder\desktop\x-plane 9\x-plane.exe" = protocol=6 | dir=in | app=c:\users\linder\desktop\x-plane 9\x-plane.exe |
"TCP Query User{F0EF2311-6CAC-446A-A00E-F33A59F10706}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F6EAC510-A9F1-4CE8-9433-8F81D569D7E6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{035149C9-D7A1-4F32-95C9-440439E850B3}C:\users\linder\desktop\x-plane 9\x-plane.exe" = protocol=17 | dir=in | app=c:\users\linder\desktop\x-plane 9\x-plane.exe |
"UDP Query User{11ED5E10-85A5-4E10-ABB8-23A91D6FD301}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{333FDC49-B86F-45B0-A0E8-9AEF4916C356}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7D4F7F9B-4EFD-4494-B530-AA3C2150A44F}C:\users\linder\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\linder\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{A7CB83CD-285A-4F18-B574-6D07639B7753}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E68274C1-C836-44E8-AA1A-906A7BA93572}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 19
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"3D Pitch Deluxe 1.6" = 3D Pitch Deluxe 1.6
"Across Lite 2.0" = Across Lite 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOPA's Real-Time Flight Planner" = AOPA's Real-Time Flight Planner 1.2.2
"Autobahn" = Autobahn
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"ERUNT_is1" = ERUNT 1.1j
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"Indeo® software" = Indeo® software
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"NVIDIA Drivers" = NVIDIA Drivers
"Snood 4_is1" = Snood 4
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TrafficGiant-Gold Edition" = TrafficGiant-Gold Edition
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Yahoo! Applications" = Verizon Yahoo! Applications

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2010 5:00:16 PM | Computer Name = Home | Source = Perflib | ID = 1010
Description =

Error - 1/16/2010 5:00:19 PM | Computer Name = Home | Source = Perflib | ID = 1008
Description =

Error - 2/5/2010 10:33:59 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, time stamp 0x4b302c34,
faulting module xul.dll, version 1.9.1.3642, time stamp 0x4b302b16, exception code
0xc0000005, fault offset 0x0007a93d, process id 0x5ac, application start time 0x01ca9b7979978650.

Error - 2/11/2010 4:23:22 AM | Computer Name = Home | Source = VSS | ID = 8194
Description =

Error - 2/17/2010 9:06:00 PM | Computer Name = Home | Source = Perflib | ID = 1010
Description =

Error - 2/17/2010 9:06:02 PM | Computer Name = Home | Source = Perflib | ID = 1008
Description =

Error - 2/17/2010 9:22:03 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, time stamp 0x4b302c34,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x68732d78, process id 0xc44, application start time 0x01caab1b144056e0.

Error - 2/20/2010 3:56:26 PM | Computer Name = Home | Source = Perflib | ID = 1010
Description =

Error - 2/20/2010 3:56:28 PM | Computer Name = Home | Source = Perflib | ID = 1008
Description =

Error - 2/28/2010 7:07:46 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 7.0.8.218, time stamp 0x446abf60,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x24002bcb, process id 0x11d8, application start time 0x01cab87df1cdce60.

[ System Events ]
Error - 4/9/2010 12:39:18 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 4/9/2010 12:49:46 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 4/9/2010 12:49:46 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 4/9/2010 12:59:38 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 4/9/2010 12:59:38 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 4/9/2010 3:02:46 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 4/9/2010 3:02:46 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 4/9/2010 4:04:29 PM | Computer Name = Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:03:07 PM on 4/9/2010 was unexpected.

Error - 4/9/2010 4:05:59 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 4/9/2010 4:05:59 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 09 April 2010 - 02:35 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you try gmer in safe mode

if it fails do this

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Edited by Rorschach112, 09 April 2010 - 02:35 PM.

  • 0

#3
wmeflg
Posted 09 April 2010 - 03:21 PM

wmeflg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
GMER crashed in Safe Mode too. Here are the results from ComboFix:


ComboFix 10-04-08.06 - Linder 04/09/2010 17:06:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1311 [GMT -4:00]
Running from: c:\users\Linder\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3812605420-1308425598-418186159-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 21:13 . 2010-04-09 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-09 16:46 . 2010-04-09 16:56 36488 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-04-09 16:27 . 2010-04-09 16:27 -------- d-----w- c:\program files\ERUNT
2010-03-30 22:45 . 2010-03-30 22:45 -------- d-----w- c:\program files\Common Files\Java
2010-03-22 07:04 . 2010-03-22 07:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-11 08:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 08:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 08:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 16:57 . 2007-08-11 04:59 101160 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2010-04-09 11:39 . 2009-06-17 00:10 -------- d-----w- c:\program files\SpywareBlaster
2010-03-30 22:44 . 2007-08-24 02:20 -------- d-----w- c:\program files\Java
2010-03-30 22:30 . 2009-07-31 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 22:26 . 2009-08-12 00:54 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 04:46 . 2009-07-31 18:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-07-31 18:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 07:24 . 2007-08-18 21:32 93888 ----a-w- c:\users\Linder\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-23 07:23 . 2008-12-31 00:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-09 08:28 . 2008-12-19 02:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 14:16 . 2009-10-03 15:04 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 12:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 12:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 12:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-23 09:26 . 2010-02-24 00:23 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-12 02:11 . 2009-06-27 13:23 144160 ----a-w- c:\users\Linder\AppData\Roaming\Move Networks\uninstall.exe
2010-01-12 02:11 . 2009-12-07 01:22 5603776 ----a-w- c:\users\Linder\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
2007-08-11 04:56 . 2007-08-11 04:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-15 90192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-15 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-15 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-21 2046816]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Linder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
autobahn.lnk - c:\users\Linder\AppData\Local\Autobahn\autobahn.exe [2009-9-17 711384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-10 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0e,6a,4b,20,dd,51,ca,01

R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-22 335240]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-03-17 30560]

.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Linder\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Linder\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
ActiveSetup-ccc-core-static - msiexec
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Linder\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 17:13
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85071AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x80734d24
\Driver\ACPI -> acpi.sys @ 0x80613d68
\Driver\atapi -> ataport.SYS @ 0x8075ca2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-04-09 17:16:38
ComboFix-quarantined-files.txt 2010-04-09 21:16

Pre-Run: 237,284,769,792 bytes free
Post-Run: 237,214,515,200 bytes free

- - End Of File - - A6AF4C5A4785971F1388F21BB26E492C
  • 0

#4
Rorschach112
Posted 09 April 2010 - 03:33 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
open OTL click the none button paste this in the custom scan box

%systemroot%\system32\drivers\*.sys /lockedfiles /all

click run scan post that log
  • 0

#5
wmeflg
Posted 09 April 2010 - 04:04 PM

wmeflg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL logfile created on: 4/9/2010 5:59:55 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Linder\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 220.97 Gb Free Space | 76.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Linder
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/09 16:09:02 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Linder\Desktop\OTL.exe
PRC - [2010/04/07 19:33:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/21 09:28:28 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/17 15:32:28 | 000,711,384 | ---- | M] () -- C:\Users\Linder\AppData\Local\Autobahn\autobahn.exe
PRC - [2009/08/22 10:57:20 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 10:57:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/15 09:32:14 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/27 09:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 16:09:02 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Linder\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2009/08/22 10:57:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/10 17:18:02 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/09 12:57:46 | 000,101,160 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/08/22 10:57:20 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/22 10:57:20 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2007/08/11 00:56:13 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/08/11 00:56:13 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/08/11 00:56:13 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/10 09:18:06 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/15 09:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/15 09:41:26 | 007,409,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/15 09:32:14 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 03:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 14:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/08 10:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/01/11 19:36:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 19:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 19:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/09/28 18:46:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/09/06 08:22:55 | 000,000,000 | ---D | M] -- C:\Users\Linder\AppData\Roaming\Mozilla\Extensions
[2010/04/09 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\extensions
[2009/09/10 08:08:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/09 15:33:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/13 08:12:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/24 10:50:41 | 000,001,504 | ---- | M] () -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\searchplugins\imdb.xml
[2010/03/28 17:47:57 | 000,001,835 | ---- | M] () -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\searchplugins\weathercom.xml
[2008/12/24 10:50:41 | 000,000,681 | ---- | M] () -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\searchplugins\webster.xml
[2008/12/24 10:50:41 | 000,000,872 | ---- | M] () -- C:\Users\Linder\AppData\Roaming\Mozilla\Firefox\Profiles\llk0x1ce.default\searchplugins\wikipedia-en.xml
[2010/04/09 17:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/07/03 08:19:08 | 000,316,848 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 10872 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Linder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk = C:\Users\Linder\AppData\Local\Autobahn\autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Linder\Pictures\Smokey & Sundance.jpg
O24 - Desktop BackupWallPaper: C:\Users\Linder\Pictures\Smokey & Sundance.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 17:16:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/09 17:16:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/09 17:05:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/09 17:05:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/09 17:05:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/09 17:04:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/09 16:58:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/09 16:08:50 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Linder\Desktop\OTL.exe
[2010/04/09 12:46:27 | 000,036,488 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
[2010/04/09 12:44:18 | 000,000,000 | ---D | C] -- C:\Users\Linder\Desktop\tdsskiller
[2010/04/09 12:42:20 | 000,000,000 | ---D | C] -- C:\Users\Linder\Desktop\GooredFix Backups
[2010/04/09 12:41:12 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Linder\Desktop\GooredFix.exe
[2010/04/09 12:32:31 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Linder\Desktop\TFC.exe
[2010/04/09 12:27:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/09 12:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/31 08:18:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 08:18:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 08:18:22 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 08:18:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 08:18:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 08:18:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 08:18:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 08:18:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/31 08:18:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 08:18:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/31 08:18:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 08:18:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 08:18:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/31 08:18:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 08:18:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/30 18:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/30 18:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 18:45:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/30 18:45:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/30 18:45:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/22 03:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/03/11 04:00:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 04:00:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

========== Files - Modified Within 30 Days ==========

[2010/04/09 18:03:15 | 006,029,312 | -HS- | M] () -- C:\Users\Linder\NTUSER.DAT
[2010/04/09 17:58:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/09 17:13:42 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/09 17:02:40 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2010/04/09 16:56:40 | 000,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/09 16:56:40 | 000,636,754 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/09 16:56:40 | 000,117,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/09 16:55:11 | 003,911,239 | R--- | M] () -- C:\Users\Linder\Desktop\ComboFix.exe
[2010/04/09 16:52:08 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/09 16:51:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 16:51:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 16:51:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/09 16:51:49 | 000,357,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/09 16:51:33 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 16:50:47 | 000,524,288 | -HS- | M] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/09 16:50:47 | 000,065,536 | -HS- | M] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/09 16:09:02 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Linder\Desktop\OTL.exe
[2010/04/09 16:06:49 | 000,284,915 | ---- | M] () -- C:\Users\Linder\Desktop\gmer.zip
[2010/04/09 16:04:19 | 207,255,765 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/09 14:36:55 | 000,029,184 | ---- | M] () -- C:\Users\Linder\Documents\Estimated Tax 2010 Apr.xls
[2010/04/09 14:31:09 | 000,059,904 | ---- | M] () -- C:\Users\Linder\Documents\Loans.xls
[2010/04/09 14:14:03 | 000,121,733 | ---- | M] () -- C:\Users\Linder\Documents\f1040es.pdf
[2010/04/09 12:57:46 | 000,101,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2010/04/09 12:56:34 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
[2010/04/09 12:41:20 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Linder\Desktop\GooredFix.exe
[2010/04/09 12:32:42 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Linder\Desktop\TFC.exe
[2010/04/09 12:29:06 | 000,009,334 | ---- | M] () -- C:\Users\Linder\Desktop\SysRestorePoint_v13.zip
[2010/04/09 10:14:12 | 000,017,920 | ---- | M] () -- C:\Users\Linder\Documents\Passwords.xls
[2010/04/09 09:16:55 | 058,724,319 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 18:25:56 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/03/26 18:20:52 | 000,015,360 | ---- | M] () -- C:\Users\Linder\Documents\Magazines.xls
[2010/03/26 15:47:47 | 000,020,480 | ---- | M] () -- C:\Users\Linder\Documents\Books.xls
[2010/03/24 03:03:21 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/03/23 03:24:15 | 000,093,888 | ---- | M] () -- C:\Users\Linder\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/12 15:56:19 | 000,026,112 | ---- | M] () -- C:\Users\Linder\Documents\Pet Sitting Mar 10.doc

========== Files Created - No Company Name ==========

[2010/04/09 17:05:24 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/09 17:05:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/09 17:05:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/09 17:05:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/09 17:05:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/09 17:02:40 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2010/04/09 16:54:26 | 003,911,239 | R--- | C] () -- C:\Users\Linder\Desktop\ComboFix.exe
[2010/04/09 16:51:33 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/09 16:06:37 | 000,284,915 | ---- | C] () -- C:\Users\Linder\Desktop\gmer.zip
[2010/04/09 16:04:19 | 207,255,765 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/09 14:14:03 | 000,121,733 | ---- | C] () -- C:\Users\Linder\Documents\f1040es.pdf
[2010/04/09 13:49:57 | 000,029,184 | ---- | C] () -- C:\Users\Linder\Documents\Estimated Tax 2010 Apr.xls
[2010/04/09 12:29:01 | 000,009,334 | ---- | C] () -- C:\Users\Linder\Desktop\SysRestorePoint_v13.zip
[2010/03/12 10:56:23 | 000,026,112 | ---- | C] () -- C:\Users\Linder\Documents\Pet Sitting Mar 10.doc
[2009/10/20 18:08:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/03 16:32:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2009/02/15 15:00:49 | 000,000,082 | ---- | C] () -- C:\Users\Linder\AppData\Local\X-Plane Installer.prf
[2009/02/15 13:06:18 | 000,000,036 | ---- | C] () -- C:\Users\Linder\AppData\Local\x-plane_install.txt
[2008/06/13 20:52:37 | 000,000,680 | ---- | C] () -- C:\Users\Linder\AppData\Local\d3d9caps.dat
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/11/02 20:07:20 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/11/02 20:07:20 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/11/02 20:07:19 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/11/02 20:05:50 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2007/09/28 21:46:33 | 000,002,212 | ---- | C] () -- C:\Windows\IFPClient.ini
[2007/09/22 09:56:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/18 18:47:52 | 000,027,136 | ---- | C] () -- C:\Users\Linder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/18 17:31:34 | 000,000,020 | -HS- | C] () -- C:\Users\Linder\ntuser.ini
[2007/08/18 17:31:33 | 000,524,288 | -HS- | C] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/08/18 17:31:32 | 006,029,312 | -HS- | C] () -- C:\Users\Linder\NTUSER.DAT
[2007/08/18 17:31:32 | 000,524,288 | -HS- | C] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/08/18 17:31:32 | 000,262,144 | -H-- | C] () -- C:\Users\Linder\ntuser.dat.LOG1
[2007/08/18 17:31:32 | 000,065,536 | -HS- | C] () -- C:\Users\Linder\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/08/18 17:31:32 | 000,000,000 | -H-- | C] () -- C:\Users\Linder\ntuser.dat.LOG2
[2007/08/11 00:59:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/10 17:18:55 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2007/08/10 17:18:54 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2007/08/10 17:18:54 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NSREG.DLL
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/08/02 09:32:30 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\drivers\*.sys /lockedfiles /all >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
  • 0

#6
Rorschach112
Posted 09 April 2010 - 04:23 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log



any redirects ?
  • 0

#7
wmeflg
Posted 09 April 2010 - 04:33 PM

wmeflg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Yes, still have redirects from google.

18:27:06:339 5896 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
18:27:06:339 5896 ================================================================================
18:27:06:339 5896 SystemInfo:

18:27:06:339 5896 OS Version: 6.0.6002 ServicePack: 2.0
18:27:06:339 5896 Product type: Workstation
18:27:06:339 5896 ComputerName: HOME
18:27:06:339 5896 UserName: Linder
18:27:06:339 5896 Windows directory: C:\Windows
18:27:06:339 5896 Processor architecture: Intel x86
18:27:06:339 5896 Number of processors: 2
18:27:06:339 5896 Page size: 0x1000
18:27:06:339 5896 Boot type: Normal boot
18:27:06:339 5896 ================================================================================
18:27:06:355 5896 UnloadDriverW: NtUnloadDriver error 2
18:27:06:355 5896 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:27:06:636 5896 wfopen_ex: Trying to open file C:\Windows\system32\config\system
18:27:06:667 5896 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:27:06:667 5896 wfopen_ex: Trying to KLMD file open
18:27:06:667 5896 wfopen_ex: File opened ok (Flags 2)
18:27:06:667 5896 wfopen_ex: Trying to open file C:\Windows\system32\config\software
18:27:06:667 5896 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:27:06:667 5896 wfopen_ex: Trying to KLMD file open
18:27:06:667 5896 wfopen_ex: File opened ok (Flags 2)
18:27:06:667 5896 Initialize success
18:27:06:667 5896
18:27:06:682 5896 Scanning Services ...
18:27:07:322 5896 Raw services enum returned 428 services
18:27:07:338 5896
18:27:07:338 5896 Scanning Kernel memory ...
18:27:07:338 5896 Devices to scan: 1
18:27:07:338 5896
18:27:07:338 5896 Driver Name: nvstor32
18:27:07:338 5896 IRP_MJ_CREATE : 85071AC8
18:27:07:338 5896 IRP_MJ_CREATE_NAMED_PIPE : 85071AC8
18:27:07:338 5896 IRP_MJ_CLOSE : 85071AC8
18:27:07:338 5896 IRP_MJ_READ : 85071AC8
18:27:07:338 5896 IRP_MJ_WRITE : 85071AC8
18:27:07:338 5896 IRP_MJ_QUERY_INFORMATION : 85071AC8
18:27:07:338 5896 IRP_MJ_SET_INFORMATION : 85071AC8
18:27:07:338 5896 IRP_MJ_QUERY_EA : 85071AC8
18:27:07:338 5896 IRP_MJ_SET_EA : 85071AC8
18:27:07:338 5896 IRP_MJ_FLUSH_BUFFERS : 85071AC8
18:27:07:338 5896 IRP_MJ_QUERY_VOLUME_INFORMATION : 85071AC8
18:27:07:338 5896 IRP_MJ_SET_VOLUME_INFORMATION : 85071AC8
18:27:07:338 5896 IRP_MJ_DIRECTORY_CONTROL : 85071AC8
18:27:07:338 5896 IRP_MJ_FILE_SYSTEM_CONTROL : 85071AC8
18:27:07:338 5896 IRP_MJ_DEVICE_CONTROL : 85071AC8
18:27:07:338 5896 IRP_MJ_INTERNAL_DEVICE_CONTROL : 85071AC8
18:27:07:338 5896 IRP_MJ_SHUTDOWN : 85071AC8
18:27:07:338 5896 IRP_MJ_LOCK_CONTROL : 85071AC8
18:27:07:338 5896 IRP_MJ_CLEANUP : 85071AC8
18:27:07:338 5896 IRP_MJ_CREATE_MAILSLOT : 85071AC8
18:27:07:338 5896 IRP_MJ_QUERY_SECURITY : 85071AC8
18:27:07:338 5896 IRP_MJ_SET_SECURITY : 85071AC8
18:27:07:338 5896 IRP_MJ_POWER : 85071AC8
18:27:07:338 5896 IRP_MJ_SYSTEM_CONTROL : 85071AC8
18:27:07:338 5896 IRP_MJ_DEVICE_CHANGE : 85071AC8
18:27:07:338 5896 IRP_MJ_QUERY_QUOTA : 85071AC8
18:27:07:338 5896 IRP_MJ_SET_QUOTA : 85071AC8
18:27:07:338 5896 Driver "nvstor32" infected by TDSS rootkit!
18:27:07:353 5896 C:\Windows\system32\drivers\nvstor32.sys - Verdict: 1
18:27:07:353 5896 File "C:\Windows\system32\drivers\nvstor32.sys" infected by TDSS rootkit ... 18:27:07:353 5896 Processing driver file: C:\Windows\system32\drivers\nvstor32.sys
18:27:07:431 5896 vfvi7
18:27:07:572 5896 dsvbh1
18:27:07:603 5896 fdfb1
18:27:07:603 5896 Backup copy found, using it..
18:27:07:759 5896 will be cured on next reboot
18:27:07:759 5896 Reboot required for cure complete..
18:27:07:790 5896 Cure on reboot scheduled successfully
18:27:07:790 5896
18:27:07:790 5896 Completed
18:27:07:790 5896
18:27:07:790 5896 Results:
18:27:07:790 5896 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
18:27:07:790 5896 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:27:07:790 5896 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:27:07:790 5896
18:27:07:790 5896 fclose_ex: Trying to close file C:\Windows\system32\config\system
18:27:07:790 5896 fclose_ex: Trying to close file C:\Windows\system32\config\software
18:27:07:790 5896 UnloadDriverW: NtUnloadDriver error 1
18:27:07:790 5896 KLMD(ARK) unloaded successfully
  • 0

#8
Rorschach112
Posted 09 April 2010 - 04:44 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
you have a new infection which is rather tough to fix, so best make yourself some tea :)

can you download a new version of combofix, run it, post that log

and do this

1. Go HERE and download FileLister.
  • Save it to your Desktop
  • Rt Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
Posted Image
  • Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  • When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
  • 0

#9
wmeflg
Posted 09 April 2010 - 05:02 PM

wmeflg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Not much success this go around. I downloaded a new Combofix which ran for a couple of minutes, then completely crashed the computer.

FileLister ran for a bit, but didn't create a log. I guess you were right that this will take a while!
  • 0

#10
Rorschach112
Posted 09 April 2010 - 05:09 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
rename gmer and combofix to svchost.com

do they run then in safe mode for you ?


do this too

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
C:\Windows\System32\drivers\nvstor32.sys|C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvstor32.sys /replace

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


also try filelister once more for me
  • 0

Advertisements

#11
wmeflg
Posted 09 April 2010 - 06:14 PM

wmeflg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Gmer still doesn't work. FileLister runs but doesn't create a log.

ComboFix results seem like they are too large to post in one reply (failed twice) so I wanted to try to attach the log but I don't see how.

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\Windows\System32\drivers\nvstor32.sys successfully replaced with C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvstor32.sys
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Linder
->Temp folder emptied: 37614 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 3118 bytes
->FireFox cache emptied: 66595124 bytes
->Flash cache emptied: 3421 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb

OTM cannot create restorepoints on Vista OSs!

OTM by OldTimer - Version 3.1.10.1 log created on 04092010_195410

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
Rorschach112
Posted 09 April 2010 - 06:17 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you find this file, C:\combofix.txt

what you uploaded was the entire combofix program which is 6mbs


getting any redirects ?
  • 0

#13
wmeflg
Posted 09 April 2010 - 06:26 PM

wmeflg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here is ComboFix Part 1.Attached File  combofix1.txt   473.86KB   172 downloads
  • 0

#14
wmeflg
Posted 09 April 2010 - 06:39 PM

wmeflg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ComboFix 2 out of 3. Yes, still having redirect.

Attached File  Combofix2.txt   286.55KB   166 downloads
  • 0

#15
Rorschach112
Posted 09 April 2010 - 06:47 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
if any of these fail move onto the next one

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.



then try filelister again for me



Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP