Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rogue.InternetSecurity2010 and Registry Defender 2010 [Solved]

Started by helpmePCGods , Jun 03 2010 10:13 AM

  • This topic is locked This topic is locked

#1
helpmePCGods
Posted 03 June 2010 - 10:13 AM

helpmePCGods

    Member

  • Member
  • PipPip
  • 35 posts
Greetings! For the past several days I have been experiencing problems with my computer as far as random IE pop ups, redirects and IE eventually not loading up at all. Since the last issue I had with my PC, I have had Avast and Malwarebytes loaded and running on my computer. Initially got an avast notice that a threat was detected in the WINDOWS\system32 folder, I ran malwarebytes and thought it fixed it, but it came back. I also ran SuperAntiSpyware and Malwarebytes again last night, but the issues persist. I have ran TFC, ERUNT, Malwarebytes, GMER and OTL this morning, although when running OTL, a few minutes into the scan, a few of the lines that I pasted into the custom scan box disappeared, and when the scan was finished, only an OTL.txt log file was generated, not an "extras.txt" log. I would like to know, from viewing the logs I will post below, what more needs to be done. Also, the malwarebytes log file is one that was done after a TFC, ERUNT and Malwarebyte's scan (which found infected files), as well as a reboot (I had done those three scans and was checking email before rebooting and I got a random IE pop up on my screen, so I rebooted and rescanned with Malwarebytes, which came up with supposedly no infected files). Thanks in advance for any help you can give! (Just as I was logging in to the forum to post this, I got another pop up of "Registry Defender 2010")

OTL logfile created on: 6/3/2010 9:51:19 AM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\CrimsonSoulFire\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1278 1478 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.03 Gb Total Space | 42.49 Gb Free Space | 59.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRIMSON
Current User Name: CrimsonSoulFire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/02 19:31:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\OTL.exe
PRC - [2010/05/06 14:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/19 12:08:54 | 002,935,480 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 17:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/21 06:08:15 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 09:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/08/11 15:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/05/10 03:35:00 | 005,208,576 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 21:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
PRC - [2003/09/01 05:42:50 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/06/25 10:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 17:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 19:31:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WMP54Gv4SVCAlerter)
SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (DcomLaunchWmdmPmSN)
SRV - File not found [Auto | Stopped] -- -- (avast!TermService)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/12 19:33:00 | 003,477,452 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 18:12:36 | 000,058,368 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\11e4faedb.exe -- (dmadminRemoteAccess)
SRV - [2007/03/07 13:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/04/21 14:56:10 | 000,242,176 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/02/01 17:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/12/06 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 00:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/07/15 20:20:46 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 18:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 22:12:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 09:16:41 | 000,000,000 | ---D | M]

[2010/06/02 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Mozilla\Extensions
[2010/06/03 09:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Mozilla\Firefox\Profiles\fxxr4pi3.default\extensions
[2010/06/03 07:35:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Mozilla\Firefox\Profiles\fxxr4pi3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/02 22:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/15 10:37:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\CrimsonSoulFire\Start Menu\Programs\Startup\Shortcut to subliminalblaster.lnk = C:\Program Files\Subliminal Blaster 2.0\subliminalblaster.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144279139234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.239.225.2 63.239.225.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\littlerabbit.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\littlerabbit.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 11:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (67849080138629120)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/02 22:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\Mozilla
[2010/06/02 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/02 16:51:02 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\OTL.exe
[2010/06/01 10:26:26 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2010/06/01 10:26:26 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/06/01 10:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2010/06/01 10:26:25 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/06/01 10:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\Deployment
[2010/06/01 10:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\Dell
[2010/06/01 06:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/01 06:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/31 14:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/31 13:15:15 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/05/31 10:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/31 10:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/07 18:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CrimsonSoulFire\Tracing
[2010/05/07 18:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/07 18:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/05/07 18:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/07 18:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/07 18:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/01 18:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Subliminal Blaster 2.0
[2010/04/24 21:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zynga
[2010/04/07 10:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Download Manager

========== Files - Modified Within 90 Days ==========

[2010/06/03 09:22:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/03 09:20:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 09:20:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 09:19:50 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\NTUSER.DAT
[2010/06/03 09:19:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CrimsonSoulFire\ntuser.ini
[2010/06/03 09:14:48 | 009,098,654 | -H-- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\IconCache.db
[2010/06/03 08:31:47 | 000,000,100 | --S- | M] () -- C:\WINDOWS\System32\1576484747.dat
[2010/06/02 22:11:56 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/02 20:08:10 | 000,085,826 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\copy_to_otl.rtf
[2010/06/02 19:31:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\OTL.exe
[2010/06/02 19:19:48 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BE51C7A5-D0F5-444F-8C0D-3C4F4D240234}.job
[2010/06/02 17:22:54 | 000,000,536 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2010/06/02 17:22:07 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Application Data\mainhst.zgh
[2010/05/23 10:32:32 | 021,233,720 | ---- | M] () -- C:\WINDOWS\littlerabbit.bmp
[2010/05/15 22:41:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/12 07:11:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 08:19:09 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/08 07:02:50 | 000,429,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/07 18:36:26 | 000,145,752 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/07 18:36:11 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\My Documents\My Sharing Folders.lnk
[2010/05/07 10:12:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/07 10:12:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/06 23:04:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/06 23:04:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/06 15:07:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/06 15:07:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/06 14:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 14:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 07:06:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/06 07:06:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/05 21:25:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/05 21:25:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/05 15:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/05 15:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/05 11:59:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/05 11:59:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/05 09:22:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/05 09:22:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/04 18:30:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/04 18:30:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/04 16:10:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/04 16:10:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/04 14:47:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/04 14:47:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/04 09:39:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/04 09:39:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/04 06:34:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/04 06:34:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/03 21:29:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/03 21:29:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/03 13:54:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/03 13:54:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/03 13:15:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/03 13:15:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/03 12:06:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/05/03 12:06:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/03 10:35:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/03 10:35:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/03 10:26:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/03 10:26:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/02 16:46:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/02 16:46:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/01 18:58:29 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Start Menu\Programs\Startup\Shortcut to subliminalblaster.lnk
[2010/05/01 18:55:41 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\Shortcut to subliminalblaster.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 06:13:27 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/28 06:13:27 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/28 06:13:27 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/14 15:37:58 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/14 15:37:58 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\77C1CD1C40.sys
[2010/04/14 10:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/07 10:08:38 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk

========== Files Created - No Company Name ==========

[2010/06/02 22:11:56 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/02 17:22:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\gmer.exe
[2010/06/02 16:51:47 | 000,085,826 | ---- | C] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\copy_to_otl.rtf
[2010/05/28 18:25:49 | 000,000,100 | --S- | C] () -- C:\WINDOWS\System32\1576484747.dat
[2010/05/23 10:32:29 | 021,233,720 | ---- | C] () -- C:\WINDOWS\littlerabbit.bmp
[2010/05/01 18:58:29 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\CrimsonSoulFire\Start Menu\Programs\Startup\Shortcut to subliminalblaster.lnk
[2010/05/01 18:55:41 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\Shortcut to subliminalblaster.lnk
[2010/04/07 10:08:38 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk
[2008/10/25 08:47:03 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/26 07:26:44 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/17 08:47:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/10/22 05:38:00 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/02/09 17:48:44 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/09 17:48:44 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\77C1CD1C40.sys
[2006/09/22 17:02:17 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/08/04 06:16:24 | 000,000,504 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/05/15 18:16:53 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/15 18:16:53 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/15 18:16:53 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/12/28 10:26:43 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/12/28 10:26:12 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/12/27 08:05:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/12/27 08:05:12 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/10/22 14:16:29 | 000,000,145 | ---- | C] () -- C:\WINDOWS\game.INI
[2005/10/22 12:38:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/22 07:51:56 | 000,003,384 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/10/21 21:19:03 | 000,007,452 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2005/10/21 21:18:20 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/10/18 22:05:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/18 21:51:00 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/18 21:18:16 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2005/10/18 21:18:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2005/10/18 21:18:14 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2005/10/18 21:17:02 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/01/30 12:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/21 07:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/18 18:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/09/24 11:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2006/08/04 18:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/08/21 07:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/12/19 12:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2005/11/14 19:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/02/27 09:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/07 07:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/21 07:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2005/10/18 21:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/12 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/17 17:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/24 11:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\CrystalApp
[2008/10/24 10:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\CrystalSpace
[2006/08/04 18:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\iWin
[2005/10/21 22:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Leadertech
[2009/08/21 07:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Nikon
[2008/09/23 19:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Opera
[2009/02/02 09:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\PlaneShift
[2006/05/07 07:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\PlayFirst
[2009/04/27 07:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\SecondLife
[2006/01/16 09:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Wildfire
[2008/12/04 09:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\ZipGenius
[2010/06/02 19:19:48 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BE51C7A5-D0F5-444F-8C0D-3C4F4D240234}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/10/21 21:09:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/15 10:22:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/10/18 21:23:26 | 000,005,018 | RH-- | M] () -- C:\dell.sdr
[2008/09/24 11:23:40 | 000,001,396 | ---- | M] () -- C:\detestfrag.txt
[2010/04/19 08:22:31 | 000,149,609 | ---- | M] () -- C:\hpfr3600.log
[2005/10/22 06:56:40 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/01/08 07:49:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/02 22:22:32 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/17 21:10:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/03 09:20:31 | 1340,080,128 | -HS- | M] () -- C:\pagefile.sys
[2010/05/03 13:15:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/03 13:54:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/03 21:29:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/04 06:34:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/04 09:39:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/04 14:47:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/04 16:10:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/04 18:30:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/05 09:22:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/05 11:59:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/05 15:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/05 21:25:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/06 07:06:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/06 15:07:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/06 23:04:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/07 10:12:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/02 16:46:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/03 10:26:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/03 10:35:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/03 12:06:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/03 13:15:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/03 13:54:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/03 21:29:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/04 06:34:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/04 09:39:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/04 14:47:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/04 16:10:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/04 18:30:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/05 09:22:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/05 11:59:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/05 15:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/05 21:25:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/06 07:06:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/06 15:07:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/06 23:04:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/07 10:12:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/02 16:46:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/03 10:26:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/03 10:35:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/03 12:06:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/10/18 21:48:33 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2006/05/14 08:29:36 | 000,021,004 | ---- | M] () -- C:\TEMP_BDT.CHA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 11:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 11:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 11:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2010/02/06 08:15:15 | 016,777,216 | -HS- | M] () -- C:\WINDOWS\system32\config\wqkaisbu.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\WINDOWS\akai1.bmp:SummaryInformation
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2010 9:35:16 AM
mbam-log-2010-06-03 (09-35-16).txt

Scan type: Quick scan
Objects scanned: 123592
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Sorry such a long post, that should be all the log files, thanks in advance for any help!
Peace!
  • 0

Advertisements

#2
SweetTech
Posted 03 June 2010 - 10:43 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Do you have the GMER log for me?
  • 0

#3
helpmePCGods
Posted 03 June 2010 - 10:56 AM

helpmePCGods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
SweetTech,

Thanks for the reply. Below is the GMER log; sorry, I thought I included it with the other logs!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-03 09:44:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CRIMSO~1\LOCALS~1\Temp\kxldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB0C1CC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB0C1CB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB0C1D0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB0C1D014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB0C1C70C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB0C1CC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB0C1C64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB0C1C6B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB0C1CD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB0C1D1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB0C1CCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB0C1CE70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB0C29AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB0C298EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB0C29A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 148 804E27B4 4 Bytes JMP 27B0C1D0
PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP B0C26EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP B0C298EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B0C29ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP B0C25536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP B0C29A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xB9D90760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9281F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[456] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00EF000A
.text C:\WINDOWS\System32\svchost.exe[1076] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F3000A
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
  • 0

#4
SweetTech
Posted 03 June 2010 - 11:07 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
XP

You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat


Posted Image

You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.
  • 0

#5
helpmePCGods
Posted 03 June 2010 - 11:17 AM

helpmePCGods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
SweetTech,

I do not have the Windows Recovery Console installed on this machine, nor am I able to do so; when I purchased the machine, everything came pre-loaded on the machine and I was not provided with any program CD's, not even a Windows XP CD. Additionally, my CDROM drive is currently out of commission.
Peace!
  • 0

#6
SweetTech
Posted 03 June 2010 - 12:11 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts

Extract the file and run it.


If TDSSKiller asks you to close all programs please allow it to do so.


Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)


If TDSSKiller asks to reboot your computer please allow it to do so.

Please post the content of that log TDSSKiller
  • 0

#7
helpmePCGods
Posted 03 June 2010 - 12:25 PM

helpmePCGods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
SweetTech,

TDSSkiller log file:

12:18:43:140 3224 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
12:18:43:140 3224 ================================================================================
12:18:43:140 3224 SystemInfo:

12:18:43:140 3224 OS Version: 5.1.2600 ServicePack: 3.0
12:18:43:140 3224 Product type: Workstation
12:18:43:140 3224 ComputerName: CRIMSON
12:18:43:140 3224 UserName: CrimsonSoulFire
12:18:43:140 3224 Windows directory: C:\WINDOWS
12:18:43:140 3224 Processor architecture: Intel x86
12:18:43:140 3224 Number of processors: 1
12:18:43:140 3224 Page size: 0x1000
12:18:43:140 3224 Boot type: Normal boot
12:18:43:140 3224 ================================================================================
12:18:43:468 3224 Initialize success
12:18:43:468 3224
12:18:43:468 3224 Scanning Services ...
12:18:43:890 3224 Raw services enum returned 379 services
12:18:43:921 3224
12:18:43:921 3224 Scanning Drivers ...
12:18:45:656 3224 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:18:45:843 3224 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:18:45:921 3224 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:18:46:046 3224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:18:46:171 3224 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:18:46:312 3224 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:18:46:437 3224 AegisP (8d155386b3b032ea7513e19f8c8f80a7) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:18:46:531 3224 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
12:18:46:656 3224 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
12:18:46:734 3224 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:18:46:843 3224 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:18:46:968 3224 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:18:47:046 3224 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:18:47:140 3224 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:18:47:296 3224 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:18:47:453 3224 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:18:47:562 3224 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:18:47:671 3224 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:18:47:796 3224 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:18:47:906 3224 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:18:47:968 3224 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:18:48:078 3224 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:18:48:296 3224 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
12:18:48:625 3224 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
12:18:48:765 3224 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
12:18:48:906 3224 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
12:18:48:984 3224 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:18:49:062 3224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:18:49:203 3224 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:18:49:328 3224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:18:49:421 3224 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
12:18:49:500 3224 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
12:18:49:578 3224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:18:49:687 3224 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:18:49:734 3224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:18:49:812 3224 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:18:49:921 3224 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:18:49:984 3224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:18:50:078 3224 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:18:50:187 3224 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:18:50:328 3224 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:18:50:453 3224 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:18:50:593 3224 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:18:50:703 3224 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:18:50:828 3224 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:18:50:906 3224 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:18:51:093 3224 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:18:51:156 3224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:18:51:218 3224 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:18:51:328 3224 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:18:51:453 3224 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:18:51:531 3224 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
12:18:51:671 3224 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
12:18:51:765 3224 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:18:51:890 3224 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
12:18:51:953 3224 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:18:52:062 3224 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:18:52:156 3224 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:18:52:250 3224 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:18:52:406 3224 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:18:52:500 3224 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:18:52:562 3224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:18:52:687 3224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:18:52:796 3224 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:18:52:843 3224 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:18:52:937 3224 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:18:53:062 3224 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:18:53:218 3224 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:18:53:296 3224 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:18:53:359 3224 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:18:53:484 3224 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:18:53:718 3224 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:18:53:781 3224 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:18:53:953 3224 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
12:18:54:171 3224 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
12:18:54:328 3224 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
12:18:54:468 3224 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:18:54:515 3224 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:18:54:609 3224 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:18:54:703 3224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:18:54:765 3224 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:18:54:875 3224 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:18:54:968 3224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:18:55:062 3224 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:18:55:156 3224 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:18:55:250 3224 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:18:55:328 3224 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:18:55:437 3224 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
12:18:55:593 3224 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:18:55:718 3224 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:18:55:875 3224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:18:55:968 3224 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:18:56:109 3224 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:18:56:187 3224 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
12:18:56:296 3224 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:18:56:390 3224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:18:56:531 3224 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:18:56:656 3224 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:18:56:781 3224 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:18:56:890 3224 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:18:57:062 3224 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:18:57:156 3224 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:18:57:218 3224 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:18:57:328 3224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:18:57:375 3224 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:18:57:484 3224 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:18:57:578 3224 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
12:18:57:671 3224 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:18:57:796 3224 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:18:57:937 3224 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:18:58:031 3224 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:18:58:109 3224 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:18:58:187 3224 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:18:58:312 3224 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
12:18:58:406 3224 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:18:58:515 3224 NetBT (b50f5be20bf002d3cedf1d20b784347b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:18:58:515 3224 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: b50f5be20bf002d3cedf1d20b784347b, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
12:18:58:515 3224 File "C:\WINDOWS\system32\DRIVERS\netbt.sys" infected by TDSS rootkit ... 12:19:01:000 3224 Backup copy found, using it..
12:19:01:031 3224 will be cured on next reboot
12:19:01:171 3224 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:19:01:312 3224 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:19:01:468 3224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:19:01:625 3224 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:19:01:812 3224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:19:01:859 3224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:19:01:984 3224 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:19:02:078 3224 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:19:02:218 3224 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:19:02:343 3224 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
12:19:02:437 3224 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:19:02:578 3224 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:19:02:687 3224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:19:02:781 3224 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:19:02:921 3224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:19:03:062 3224 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:19:03:281 3224 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:19:03:328 3224 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:19:03:453 3224 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
12:19:03:593 3224 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:19:03:640 3224 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:19:03:765 3224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:19:03:828 3224 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:19:03:921 3224 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:19:04:031 3224 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:19:04:156 3224 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:19:04:218 3224 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:19:04:343 3224 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:19:04:453 3224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:19:04:593 3224 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:19:04:687 3224 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:19:04:718 3224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:19:04:828 3224 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:19:04:937 3224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:19:05:000 3224 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:19:05:140 3224 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:19:05:265 3224 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:19:05:390 3224 RT2500 (4b6f7b6c966e90a55102daa107f44934) C:\WINDOWS\system32\DRIVERS\RT2500.sys
12:19:05:656 3224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:19:05:781 3224 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
12:19:05:921 3224 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:19:05:968 3224 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:19:06:109 3224 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:19:06:609 3224 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:19:06:734 3224 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:19:06:843 3224 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
12:19:06:968 3224 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:19:07:093 3224 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:19:07:187 3224 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:19:07:281 3224 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
12:19:07:390 3224 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
12:19:07:453 3224 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
12:19:07:500 3224 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:19:07:578 3224 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:19:07:843 3224 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:19:07:906 3224 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:19:08:015 3224 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:19:08:125 3224 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:19:08:234 3224 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:19:08:359 3224 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:19:08:453 3224 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:19:08:609 3224 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:19:08:718 3224 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:19:08:812 3224 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:19:08:968 3224 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
12:19:09:000 3224 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
12:19:09:046 3224 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
12:19:09:078 3224 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
12:19:09:140 3224 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
12:19:09:171 3224 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
12:19:09:234 3224 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
12:19:09:250 3224 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
12:19:09:312 3224 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
12:19:09:437 3224 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:19:09:531 3224 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:19:09:640 3224 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:19:09:781 3224 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:19:09:937 3224 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:19:10:046 3224 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:19:10:093 3224 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:19:10:234 3224 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:19:10:312 3224 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:19:10:375 3224 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:19:10:453 3224 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:19:10:515 3224 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:19:10:578 3224 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:19:10:718 3224 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:19:10:828 3224 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:19:10:953 3224 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:19:11:125 3224 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:19:11:265 3224 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:19:11:343 3224 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:19:11:343 3224 Reboot required for cure complete..
12:19:11:875 3224 Cure on reboot scheduled successfully
12:19:11:875 3224
12:19:11:875 3224 Completed
12:19:11:875 3224
12:19:11:875 3224 Results:
12:19:11:875 3224 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:19:11:875 3224 File objects infected / cured / cured on reboot: 1 / 0 / 1
12:19:11:875 3224
12:19:11:890 3224 KLMD(ARK) unloaded successfully
  • 0

#8
SweetTech
Posted 03 June 2010 - 02:35 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#9
helpmePCGods
Posted 03 June 2010 - 03:24 PM

helpmePCGods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
SweetTech,

Thanks for your reply. Pasted below is the combofix log. Computer seems to be quicker to respond when I open programs, and I have not gotten any random pop-up windows from IE8 since running the TDSSKiller. Please advise as to the next steps to be taken. Peace!

ComboFix 10-06-03.01 - CrimsonSoulFire 06/03/2010 14:59:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.784 [GMT -6:00]
Running from: c:\documents and settings\CrimsonSoulFire\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\11e4faedb.exe
c:\windows\system32\1576484747.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DCOMLAUNCHWMDMPMSN
-------\Legacy_DMADMINREMOTEACCESS
-------\Legacy_WMP54GV4SVCALERTER
-------\Service_DcomLaunchWmdmPmSN
-------\Service_dmadminRemoteAccess
-------\Service_WMP54Gv4SVCAlerter


((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-03 04:12 . 2010-06-03 04:12 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Local Settings\Application Data\Mozilla
2010-06-01 16:26 . 2010-06-01 16:26 -------- d-----w- c:\windows\VirtualEar
2010-06-01 16:26 . 2004-11-19 16:00 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-06-01 16:26 . 2003-08-20 00:36 65536 ----a-w- c:\windows\system32\Audio3d.dll
2010-06-01 16:26 . 2001-10-04 20:50 991232 ----a-w- c:\windows\system32\virtear.dll
2010-06-01 16:26 . 2002-04-17 20:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-06-01 16:21 . 2010-06-01 16:24 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Local Settings\Application Data\Deployment
2010-06-01 16:06 . 2010-06-01 16:06 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Local Settings\Application Data\Dell
2010-05-31 17:48 . 2010-05-31 17:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-12 00:38 . 2010-05-12 00:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-08 00:36 . 2010-06-03 13:36 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Tracing
2010-05-08 00:33 . 2010-05-08 00:33 -------- d-----w- c:\program files\Microsoft
2010-05-08 00:33 . 2010-05-08 00:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-08 00:32 . 2010-05-08 00:33 -------- d-----w- c:\program files\Windows Live
2010-05-08 00:20 . 2010-05-08 00:20 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 18:20 . 2004-08-10 17:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-06-03 04:22 . 2010-01-08 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 02:54 . 2008-01-03 12:58 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Application Data\SUPERAntiSpyware.com
2010-06-01 16:26 . 2005-10-19 03:27 -------- d-----w- c:\program files\Analog Devices
2010-06-01 16:26 . 2005-10-19 03:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-31 19:13 . 2007-01-22 19:22 -------- d-----w- c:\program files\MSN Messenger
2010-05-29 00:25 . 2010-05-29 00:25 4 ----a-w- c:\windows\system32\config\systemprofile\Application Data\ovczpx.dat
2010-05-22 15:12 . 2010-05-22 15:12 503808 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ea9fc32-n\msvcp71.dll
2010-05-22 15:12 . 2010-05-22 15:12 499712 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ea9fc32-n\jmc.dll
2010-05-22 15:12 . 2010-05-22 15:12 348160 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ea9fc32-n\msvcr71.dll
2010-05-22 15:12 . 2010-05-22 15:12 61440 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76d738c7-n\decora-sse.dll
2010-05-22 15:12 . 2010-05-22 15:12 12800 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76d738c7-n\decora-d3d.dll
2010-05-12 00:49 . 2005-10-19 03:38 -------- d-----w- c:\program files\Common Files\Java
2010-05-11 17:20 . 2007-10-15 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-10 22:28 . 2007-05-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-10 22:28 . 2005-12-30 02:51 -------- d-----w- c:\program files\Yahoo!
2010-05-08 00:36 . 2005-10-22 11:50 145752 -c--a-w- c:\documents and settings\CrimsonSoulFire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 20:59 . 2010-01-30 18:02 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-01-30 18:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-01-30 18:02 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-01-30 18:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-01-30 18:02 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-01-30 18:02 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-01-30 18:02 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-01-30 18:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 00:55 . 2010-05-02 00:55 -------- d-----w- c:\program files\Subliminal Blaster 2.0
2010-04-29 21:39 . 2010-01-08 17:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-01-08 17:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 21:37 . 2007-02-09 23:48 56 --sh--r- c:\windows\system32\77C1CD1C40.sys
2010-04-14 21:37 . 2007-02-09 23:48 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-14 16:47 . 2010-01-30 18:02 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-07 16:34 . 2008-01-23 14:55 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Application Data\IGN_DLM
2010-04-07 16:08 . 2010-04-07 16:08 -------- d-----w- c:\program files\Download Manager
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-12-19 2935480]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

c:\documents and settings\CrimsonSoulFire\Start Menu\Programs\Startup\
Shortcut to subliminalblaster.lnk - c:\program files\Subliminal Blaster 2.0\subliminalblaster.exe [2006-8-3 1354240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2009-8-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppMgmt"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\program files\Diablo II\Game.exe"= c:\program files\Diablo II\Game.exe:192.168.2.100/255.255.255.255:Enabled:Diablo II
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gpotato\\Flyff\\Flyff.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\WMP54Gv4.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4000:TCP"= 4000:TCP:Diablo II Open Battle.net
"57703:TCP"= 57703:TCP:Pando Media Booster
"57703:UDP"= 57703:UDP:Pando Media Booster

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/30/2010 12:02 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/30/2010 12:02 PM 19024]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 avast!TermService;avast! Web Scanner avast!TermService;c:\windows\system32\19852b68k.exe srv --> c:\windows\system32\19852b68k.exe srv [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;\??\c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-03 c:\windows\Tasks\User_Feed_Synchronization-{BE51C7A5-D0F5-444F-8C0D-3C4F4D240234}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\CrimsonSoulFire\Application Data\Mozilla\Firefox\Profiles\fxxr4pi3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-03 15:19:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-03 21:19

Pre-Run: 45,464,719,360 bytes free
Post-Run: 45,390,626,816 bytes free

- - End Of File - - E6DA8499F2B37714EF53911100362500
  • 0

#10
SweetTech
Posted 03 June 2010 - 04:28 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.geekstogo.com/forum/Rogue-InternetSecurity2010-Registry-Defender-2010-t278543.html&view=findpost&p=1843607#entry1843607
Collect::
c:\windows\system32\config\systemprofile\Application Data\ovczpx.dat

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.



NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

Edited by SweetTech, 03 June 2010 - 04:28 PM.

  • 0

Advertisements

#11
helpmePCGods
Posted 03 June 2010 - 10:19 PM

helpmePCGods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ComboFix 10-06-03.01 - CrimsonSoulFire 06/03/2010 16:58:17.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.754 [GMT -6:00]
Running from: c:\documents and settings\CrimsonSoulFire\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CrimsonSoulFire\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\config\systemprofile\Application Data\ovczpx.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\ovczpx.dat

.
((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-03 04:12 . 2010-06-03 04:12 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Local Settings\Application Data\Mozilla
2010-06-01 16:26 . 2010-06-01 16:26 -------- d-----w- c:\windows\VirtualEar
2010-06-01 16:26 . 2004-11-19 16:00 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-06-01 16:26 . 2003-08-20 00:36 65536 ----a-w- c:\windows\system32\Audio3d.dll
2010-06-01 16:26 . 2001-10-04 20:50 991232 ----a-w- c:\windows\system32\virtear.dll
2010-06-01 16:26 . 2002-04-17 20:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-06-01 16:21 . 2010-06-01 16:24 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Local Settings\Application Data\Deployment
2010-06-01 16:06 . 2010-06-01 16:06 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Local Settings\Application Data\Dell
2010-05-31 17:48 . 2010-05-31 17:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-22 15:12 . 2010-05-22 15:12 503808 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ea9fc32-n\msvcp71.dll
2010-05-22 15:12 . 2010-05-22 15:12 499712 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ea9fc32-n\jmc.dll
2010-05-22 15:12 . 2010-05-22 15:12 348160 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ea9fc32-n\msvcr71.dll
2010-05-22 15:12 . 2010-05-22 15:12 61440 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76d738c7-n\decora-sse.dll
2010-05-22 15:12 . 2010-05-22 15:12 12800 ----a-w- c:\documents and settings\CrimsonSoulFire\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76d738c7-n\decora-d3d.dll
2010-05-12 00:38 . 2010-05-12 00:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-08 00:36 . 2010-06-03 13:36 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Tracing
2010-05-08 00:33 . 2010-05-08 00:33 -------- d-----w- c:\program files\Microsoft
2010-05-08 00:33 . 2010-05-08 00:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-08 00:32 . 2010-05-08 00:33 -------- d-----w- c:\program files\Windows Live
2010-05-08 00:20 . 2010-05-08 00:20 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 18:20 . 2004-08-10 17:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-06-03 04:22 . 2010-01-08 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 02:54 . 2008-01-03 12:58 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Application Data\SUPERAntiSpyware.com
2010-06-01 16:26 . 2005-10-19 03:27 -------- d-----w- c:\program files\Analog Devices
2010-06-01 16:26 . 2005-10-19 03:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-31 19:13 . 2007-01-22 19:22 -------- d-----w- c:\program files\MSN Messenger
2010-05-12 00:49 . 2005-10-19 03:38 -------- d-----w- c:\program files\Common Files\Java
2010-05-11 17:20 . 2007-10-15 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-10 22:28 . 2007-05-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-10 22:28 . 2005-12-30 02:51 -------- d-----w- c:\program files\Yahoo!
2010-05-08 00:36 . 2005-10-22 11:50 145752 -c--a-w- c:\documents and settings\CrimsonSoulFire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 20:59 . 2010-01-30 18:02 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-01-30 18:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-01-30 18:02 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-01-30 18:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-01-30 18:02 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-01-30 18:02 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-01-30 18:02 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-01-30 18:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 00:55 . 2010-05-02 00:55 -------- d-----w- c:\program files\Subliminal Blaster 2.0
2010-04-29 21:39 . 2010-01-08 17:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-01-08 17:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 21:37 . 2007-02-09 23:48 56 --sh--r- c:\windows\system32\77C1CD1C40.sys
2010-04-14 21:37 . 2007-02-09 23:48 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-14 16:47 . 2010-01-30 18:02 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-07 16:34 . 2008-01-23 14:55 -------- d-----w- c:\documents and settings\CrimsonSoulFire\Application Data\IGN_DLM
2010-04-07 16:08 . 2010-04-07 16:08 -------- d-----w- c:\program files\Download Manager
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-12-19 2935480]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

c:\documents and settings\CrimsonSoulFire\Start Menu\Programs\Startup\
Shortcut to subliminalblaster.lnk - c:\program files\Subliminal Blaster 2.0\subliminalblaster.exe [2006-8-3 1354240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2009-8-21 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppMgmt"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\program files\Diablo II\Game.exe"= c:\program files\Diablo II\Game.exe:192.168.2.100/255.255.255.255:Enabled:Diablo II
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gpotato\\Flyff\\Flyff.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\WMP54Gv4.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4000:TCP"= 4000:TCP:Diablo II Open Battle.net
"57703:TCP"= 57703:TCP:Pando Media Booster
"57703:UDP"= 57703:UDP:Pando Media Booster

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/30/2010 12:02 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/30/2010 12:02 PM 19024]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 avast!TermService;avast! Web Scanner avast!TermService;c:\windows\system32\19852b68k.exe srv --> c:\windows\system32\19852b68k.exe srv [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;\??\c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\CRIMSO~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-03 c:\windows\Tasks\User_Feed_Synchronization-{BE51C7A5-D0F5-444F-8C0D-3C4F4D240234}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\CrimsonSoulFire\Application Data\Mozilla\Firefox\Profiles\fxxr4pi3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2010-06-03 17:09:35
ComboFix-quarantined-files.txt 2010-06-03 23:09
ComboFix2.txt 2010-06-03 21:19

Pre-Run: 45,406,093,312 bytes free
Post-Run: 45,392,044,032 bytes free

- - End Of File - - 916383C61A0F44BE1D8B4CB9C55FB735
Upload was successful


C:\Qoobox\Quarantine\C\WINDOWS\system32\11e4faedb.exe.vir a variant of Win32/Kryptik.ESV trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP69\A0009347.exe a variant of Win32/Kryptik.ERZ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP75\A0012800.exe Win32/IRCBot.NBC trojan

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2010 5:24:40 PM
mbam-log-2010-06-03 (17-24-40).txt

Scan type: Quick scan
Objects scanned: 128885
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET log file:

C:\Qoobox\Quarantine\C\WINDOWS\system32\11e4faedb.exe.vir a variant of Win32/Kryptik.ESV trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP69\A0009347.exe a variant of Win32/Kryptik.ERZ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP75\A0012800.exe Win32/IRCBot.NBC trojan

OTL logfile created on: 6/3/2010 9:47:18 PM - Run 4
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\CrimsonSoulFire\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1278 1478 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.03 Gb Total Space | 42.19 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRIMSON
Current User Name: CrimsonSoulFire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/02 19:31:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\OTL.exe
PRC - [2010/05/06 14:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 17:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/21 06:08:15 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/11 15:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/05/10 03:35:00 | 005,208,576 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 21:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
PRC - [2003/06/25 10:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 17:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 19:31:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (avast!TermService)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/12 19:33:00 | 003,477,452 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 13:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/04/21 14:56:10 | 000,242,176 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/02/01 17:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/12/06 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 00:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/07/15 20:20:46 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 18:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 22:12:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 09:16:41 | 000,000,000 | ---D | M]

[2010/06/02 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Mozilla\Extensions
[2010/06/03 09:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Mozilla\Firefox\Profiles\fxxr4pi3.default\extensions
[2010/06/03 07:35:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\CrimsonSoulFire\Application Data\Mozilla\Firefox\Profiles\fxxr4pi3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/02 22:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/03 17:06:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\CrimsonSoulFire\Start Menu\Programs\Startup\Shortcut to subliminalblaster.lnk = C:\Program Files\Subliminal Blaster 2.0\subliminalblaster.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144279139234 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.239.225.2 63.239.225.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\littlerabbit.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\littlerabbit.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 11:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/03 17:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/03 14:56:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/03 14:56:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/03 14:56:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/03 14:56:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/03 14:54:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/03 12:18:27 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\TDSSKiller.exe
[2010/06/02 22:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\Mozilla
[2010/06/02 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/02 16:51:02 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\OTL.exe
[2010/06/01 10:26:26 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2010/06/01 10:26:26 | 000,065,536 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3d.dll
[2010/06/01 10:26:26 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/06/01 10:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2010/06/01 10:26:25 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/06/01 10:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\Deployment
[2010/06/01 10:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\Dell
[2010/06/01 06:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/01 06:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/31 14:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/31 10:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/31 10:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/11 18:38:14 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/11 18:38:14 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/11 18:38:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/11 18:38:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/11 18:38:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/07 18:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CrimsonSoulFire\Tracing
[2010/05/07 18:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/07 18:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/05/07 18:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/07 18:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/07 18:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

========== Files - Modified Within 30 Days ==========

[2010/06/03 20:00:32 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BE51C7A5-D0F5-444F-8C0D-3C4F4D240234}.job
[2010/06/03 17:09:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 17:06:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/03 17:06:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/03 16:54:05 | 000,052,980 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\copy_to_otl.rtf
[2010/06/03 15:10:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/03 15:09:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 15:08:26 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\NTUSER.DAT
[2010/06/03 15:08:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CrimsonSoulFire\ntuser.ini
[2010/06/03 14:50:45 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\ComboFix.exe
[2010/06/03 12:19:36 | 011,228,360 | -H-- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\IconCache.db
[2010/06/03 12:18:01 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Application Data\mainhst.zgh
[2010/06/03 12:18:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2010/06/03 09:56:12 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/06/02 22:11:56 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/02 19:31:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\OTL.exe
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\CrimsonSoulFire\Desktop\TDSSKiller.exe
[2010/05/23 10:32:32 | 021,233,720 | ---- | M] () -- C:\WINDOWS\littlerabbit.bmp
[2010/05/15 22:41:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/12 07:11:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/11 18:37:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/11 18:37:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/11 18:37:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/11 18:37:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/11 18:37:48 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/08 08:19:09 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/08 07:02:50 | 000,429,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/07 18:36:26 | 000,145,752 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/07 18:36:11 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\CrimsonSoulFire\My Documents\My Sharing Folders.lnk
[2010/05/07 10:12:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/07 10:12:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/06 23:04:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/06 23:04:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/06 15:07:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/06 15:07:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/06 14:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 14:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 07:06:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/06 07:06:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/05 21:25:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/05 21:25:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/05 15:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/05 15:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/05 11:59:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/05 11:59:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/05 09:22:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/05 09:22:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm

========== Files Created - No Company Name ==========

[2010/06/03 14:56:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/03 14:56:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/03 14:56:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/03 14:56:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/03 14:56:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/03 14:50:44 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\ComboFix.exe
[2010/06/03 09:56:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/06/02 22:11:56 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/02 17:22:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\gmer.exe
[2010/06/02 16:51:47 | 000,052,980 | ---- | C] () -- C:\Documents and Settings\CrimsonSoulFire\Desktop\copy_to_otl.rtf
[2010/05/23 10:32:29 | 021,233,720 | ---- | C] () -- C:\WINDOWS\littlerabbit.bmp
[2008/10/25 08:47:03 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/26 07:26:44 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/17 08:47:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/10/22 05:38:00 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/02/09 17:48:44 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/09 17:48:44 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\77C1CD1C40.sys
[2006/09/22 17:02:17 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/08/04 06:16:24 | 000,000,504 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/05/15 18:16:53 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/15 18:16:53 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/15 18:16:53 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/12/28 10:26:43 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/12/28 10:26:12 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/12/27 08:05:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/12/27 08:05:12 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/10/22 14:16:29 | 000,000,145 | ---- | C] () -- C:\WINDOWS\game.INI
[2005/10/22 12:38:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/22 07:51:56 | 000,003,384 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/10/21 21:19:03 | 000,007,452 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2005/10/21 21:18:20 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/10/18 22:05:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/18 21:51:00 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/18 21:18:16 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2005/10/18 21:18:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2005/10/18 21:18:14 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2005/10/18 21:17:02 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/10/21 21:09:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/15 10:22:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/03 17:10:17 | 000,013,135 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/10/18 21:23:26 | 000,005,018 | RH-- | M] () -- C:\dell.sdr
[2008/09/24 11:23:40 | 000,001,396 | ---- | M] () -- C:\detestfrag.txt
[2010/04/19 08:22:31 | 000,149,609 | ---- | M] () -- C:\hpfr3600.log
[2005/10/22 06:56:40 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/01/08 07:49:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/02 22:22:32 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/17 21:10:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/03 15:09:19 | 1340,080,128 | -HS- | M] () -- C:\pagefile.sys
[2010/05/03 13:15:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/03 13:54:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/03 21:29:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/04 06:34:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/04 09:39:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/04 14:47:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/04 16:10:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/04 18:30:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/05 09:22:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/05 11:59:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/05 15:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/05 21:25:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/06 07:06:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/06 15:07:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/06 23:04:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/07 10:12:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/02 16:46:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/03 10:26:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/03 10:35:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/03 12:06:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/03 13:15:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/03 13:54:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/03 21:29:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/04 06:34:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/04 09:39:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/04 14:47:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/04 16:10:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/04 18:30:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/05 09:22:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/05 11:59:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/05/05 15:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/05 21:25:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/06 07:06:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/06 15:07:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/06 23:04:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/07 10:12:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/02 16:46:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/03 10:26:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/03 10:35:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/03 12:06:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/10/18 21:48:33 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/06/03 12:19:11 | 000,048,912 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_03.06.2010_12.18.43_log.txt
[2006/05/14 08:29:36 | 000,021,004 | ---- | M] () -- C:\TEMP_BDT.CHA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 11:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 11:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 11:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2010/02/06 08:15:15 | 016,777,216 | -HS- | M] () -- C:\WINDOWS\system32\config\wqkaisbu.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 14:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/06/03 12:20:19 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2009/12/31 10:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\WINDOWS\akai1.bmp:SummaryInformation
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Very sorry this took so long, the ESET scan took over 3 hours. The only thing I am really wondering right now is howcome the malwarebytes scan didn't find anything, but the ESET scan found three seperate infections? Should I be using a different malware detector than Malwarebytes?

I hope I have posted all the logs you require - my computer seems to be running just fine, no significant slow-downs and no random IE8 pop ups for quite awhile now. The ESET scan sortof concerned me, but I let it run it's course. Eagerly awaiting the next steps in this process!

Peace!
  • 0

#12
SweetTech
Posted 04 June 2010 - 07:28 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Question: The only thing I am really wondering right now is howcome the malwarebytes scan didn't find anything, but the ESET scan found three seperate infections? Should I be using a different malware detector than Malwarebytes?
Answer: MalwareBytes is a very good program and I use it personally. There isn't one security program out there that will detect everything. There are certain things that MalwareBytes' Anti-Malware will detect that the ESET Online Scanner won't detect.



NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#13
helpmePCGods
Posted 04 June 2010 - 08:13 AM

helpmePCGods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Dr Watson for Microsoft Windows OneCare Live v1.0.0971.36
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.3) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
  • 0

#14
SweetTech
Posted 04 June 2010 - 08:17 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.


NEXT:


Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Update FireFox
While in Firefox go to the Help menu.
Locate Check for Updates.
Allow Firefox to install the latest update. Which is 3.6.3



NEXT:



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up
Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#15
helpmePCGods
Posted 04 June 2010 - 09:26 AM

helpmePCGods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
SweetTech,

Thanks so much for all your help in getting my computer cleaned up and running better! Everything seems to be going smoothly so far, I've done all the updating you requested, removed the programs you had me download for scans, and now I am in the process of changing passwords.
I appreciate your help and prompt replies!

Peace!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP