Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't remove Antimalware Doctor [Solved]


  • This topic is locked This topic is locked

#1
ohserio

ohserio

    Member

  • Member
  • PipPip
  • 18 posts
AntiMalware Doctor randomly downloaded itself onto my computer and it's so annoying! I've already tried Malwarebytes and System Restore (it says it's been turned of my group policy).
I've seen other problems like this on the site, but I have different logs, so I don't know if it'll work for my computer. Please help! :)

Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2010 4:59:53 PM
mbam-log-2010-06-30 (16-59-53).txt

Scan type: Quick scan
Objects scanned: 129923
Time elapsed: 11 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.63,93.188.161.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0118775b-633b-4b4a-a777-8223d5872c62}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.63,93.188.161.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0118775b-633b-4b4a-a777-8223d5872c62}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.63,93.188.161.203 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7ecda78c-a6b5-4284-8302-aad506b92c34}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.63,93.188.161.203 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\user\Local Settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#3
ohserio

ohserio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I can't seem to post the logs and everything else. Is it because of the length? I tried shortening down to just one log and it still wouldn't work.

When I try to reply it says "Internet Explorer cannot display the webpage."

Edited by ohserio, 01 July 2010 - 03:14 AM.

  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

It's most likely due to the infection you have. Try running the tool below and then posting the logs. :)

Running TDSSKiller


Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.


Download TDSSKiller from one of the links below:

Zipped Version or Executable (Not Zipped) Version


Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.


Please ensure that you save the TDSSKiller file to you desktop.


If TDSSKiller asks you to close all programs please allow it to do so.


If you see the following:
To finalize removal of infection and avoid loosing of data program will reboot your PC now.
Close all programs and choose Y to restart or N to continue.


Please enter Y and allow TDSSKiller to reboot your computer.


Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.


Please post the content of the TDSSKiller log.
  • 0

#5
ohserio

ohserio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
1. Well thanks for sticking with me :)
Sorry for the wait.

2. OTL Log:

OTL logfile created on: 6/30/2010 7:29:58 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.96 Gb Total Space | 70.79 Gb Free Space | 76.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\user\Local Settings\Temp\Llr.exe ()
PRC - C:\Program Files\Antispyware Soft Pro\avsuite.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\ihosepefoqesoda.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (NMSAccess) -- File not found
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\Tosporte.sys (TOSHIBA Corporation)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{F4B08CE9-ACDC-494B-B343-DD1616D6DC36}: C:\Documents and Settings\user\Local Settings\Application Data\{F4B08CE9-ACDC-494B-B343-DD1616D6DC36} [2010/06/19 19:21:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Fmawubalikoq] C:\WINDOWS\ihosepefoqesoda.DLL ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [070700Setup.exe] C:\Documents and Settings\user\Application Data\FB8A85D1430B61387E4ACB006F2BBDB5\070700Setup.exe (MS)
O4 - HKCU..\Run: [avsuite] C:\Program Files\Antispyware Soft Pro\avsuite.exe ()
O4 - HKCU..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\Documents and Settings\user\Local Settings\Temp\kgxn2.exe ()
O4 - HKCU..\Run: [Jjovebuteb] C:\WINDOWS\crvi32.DLL (MaresWEB)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [QNB2EB90WX] C:\Documents and Settings\user\Local Settings\Temp\Llr.exe ()
O4 - HKCU..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Documents and Settings\user\Local Settings\Temp\mdm.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1268548947030 (WUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/28 13:12:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/07/28 13:11:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/06/30 19:24:50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/06/29 20:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/06/29 20:02:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/29 20:02:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/29 20:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/29 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/29 19:44:41 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup.exe
[2010/06/29 19:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/29 19:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 19:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2010/06/29 19:12:56 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/06/29 19:12:50 | 000,064,512 | ---- | C] (Blog do Birungueta) -- C:\WINDOWS\System32\ernel32.dll
[2010/06/29 19:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FB8A85D1430B61387E4ACB006F2BBDB5
[2010/06/29 19:12:49 | 000,064,512 | ---- | C] (Blog do Birungueta) -- C:\Documents and Settings\user\Application Data\2d51d823.exe
[2010/06/26 17:42:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/24 14:43:06 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/06/24 14:43:06 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/06/23 23:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Tracing
[2010/06/23 23:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/06/23 23:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/19 19:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{F4B08CE9-ACDC-494B-B343-DD1616D6DC36}
[2010/06/19 19:19:36 | 000,267,520 | ---- | C] (eSXi) -- C:\Documents and Settings\user\Local Settings\Application Data\7306416.exe
[2010/06/19 19:19:36 | 000,061,440 | ---- | C] (MaresWEB) -- C:\Documents and Settings\user\Local Settings\Application Data\7306417.exe
[2010/06/10 17:43:12 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/06 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/06/06 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/06/06 12:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Google
[2010/06/06 12:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2010/06/06 12:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/06/04 08:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\gegl-0.0
[2010/06/02 22:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Battlefield Heroes
[2005/07/28 13:39:18 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/30 19:24:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/06/30 19:20:53 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/30 18:05:56 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for user.job
[2010/06/30 17:00:37 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\npclam.sys
[2010/06/30 16:34:49 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\2d51d823.job
[2010/06/30 16:30:34 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1CCF0082-0FA7-4618-BF3D-2441D03856B1}.job
[2010/06/30 16:29:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\System32\ernel32.dll
[2010/06/30 16:29:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/30 16:29:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/30 16:29:39 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/30 02:13:46 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/06/30 02:13:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/06/30 00:26:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xvitalegetek.bin
[2010/06/29 20:14:00 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 19:44:41 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup.exe
[2010/06/29 19:43:36 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\user\Desktop\rkill.com
[2010/06/29 19:13:02 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\d7b1z1.dll
[2010/06/29 19:12:51 | 000,169,472 | ---- | M] () -- C:\WINDOWS\Ldurua.exe
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\Documents and Settings\user\Application Data\2d51d823.exe
[2010/06/29 01:08:51 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rtijodet.dat
[2010/06/26 17:41:16 | 000,073,224 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/25 21:20:05 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/25 18:26:56 | 000,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/23 00:03:55 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 00:03:55 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 00:03:55 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 19:19:36 | 000,267,520 | ---- | M] (eSXi) -- C:\Documents and Settings\user\Local Settings\Application Data\7306416.exe
[2010/06/19 19:19:36 | 000,061,440 | ---- | M] (MaresWEB) -- C:\Documents and Settings\user\Local Settings\Application Data\7306417.exe
[2010/06/18 21:41:52 | 000,039,819 | ---- | M] () -- C:\Documents and Settings\user\.recently-used.xbel
[2010/06/18 05:54:54 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\ckftt.dll
[2010/06/18 05:54:38 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\gkftt.dll
[2010/06/18 05:48:56 | 000,040,617 | ---- | M] () -- C:\WINDOWS\System32\tkftt.exe
[2010/06/11 00:55:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 00:43:38 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/10 13:35:50 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/10 13:35:22 | 000,215,016 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/08 01:53:19 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 22:01:38 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\user\Application Data\PnkBstrK.sys
[2010/06/02 22:01:15 | 002,427,248 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010/06/02 18:25:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/02 18:25:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/30 17:00:37 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\npclam.sys
[2010/06/29 20:14:00 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/29 19:43:32 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\user\Desktop\rkill.com
[2010/06/29 19:13:29 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/29 19:13:03 | 000,169,472 | ---- | C] () -- C:\WINDOWS\Ldurua.exe
[2010/06/29 19:13:02 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\d7b1z1.dll
[2010/06/29 19:12:49 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\2d51d823.job
[2010/06/19 19:21:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rtijodet.dat
[2010/06/19 19:21:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xvitalegetek.bin
[2010/06/18 21:41:52 | 000,039,819 | ---- | C] () -- C:\Documents and Settings\user\.recently-used.xbel
[2010/06/18 05:54:54 | 000,310,784 | ---- | C] () -- C:\WINDOWS\System32\ckftt.dll
[2010/06/18 05:54:38 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\gkftt.dll
[2010/06/18 05:48:56 | 000,040,617 | ---- | C] () -- C:\WINDOWS\System32\tkftt.exe
[2010/06/11 00:43:38 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/02 18:25:10 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/02 18:25:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/31 12:18:45 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/18 20:34:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/05/01 19:16:40 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSya.DLL
[2010/05/01 19:16:18 | 000,000,356 | R--- | C] () -- C:\WINDOWS\System32\CNCASv50.ini
[2010/05/01 19:15:58 | 000,000,462 | R--- | C] () -- C:\WINDOWS\System32\CNCMP50.INI
[2010/04/26 19:34:14 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/26 19:34:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/26 19:34:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/26 19:34:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/26 19:34:10 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/26 19:34:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/04/26 18:38:04 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/13 22:58:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/08 11:53:05 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/08/08 11:53:05 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/08/08 11:47:49 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/07/28 14:17:57 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/28 14:16:21 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/07/28 14:15:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/07/28 14:15:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/07/28 14:15:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/07/28 14:15:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/07/28 14:15:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/07/28 14:15:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/07/28 14:13:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/07/28 14:12:59 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2005/07/28 13:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/07/28 13:44:46 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/07/28 13:44:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/07/28 13:44:46 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/07/28 13:44:46 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/07/28 13:40:24 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/28 13:39:18 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/07/28 13:19:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/28 13:08:47 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/07/28 11:50:53 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/28 11:48:16 | 000,183,296 | ---- | C] () -- C:\WINDOWS\ihosepefoqesoda.dll
[2005/06/30 13:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/02 15:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

========== LOP Check ==========

[2010/05/22 14:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/07/28 14:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/15 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/05/01 19:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canon
[2010/06/29 19:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FB8A85D1430B61387E4ACB006F2BBDB5
[2010/06/25 23:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2005/07/28 14:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterTrust
[2010/03/21 13:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\toshiba
[2010/06/30 16:34:49 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\2d51d823.job
[2010/06/30 16:30:34 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1CCF0082-0FA7-4618-BF3D-2441D03856B1}.job
[2010/06/30 19:20:53 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/07/28 13:12:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/14 01:16:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/07/28 13:12:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/30 16:29:39 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2005/07/28 13:12:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/07/28 14:22:00 | 000,000,895 | -H-- | M] () -- C:\IPH.PH
[2005/07/28 13:12:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/14 01:04:23 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/30 16:29:38 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/06/30 16:37:47 | 000,000,587 | ---- | M] () -- C:\rkill.log
[2010/03/13 23:38:13 | 000,000,516 | ---- | M] () -- C:\Settings.ini

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\31e9aAA9.dll
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\31uOC17u.dll
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3e79k179.dll
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\55q5w.dll
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A317s31s9.dll
[2002/09/29 13:00:00 | 000,013,824 | R--- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDya.DLL
[2002/09/29 13:00:00 | 000,046,080 | R--- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPya.DLL
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\eIQ317.dll
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\w1uOCEIQ.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/07/28 06:03:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/07/28 06:03:13 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/07/28 06:03:13 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-27 04:58:05
< End of report >




Extras:

OTL Extras logfile created on: 6/30/2010 7:29:58 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.96 Gb Total Space | 70.79 Gb Free Space | 76.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4669544E-20E4-4E56-8B44-2E6E1200051F}" = Canon MP Toolbox 4.1
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP Drivers
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7ED0C3C2-6A3B-4FD1-97C8-20613D7D9ACF}" = TIxx21/x515
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}" = MyConnect Special Offer
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"America Online us" = America Online (Choose which version to remove)
"Antispyware Soft Pro" = Antispyware Soft Pro
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AT&T Connection Services Software" = AT&T Connection Services Manager
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{7ED0C3C2-6A3B-4FD1-97C8-20613D7D9ACF}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaInfo" = MediaInfo 0.7.31
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Notebook_Maximizer" = Notebook Maximizer
"NSS" = Norton Security Scan
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toshiba Q4 Retail Demo.scr" = Toshiba Q4 Retail Demo ScreenSaver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! Music Engine" = Yahoo! Music Engine

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for user
"{6B34251B-AB68-4b47-AA5E-09B50EFE41A0}" = Battlefield Heroes (PTE) (user)
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (user)
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2010 12:53:41 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01932951.

Error - 6/30/2010 12:54:31 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x76f2a289.

Error - 6/30/2010 2:32:12 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00fc2951.

Error - 6/30/2010 2:37:06 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x76f2345a.

Error - 6/30/2010 3:42:42 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x014a2951.

Error - 6/30/2010 3:47:22 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x76f2345a.

Error - 6/30/2010 7:30:11 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01462951.

Error - 6/30/2010 7:30:13 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x76f2345a.

Error - 6/30/2010 7:32:44 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 6/30/2010 7:32:44 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 6/30/2010 10:31:59 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:32:07 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:32:14 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:32:22 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:32:29 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:32:37 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:32:44 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:32:52 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:32:59 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding

Error - 6/30/2010 10:33:07 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4BEE36D7-DF28-49C1-8B85-1F3AED830E66}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
-Embedding


< End of report >


3. GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-30 22:04:21
Windows 5.1.2600 Service Pack 3
Running: vnjv9039.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwliyfob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ohci1394.sys entry point in ".rsrc" section [0xF7772114]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB902FDBF]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00D8000A
.text C:\WINDOWS\System32\svchost.exe[1540] ole32.dll!CoCreateInstance 7750057E 3 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[1540] ole32.dll!CoCreateInstance + 4 77500582 1 Byte [89]
.text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\explorer.exe[2116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [004183AF] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00418429] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [004184A3] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [004183AF] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00418429] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00418555] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [004184A3] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [00418429] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ShowWindow] [004184A3] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [00418555] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [00418555] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe[3716] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExW] [00418429] C:\DOCUME~1\user\LOCALS~1\Temp\Llr.exe

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Cdfs \Cdfs 9E1D3400
Device -> \Driver\atapi \Device\Harddisk0\DR0 86EA1EC5

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0WXZWVDN\convpixel[5].jpg 0 bytes
File C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0WXZWVDN\adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pi
d=10;sz=468x62,300x251;dclu5=a4537449b833131;source=site;t=3;tile=2;ord=40274819
4
4279613[1] 0 bytes
File C:\WINDOWS\system32\drivers\ohci1394.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


4. The virus is just as annoying as ever :\.

Edited by ohserio, 01 July 2010 - 04:58 PM.

  • 0

#6
ohserio

ohserio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks :) The replies work now.

TDSSKiller Log:

15:44:40:139 3420 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
15:44:40:139 3420 ================================================================================
15:44:40:139 3420 SystemInfo:

15:44:40:139 3420 OS Version: 5.1.2600 ServicePack: 3.0
15:44:40:139 3420 Product type: Workstation
15:44:40:139 3420 ComputerName: TOSHIBA-USER
15:44:40:139 3420 UserName: user
15:44:40:139 3420 Windows directory: C:\WINDOWS
15:44:40:139 3420 System windows directory: C:\WINDOWS
15:44:40:139 3420 Processor architecture: Intel x86
15:44:40:139 3420 Number of processors: 1
15:44:40:139 3420 Page size: 0x1000
15:44:40:139 3420 Boot type: Normal boot
15:44:40:139 3420 ================================================================================
15:44:40:510 3420 Initialize success
15:44:40:510 3420
15:44:40:510 3420 Scanning Services ...
15:44:41:021 3420 Raw services enum returned 365 services
15:44:41:021 3420
15:44:41:021 3420 Scanning Drivers ...
15:44:42:142 3420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:44:42:182 3420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:44:42:222 3420 aeaudio (f13d8e7e1faa31019c25eb17b5fb2662) C:\WINDOWS\system32\drivers\aeaudio.sys
15:44:42:252 3420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:44:42:303 3420 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:44:42:363 3420 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:44:42:453 3420 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:44:42:573 3420 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:44:42:633 3420 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
15:44:42:653 3420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:44:42:673 3420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:44:42:703 3420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:44:42:753 3420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:44:42:793 3420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:44:42:813 3420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:44:42:863 3420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:44:42:893 3420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:44:42:943 3420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:44:42:994 3420 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:44:43:024 3420 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:44:43:064 3420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:44:43:124 3420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:44:43:174 3420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:44:43:214 3420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:44:43:244 3420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:44:43:284 3420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:44:43:314 3420 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
15:44:43:344 3420 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
15:44:43:384 3420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:44:43:434 3420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:44:43:444 3420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:44:43:464 3420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:44:43:484 3420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:44:43:504 3420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:44:43:544 3420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:44:43:564 3420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:44:43:614 3420 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:44:43:674 3420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:44:43:775 3420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:44:43:865 3420 ialm (4007984827e19e6a5b6faf8532eaefba) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:44:43:915 3420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:44:43:935 3420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:44:43:945 3420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:44:43:975 3420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:44:44:015 3420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:44:44:035 3420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:44:44:065 3420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:44:44:095 3420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:44:44:125 3420 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
15:44:44:155 3420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:44:44:175 3420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:44:44:195 3420 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
15:44:44:245 3420 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
15:44:44:255 3420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:44:44:315 3420 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
15:44:44:345 3420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:44:44:396 3420 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
15:44:44:436 3420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:44:44:526 3420 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
15:44:44:556 3420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:44:44:586 3420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:44:44:596 3420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:44:44:636 3420 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:44:44:646 3420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:44:44:676 3420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:44:44:736 3420 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:44:44:756 3420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:44:44:786 3420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:44:44:806 3420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:44:44:836 3420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:44:44:886 3420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:44:44:906 3420 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:44:44:926 3420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:44:44:966 3420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:44:44:996 3420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:44:45:006 3420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:44:45:026 3420 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:44:45:036 3420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:44:45:056 3420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:44:45:087 3420 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
15:44:45:117 3420 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:44:45:137 3420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:44:45:177 3420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:44:45:237 3420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:44:45:357 3420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:44:45:487 3420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:44:45:617 3420 ohci1394 (0da1c24ab7b7ce6cc3e762ab870b34b2) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:44:45:617 3420 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ohci1394.sys. Real md5: 0da1c24ab7b7ce6cc3e762ab870b34b2, Fake md5: ca33832df41afb202ee7aeb05145922f
15:44:45:617 3420 File "C:\WINDOWS\system32\DRIVERS\ohci1394.sys" infected by TDSS rootkit ... 15:44:47:149 3420 Backup copy found, using it..
15:44:47:160 3420 will be cured on next reboot
15:44:47:250 3420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:44:47:280 3420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:44:47:330 3420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:44:47:340 3420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:44:47:400 3420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:44:47:420 3420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:44:47:520 3420 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
15:44:47:540 3420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:44:47:550 3420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:44:47:580 3420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:44:47:600 3420 PxHelp20 (25f7c4453f189f79eb3846d3e23805a0) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:44:47:690 3420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:44:47:730 3420 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:44:47:740 3420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:44:47:760 3420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:44:47:770 3420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:44:47:800 3420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:44:47:830 3420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:44:47:861 3420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:44:47:901 3420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:44:47:921 3420 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:44:47:981 3420 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:44:48:011 3420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:44:48:041 3420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:44:48:081 3420 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:44:48:141 3420 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:44:48:191 3420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:44:48:251 3420 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
15:44:48:301 3420 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
15:44:48:341 3420 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:44:48:371 3420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:44:48:411 3420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:44:48:471 3420 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
15:44:48:501 3420 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:44:48:511 3420 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
15:44:48:552 3420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:44:48:562 3420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:44:48:662 3420 SynTP (f6770219b73bd989d5613d2e9c78a227) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:44:48:702 3420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:44:48:752 3420 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
15:44:48:812 3420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:44:48:842 3420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:44:48:872 3420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:44:48:892 3420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:44:48:902 3420 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
15:44:48:922 3420 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
15:44:48:932 3420 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
15:44:48:942 3420 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
15:44:48:952 3420 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
15:44:48:962 3420 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
15:44:48:972 3420 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
15:44:49:002 3420 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
15:44:49:042 3420 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
15:44:49:062 3420 tifm21 (046ea1353dd599dac9abdcd13504b06c) C:\WINDOWS\system32\drivers\tifm21.sys
15:44:49:112 3420 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys
15:44:49:152 3420 tosporte (e46fb54be8a2a395fe96633b838baafe) C:\WINDOWS\system32\DRIVERS\tosporte.sys
15:44:49:162 3420 Tosrfbd (1d4f013b80787fb4dd2a8c5179d6eb4d) C:\WINDOWS\system32\Drivers\tosrfbd.sys
15:44:49:192 3420 Tosrfbnp (353b3dac1727e52eb46932ecdcb73840) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
15:44:49:222 3420 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys
15:44:49:232 3420 tosrfec (7d80888aba0b6127ac298efa48bef058) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
15:44:49:243 3420 Tosrfhid (37bcbccc4a71abbeaee90fd25e1132b2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
15:44:49:273 3420 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
15:44:49:293 3420 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\WINDOWS\system32\drivers\TosRfSnd.sys
15:44:49:303 3420 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
15:44:49:323 3420 TVALD (c51bfed6c2d9d6512e346f25d92ad8d9) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
15:44:49:353 3420 Tvs (29c1c3df7c29490b504da3e3b9099928) C:\WINDOWS\system32\DRIVERS\Tvs.sys
15:44:49:413 3420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:44:49:483 3420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:44:49:533 3420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:44:49:563 3420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:44:49:583 3420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:44:49:613 3420 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:44:49:663 3420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:44:49:703 3420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:44:49:753 3420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:44:49:803 3420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:44:49:853 3420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:44:50:014 3420 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
15:44:50:124 3420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:44:50:164 3420 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
15:44:50:204 3420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:44:50:244 3420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:44:50:294 3420 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
15:44:50:304 3420 Reboot required for cure complete..
15:44:50:755 3420 Cure on reboot scheduled successfully
15:44:50:755 3420
15:44:50:755 3420 Completed
15:44:50:755 3420
15:44:50:765 3420 Results:
15:44:50:765 3420 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:44:50:765 3420 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:44:50:765 3420
15:44:50:765 3420 KLMD(ARK) unloaded successfully
  • 0

#7
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    PRC - C:\Documents and Settings\user\Local Settings\Temp\Llr.exe ()
    PRC - C:\Program Files\Antispyware Soft Pro\avsuite.exe ()
    MOD - C:\WINDOWS\ihosepefoqesoda.dll ()
    SRV - (NMSAccess) -- File not found
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [Fmawubalikoq] C:\WINDOWS\ihosepefoqesoda.DLL ()
    O4 - HKCU..\Run: [070700Setup.exe] C:\Documents and Settings\user\Application Data\FB8A85D1430B61387E4ACB006F2BBDB5\070700Setup.exe (MS)
    O4 - HKCU..\Run: [avsuite] C:\Program Files\Antispyware Soft Pro\avsuite.exe ()
    O4 - HKCU..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\Documents and Settings\user\Local Settings\Temp\kgxn2.exe ()
    O4 - HKCU..\Run: [Jjovebuteb] C:\WINDOWS\crvi32.DLL (MaresWEB)
    O4 - HKCU..\Run: [QNB2EB90WX] C:\Documents and Settings\user\Local Settings\Temp\Llr.exe ()
    O4 - HKCU..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Documents and Settings\user\Local Settings\Temp\mdm.exe ()
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2010/06/29 19:12:50 | 000,064,512 | ---- | C] (Blog do Birungueta) -- C:\WINDOWS\System32\ernel32.dll
    [2010/06/29 19:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FB8A85D1430B61387E4ACB006F2BBDB5
    [2010/06/29 19:12:49 | 000,064,512 | ---- | C] (Blog do Birungueta) -- C:\Documents and Settings\user\Application Data\2d51d823.exe
    [2010/06/19 19:19:36 | 000,267,520 | ---- | C] (eSXi) -- C:\Documents and Settings\user\Local Settings\Application Data\7306416.exe
    [2010/06/19 19:19:36 | 000,061,440 | ---- | C] (MaresWEB) -- C:\Documents and Settings\user\Local Settings\Application Data\7306417.exe
    [2010/06/30 19:20:53 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
    [2010/06/30 17:00:37 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\npclam.sys
    [2010/06/30 16:34:49 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\2d51d823.job
    [2010/06/30 00:26:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xvitalegetek.bin
    [2010/06/29 19:44:41 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup.exe
    [2010/06/29 19:13:02 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\d7b1z1.dll
    [2010/06/29 19:12:51 | 000,169,472 | ---- | M] () -- C:\WINDOWS\Ldurua.exe
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\Documents and Settings\user\Application Data\2d51d823.exe
    [2010/06/29 01:08:51 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rtijodet.dat
    [2010/06/19 19:19:36 | 000,267,520 | ---- | M] (eSXi) -- C:\Documents and Settings\user\Local Settings\Application Data\7306416.exe
    [2010/06/19 19:19:36 | 000,061,440 | ---- | M] (MaresWEB) -- C:\Documents and Settings\user\Local Settings\Application Data\7306417.exe
    [2010/06/18 05:54:54 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\ckftt.dll
    [2010/06/18 05:54:38 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\gkftt.dll
    [2010/06/18 05:48:56 | 000,040,617 | ---- | M] () -- C:\WINDOWS\System32\tkftt.exe
    [2010/06/29 19:13:02 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\d7b1z1.dll
    [2010/06/29 19:12:49 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\2d51d823.job
    [2010/06/19 19:21:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rtijodet.dat
    [2010/06/19 19:21:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xvitalegetek.bin
    [2010/06/18 05:54:54 | 000,310,784 | ---- | C] () -- C:\WINDOWS\System32\ckftt.dll
    [2010/06/18 05:54:38 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\gkftt.dll
    [2010/06/18 05:48:56 | 000,040,617 | ---- | C] () -- C:\WINDOWS\System32\tkftt.exe
    [2005/07/28 11:48:16 | 000,183,296 | ---- | C] () -- C:\WINDOWS\ihosepefoqesoda.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\31e9aAA9.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\31uOC17u.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\3e79k179.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\55q5w.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A317s31s9.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\eIQ317.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\w1uOCEIQ.dll
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#8
ohserio

ohserio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I've already ran OTL but I can't open Combofix.

It keeps giving me this error:
Posted Image

:)
  • 0

#9
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. That's interesting. I'm going to provide you with a different way of running ComboFix. Lets see if that works better for you.

Download this version of combofix

Please download ComboFix from: Here to your Desktop.

**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to the name provided in the image below:

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
  • Double click on the renamed version of ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the ComboFix log which can be found in the root drive (usually the C: Drive) for further review.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
  • 0

#10
ohserio

ohserio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It's still giving me the same problem. :)

I've already disabled all my antivirus things and renamed it.
  • 0

Advertisements


#11
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay.

Please post the log that was produced after running the OTL fix in my previous post.

OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.

Edited by SweetTech, 01 July 2010 - 06:02 PM.

  • 0

#12
ohserio

ohserio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL Fix Scan:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named Llr.exe was found!
No active process named avsuite.exe was found!
Error: No service named NMSAccess was found to stop!
Service\Driver key NMSAccess not found.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Fmawubalikoq not found.
File C:\WINDOWS\ihosepefoqesoda.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\070700Setup.exe not found.
File C:\Documents and Settings\user\Application Data\FB8A85D1430B61387E4ACB006F2BBDB5\070700Setup.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avsuite not found.
File C:\Program Files\Antispyware Soft Pro\avsuite.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hsef87ehf3jishfs87fhuishfsgggfdgs4g not found.
File C:\Documents and Settings\user\Local Settings\Temp\kgxn2.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jjovebuteb not found.
File C:\WINDOWS\crvi32.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QNB2EB90WX not found.
File C:\Documents and Settings\user\Local Settings\Temp\Llr.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sdr8gdrgdrgke49orkgsjkjfjhsd not found.
File C:\Documents and Settings\user\Local Settings\Temp\mdm.exe not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\WINDOWS\System32\ernel32.dll not found.
Folder C:\Documents and Settings\user\Application Data\FB8A85D1430B61387E4ACB006F2BBDB5\ not found.
File C:\Documents and Settings\user\Application Data\2d51d823.exe not found.
File C:\Documents and Settings\user\Local Settings\Application Data\7306416.exe not found.
File C:\Documents and Settings\user\Local Settings\Application Data\7306417.exe not found.
File C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.
File C:\WINDOWS\System32\drivers\npclam.sys not found.
File C:\WINDOWS\tasks\2d51d823.job not found.
File C:\WINDOWS\Xvitalegetek.bin not found.
File C:\Documents and Settings\user\Desktop\mbam-setup.exe not found.
File C:\WINDOWS\System32\d7b1z1.dll not found.
File C:\WINDOWS\Ldurua.exe not found.
File C:\Documents and Settings\user\Application Data\2d51d823.exe not found.
File C:\WINDOWS\Rtijodet.dat not found.
File C:\Documents and Settings\user\Local Settings\Application Data\7306416.exe not found.
File C:\Documents and Settings\user\Local Settings\Application Data\7306417.exe not found.
File C:\WINDOWS\System32\ckftt.dll not found.
File C:\WINDOWS\System32\gkftt.dll not found.
File C:\WINDOWS\System32\tkftt.exe not found.
File C:\WINDOWS\System32\d7b1z1.dll not found.
File C:\WINDOWS\tasks\2d51d823.job not found.
File C:\WINDOWS\Rtijodet.dat not found.
File C:\WINDOWS\Xvitalegetek.bin not found.
File C:\WINDOWS\System32\ckftt.dll not found.
File C:\WINDOWS\System32\gkftt.dll not found.
File C:\WINDOWS\System32\tkftt.exe not found.
File C:\WINDOWS\ihosepefoqesoda.dll not found.
File C:\WINDOWS\system32\spool\prtprocs\w32x86\31e9aAA9.dll not found.
File C:\WINDOWS\system32\spool\prtprocs\w32x86\31uOC17u.dll not found.
File C:\WINDOWS\system32\spool\prtprocs\w32x86\3e79k179.dll not found.
File C:\WINDOWS\system32\spool\prtprocs\w32x86\55q5w.dll not found.
File C:\WINDOWS\system32\spool\prtprocs\w32x86\A317s31s9.dll not found.
File C:\WINDOWS\system32\spool\prtprocs\w32x86\eIQ317.dll not found.
File C:\WINDOWS\system32\spool\prtprocs\w32x86\w1uOCEIQ.dll not found.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: user
->Temp folder emptied: 132027 bytes
->Temporary Internet Files folder emptied: 48761370 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 754 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 363520 bytes

Total Files Cleaned = 47.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07012010_170617

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






OTL Custom Scan:

OTL logfile created on: 7/1/2010 5:10:14 PM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 689.00 Mb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.96 Gb Total Space | 73.44 Gb Free Space | 79.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\Tosporte.sys (TOSHIBA Corporation)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{F4B08CE9-ACDC-494B-B343-DD1616D6DC36}: C:\Documents and Settings\user\Local Settings\Application Data\{F4B08CE9-ACDC-494B-B343-DD1616D6DC36} [2010/06/19 19:21:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1268548947030 (WUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.63,93.188.161.203
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/28 13:12:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/07/28 13:11:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/07/01 16:13:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 15:44:30 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2010/06/30 19:24:50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/06/29 20:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/06/29 20:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/29 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/29 19:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/29 19:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 19:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2010/06/29 19:12:56 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/06/26 17:42:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/24 14:43:06 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/06/24 14:43:06 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/06/23 23:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Tracing
[2010/06/23 23:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/06/23 23:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/19 19:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{F4B08CE9-ACDC-494B-B343-DD1616D6DC36}
[2010/06/10 17:43:12 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/06 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/06/06 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/06/06 12:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Google
[2010/06/06 12:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2010/06/06 12:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/06/04 08:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\gegl-0.0
[2010/06/02 22:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Battlefield Heroes
[2005/07/28 13:39:18 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[2010/07/01 17:11:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1CCF0082-0FA7-4618-BF3D-2441D03856B1}.job
[2010/07/01 17:08:09 | 000,011,878 | ---- | M] () -- C:\Documents and Settings\user\My Documents\otl fix scan.docx
[2010/07/01 17:07:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Word.lnk
[2010/07/01 17:07:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 17:07:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/01 17:07:04 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/01 17:06:28 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/07/01 17:06:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/07/01 16:48:45 | 003,725,496 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tghixdie.exe
[2010/07/01 16:23:16 | 003,725,496 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/07/01 15:50:41 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/01 15:50:41 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/01 15:50:41 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/01 15:44:30 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2010/07/01 02:21:37 | 000,029,895 | ---- | M] () -- C:\Documents and Settings\user\My Documents\antimalware reply.docx
[2010/06/30 20:06:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\user\Desktop\vnjv9039.exe
[2010/06/30 19:24:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/06/26 17:41:16 | 000,073,224 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/25 21:20:05 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/25 18:26:56 | 000,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/18 21:41:52 | 000,039,819 | ---- | M] () -- C:\Documents and Settings\user\.recently-used.xbel
[2010/06/11 00:55:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 00:43:38 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/10 13:35:50 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/10 13:35:22 | 000,215,016 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/08 01:53:19 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 22:01:38 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\user\Application Data\PnkBstrK.sys
[2010/06/02 22:01:15 | 002,427,248 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010/06/02 18:25:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/02 18:25:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

========== Files Created - No Company Name ==========

[2010/07/01 17:08:08 | 000,011,878 | ---- | C] () -- C:\Documents and Settings\user\My Documents\otl fix scan.docx
[2010/07/01 16:48:45 | 003,725,496 | ---- | C] () -- C:\Documents and Settings\user\Desktop\tghixdie.exe
[2010/07/01 16:23:16 | 003,725,496 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/07/01 02:21:37 | 000,029,895 | ---- | C] () -- C:\Documents and Settings\user\My Documents\antimalware reply.docx
[2010/06/30 20:05:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\user\Desktop\vnjv9039.exe
[2010/06/18 21:41:52 | 000,039,819 | ---- | C] () -- C:\Documents and Settings\user\.recently-used.xbel
[2010/06/11 00:43:38 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/02 18:25:10 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/02 18:25:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/31 12:18:45 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/18 20:34:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/05/01 19:16:40 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSya.DLL
[2010/05/01 19:16:18 | 000,000,356 | R--- | C] () -- C:\WINDOWS\System32\CNCASv50.ini
[2010/05/01 19:15:58 | 000,000,462 | R--- | C] () -- C:\WINDOWS\System32\CNCMP50.INI
[2010/04/26 19:34:14 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/26 19:34:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/26 19:34:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/26 19:34:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/26 19:34:10 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/26 19:34:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/04/26 18:38:04 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/13 22:58:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/08 11:53:05 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/08/08 11:53:05 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/08/08 11:47:49 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/07/28 14:17:57 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/28 14:16:21 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/07/28 14:15:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/07/28 14:15:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/07/28 14:15:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/07/28 14:15:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/07/28 14:15:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/07/28 14:15:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/07/28 14:13:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/07/28 14:12:59 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2005/07/28 13:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/07/28 13:44:46 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/07/28 13:44:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/07/28 13:44:46 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/07/28 13:44:46 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/07/28 13:40:24 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/28 13:39:18 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/07/28 13:19:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/28 13:08:47 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/07/28 11:50:53 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/30 13:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/02 15:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/07/28 13:12:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/14 01:16:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/07/28 13:12:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/01 17:07:04 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2005/07/28 13:12:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/07/28 14:22:00 | 000,000,895 | -H-- | M] () -- C:\IPH.PH
[2005/07/28 13:12:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/14 01:04:23 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/01 17:07:03 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/06/30 16:37:47 | 000,000,587 | ---- | M] () -- C:\rkill.log
[2010/03/13 23:38:13 | 000,000,516 | ---- | M] () -- C:\Settings.ini
[2010/07/01 15:44:50 | 000,040,658 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_01.07.2010_15.44.40_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\317iQ17c.dll
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5cEIQ.dll
[2002/09/29 13:00:00 | 000,013,824 | R--- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDya.DLL
[2002/09/29 13:00:00 | 000,046,080 | R--- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPya.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\sK55g.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/07/28 06:03:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/07/28 06:03:13 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/07/28 06:03:13 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-27 04:58:05
< End of report >
  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I'd like for you to run the OTL fix below. I'd then like for you to attempt to run ComboFix again. IF it still will not run attempt to boot into Safe Mode and run it from there.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.63,93.188.161.203
    [2010/06/30 20:06:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\user\Desktop\vnjv9039.exe
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\317iQ17c.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\5cEIQ.dll
    [2010/06/29 19:12:49 | 000,064,512 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\sK55g.dll
    
    :Reg
    
    :Files
    flushdns /c
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#14
ohserio

ohserio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
1.OTL Fix Scan:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
C:\Documents and Settings\user\Desktop\vnjv9039.exe moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\317iQ17c.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\5cEIQ.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\sK55g.dll moved successfully.
========== REGISTRY ==========
========== FILES ==========
< flushdns /c >
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: user
->Temp folder emptied: 3395 bytes
->Temporary Internet Files folder emptied: 28872607 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 716 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 28.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07012010_172631

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




2. Combofix still won't run :) I tried it in safe mode too.
  • 0

#15
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP