Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Probable Hidden Malware Sapping cpu Performance


  • Please log in to reply

#1
Amonra17

Amonra17

    New Member

  • Member
  • Pip
  • 5 posts
Hello I have posted on the site before but I believe I did not do it right. Hopefully this time is correct.
I believe that I have one or several viruses or Malware that I suspect have hidden themselves from detection or have just destroyed my computer's inner workings before removal.

My Problems:

1) Upon Startup windows prompts to say Firewall not activated(It does go away shortly, but the message never appeared until a few months ago).

2) Computer extremely slow in first five-ten minutes

3) One of several Svchost.exe takes up too much RAM and mem usage (I've heard viruses stick on to svchost so that may be a cause)

4) Avira found 33 hidden items during scan (increasing my belief that malware is hiding)

5) Incomparable slowness of computer at random times (with several other processes including svchost.exe taking up 50-99% of cpu memory)

6) Random error message sounds but no actual message ever appears

7a.) explorer.exe prompts to force shutdown whenever I visit a file containing video files.

7b.) Afterwards something called Dr PostMortem debugger (or something like that) prompts for forced shutdown (But I have never heard of the thing)

8) Error message that a file cannot be found, but the name of the file not found seems to change after a while (currently its ajaduxoxuxuvi.dll)

A while back I was hit hard by several nasty viruses and I kept getting bluescreened and had a distorted monitor. These things are gone and do not happen now, but they may still have left something behind. Please help because I do not know what else to do. I have already completed the steps in the spyware and malware removal forum but above problems still persist. Requested logs are blow


--------------------------------------------------------------------------------------------------------------------------------
OTL.txt (OTL Extras never popped up after scan)
--------------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 9/19/2010 3:40:48 PM - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Aaron Beverly\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 37.00 Mb Available Physical Memory | 8.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.59 Gb Total Space | 9.88 Gb Free Space | 17.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AARON-CPC
Current User Name: Aaron Beverly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/17 23:58:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron Beverly\My Documents\Downloads\OTL.exe
PRC - [2010/09/10 12:20:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/11 00:54:32 | 000,408,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/02 23:23:08 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/28 17:43:14 | 000,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/28 00:47:22 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2006/03/06 18:03:02 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/03/04 00:30:16 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/03/02 19:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 20:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 15:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/12/06 02:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/11/02 20:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/09/26 15:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/06/01 00:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/11 19:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 04:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 04:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe


========== Modules (SafeList) ==========

MOD - [2010/09/17 23:58:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron Beverly\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2002/03/03 08:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/06/02 07:35:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/02/07 20:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/09/26 15:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva201.sys -- (XDva201)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2010/07/22 20:35:10 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/01 00:20:38 | 000,043,776 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/03/04 00:29:50 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 19:46:54 | 000,191,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/18 22:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/09 19:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/15 04:49:52 | 000,468,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/24 19:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/04 02:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www1.yoog.com.../search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {4ACB96BD-7DCB-4507-93DE-0E88B3BF233D}:1.9.1
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{4ACB96BD-7DCB-4507-93DE-0E88B3BF233D}: C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\{4ACB96BD-7DCB-4507-93DE-0E88B3BF233D} [2010/09/14 10:19:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/12 10:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: E:\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: E:\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.1b2\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 2\components [2010/07/20 19:42:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.1b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugins [2010/07/20 19:42:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/06 21:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/20 19:42:53 | 000,000,000 | ---D | M]

[2009/03/21 22:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Extensions
[2009/03/21 22:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Extensions\[email protected]
[2010/09/19 03:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Firefox\Profiles\ynupniss.default\extensions
[2010/04/26 23:33:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Firefox\Profiles\ynupniss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 21:07:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Firefox\Profiles\ynupniss.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/11/24 00:56:24 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Firefox\Profiles\ynupniss.default\searchplugins\aim-search.xml
[2007/09/20 15:18:11 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Firefox\Profiles\ynupniss.default\searchplugins\siteadvisor.xml
[2009/03/31 15:46:01 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Firefox\Profiles\ynupniss.default\searchplugins\Yoog Search.xml
[2010/09/19 03:55:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/10 16:57:38 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2005/12/06 02:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/10/11 13:50:33 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/06/04 09:46:00 | 000,306,733 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10560 more lines...
O2 - BHO: (no name) - {3A0A092E-8629-4056-ACF7-1E2D4CBA37C5} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {8766296B-3A8C-40D0-AF4B-45CB02C0A57A} - No CLSID value found.
O2 - BHO: (no name) - {8DB8D696-4693-400C-AD84-FA85F1237AB3} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {B4ADEF68-32A1-43DC-AE55-C1C8CF2AFF29} - No CLSID value found.
O2 - BHO: (no name) - {F036B7E7-36E9-4C0C-B71F-DAA90A4C4B36} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Etuzepiguyoruke] C:\WINDOWS\ajaduxoxuxuvi.DLL File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PC Adware-Spware Removal] C:\Program Files\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FrostWire SpeedUp Pro.lnk = C:\Program Files\FrostWire\FrostWire SpeedUp Pro\FrostWire SpeedUp Pro.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....aceUploader.cab (MySpace Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1200453987812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\jkkJDWPI: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\vtUkhHAP: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: dovifebas - {19ad0d15-f296-47bc-bdb0-e27d878bd328} - C:\WINDOWS\System32\rayehopo.dll File not found
O22 - SharedTaskScheduler: {19ad0d15-f296-47bc-bdb0-e27d878bd328} - jugezatag - C:\WINDOWS\System32\rayehopo.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/20 14:09:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4e77a98b-2166-11df-830f-00a0d14c24ef}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\Shell - "" = AutoRun
O33 - MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

File not found -- C:\Documents and Settings\Aaron Beverly\Desktop\Wicked Man's Rest - Passenger - Wicked....
[2010/09/18 21:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/18 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/14 10:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\{4ACB96BD-7DCB-4507-93DE-0E88B3BF233D}
[2010/09/01 22:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/09/01 22:15:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/09/01 22:15:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010/09/01 13:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/07/22 20:36:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/20 19:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/20 19:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/20 19:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/20 10:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/20 00:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/20 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/18 21:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\vtvxwhfwe
[2010/07/04 21:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\gavvswooy
[2010/06/24 14:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2006/03/20 14:40:34 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 90 Days ==========

File not found -- C:\Documents and Settings\Aaron Beverly\Desktop\Wicked Man's Rest - Passenger - Wicked....
[2010/09/19 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\qsdmgqvp.job
[2010/09/19 09:33:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/19 09:33:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/19 09:33:29 | 467,775,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 04:01:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Aaron Beverly\ntuser.ini
[2010/09/19 04:01:34 | 014,417,920 | -H-- | M] () -- C:\Documents and Settings\Aaron Beverly\NTUSER.DAT
[2010/09/19 00:33:49 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\Desktop\Avira AntiVir Personal.doc
[2010/09/18 22:19:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/18 21:45:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/18 21:18:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Aaron Beverly\My Documents\~$eks to go malware removal.doc
[2010/09/18 20:14:28 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/18 19:17:27 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\My Documents\Geeks to go malware removal.doc
[2010/09/18 19:04:52 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\Desktop\Microsoft Office Word 2007.lnk
[2010/09/16 11:18:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cmizocesofihu.bin
[2010/09/16 11:18:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Bfaroveraxifoke.dat
[2010/09/16 01:46:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/09 10:41:35 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\Desktop\Panorama Guest List 9-8-10 Mtg..doc
[2010/09/07 22:27:54 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\Desktop\Application.doc
[2010/09/07 13:32:53 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 19:31:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/30 03:09:35 | 004,843,596 | -H-- | M] () -- C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\IconCache.db
[2010/08/14 16:59:14 | 001,608,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 23:10:36 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 23:10:36 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 23:10:36 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 11:29:39 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/22 20:35:10 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/20 00:49:18 | 000,002,116 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/07/19 00:31:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/18 21:18:38 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

========== Files Created - No Company Name ==========

[2010/09/19 00:33:44 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Aaron Beverly\Desktop\Avira AntiVir Personal.doc
[2010/09/18 21:18:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Aaron Beverly\My Documents\~$eks to go malware removal.doc
[2010/09/18 20:14:28 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/18 19:17:26 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Aaron Beverly\My Documents\Geeks to go malware removal.doc
[2010/09/09 10:41:32 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Aaron Beverly\Desktop\Panorama Guest List 9-8-10 Mtg..doc
[2010/09/07 21:26:56 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Aaron Beverly\Desktop\Application.doc
[2010/08/04 09:16:12 | 467,775,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/20 19:50:26 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/20 00:49:18 | 000,002,116 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/07/20 00:35:22 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/18 21:18:18 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/05/24 15:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 15:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 15:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 15:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 15:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 15:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 15:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 15:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 15:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 15:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 15:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 15:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 15:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 15:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 15:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 15:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 15:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 16:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 16:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 16:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 16:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 16:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 16:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 16:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 16:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 16:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 16:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/02/24 13:03:53 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/09/19 23:57:07 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2009/06/11 02:19:24 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/12/12 01:31:53 | 000,000,443 | ---- | C] () -- C:\WINDOWS\System32\oemryjdm.dll
[2008/12/12 01:31:00 | 000,000,445 | ---- | C] () -- C:\WINDOWS\System32\aqvuowod.dll
[2008/12/11 23:02:09 | 000,000,445 | ---- | C] () -- C:\WINDOWS\System32\syiryhds.dll
[2008/12/10 23:00:31 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\psbfjbmh.ini
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/03 22:32:14 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\Aaron Beverly\Application Data\Bosco's Screen Share 1.0 Prefs
[2008/06/02 01:54:55 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2008/05/31 17:56:12 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\Aaron Beverly\Application Data\wklnhst.dat
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/10/08 22:52:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/26 14:27:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/03/04 14:35:51 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/08 15:38:58 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/01/08 15:31:56 | 000,001,446 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/02 18:52:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/31 16:42:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/30 23:53:49 | 000,198,144 | ---- | C] () -- C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/10 16:00:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/10 14:58:21 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/03/20 19:26:30 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/03/20 15:20:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/20 15:20:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/20 15:20:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/20 15:20:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/20 15:20:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/20 15:20:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/20 15:17:30 | 000,000,756 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/20 15:03:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/03/20 15:02:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/20 14:46:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/20 14:46:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/20 14:46:03 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/20 14:46:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/20 14:40:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/03/20 14:13:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/20 14:05:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/20 12:53:09 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/24 19:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/09/18 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\acccore
[2006/11/01 00:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\BitTorrent
[2010/02/24 02:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Broderbund
[2008/03/31 13:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Chessmaster Challenge
[2008/09/06 20:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\eBookPro6
[2007/07/30 02:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\ExecutiveSoftware
[2009/09/19 23:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Final Draft
[2010/09/12 21:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\FrostWire
[2009/02/12 18:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\GetRightToGo
[2006/03/20 17:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\InterVideo
[2010/02/20 22:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Jaran Nilsen
[2009/05/30 05:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\LimeWire
[2008/06/02 02:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Lost Marble
[2007/12/14 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\MSNInstaller
[2008/05/31 17:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\Template
[2008/06/05 11:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\toshiba
[2010/02/24 13:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\TypingMaster7
[2010/05/13 17:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Beverly\Application Data\uTorrent
[2009/09/18 23:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/24 02:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/03/27 23:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chessmaster Challenge
[2009/09/19 23:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2010/07/20 00:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/02/22 13:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2007/09/05 20:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2009/12/21 14:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/18 23:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/01 00:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/03/24 20:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/20 19:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/18 21:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/19 19:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/19 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\qsdmgqvp.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/03/20 14:09:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/10/30 17:22:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/03/20 14:09:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/21 15:56:26 | 000,000,000 | ---- | M] () -- C:\DVDPATH.TXT
[2005/11/29 05:31:12 | 000,219,780 | ---- | M] () -- C:\EULA.pdf
[2010/09/19 09:33:29 | 467,775,488 | -HS- | M] () -- C:\hiberfil.sys
[2006/03/20 14:09:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/18 23:04:20 | 000,003,825 | -H-- | M] () -- C:\IPH.PH
[2009/02/12 21:47:49 | 000,000,487 | ---- | M] () -- C:\LOG11B.log
[2010/05/31 00:19:12 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/03/20 14:09:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/06 19:05:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/19 09:33:27 | 701,558,784 | -HS- | M] () -- C:\pagefile.sys
[2007/03/21 02:19:47 | 000,008,109 | ---- | M] () -- C:\Rescued document 12.txt
[2007/03/21 02:19:49 | 000,008,113 | ---- | M] () -- C:\Rescued document 13.txt
[2010/07/19 23:32:23 | 000,000,387 | ---- | M] () -- C:\rkill.log
[2007/06/25 19:14:50 | 000,000,802 | ---- | M] () -- C:\rollback.ini
[2007/06/29 10:32:59 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2010/06/03 11:55:21 | 000,035,616 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_03.06.2010_11.54.58_log.txt
[2010/06/03 12:05:49 | 000,034,660 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_03.06.2010_12.05.39_log.txt
[2010/07/18 21:18:38 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2007/03/21 02:19:47 | 000,000,162 | -H-- | M] () -- C:\~$scued document 12.txt
[2007/03/21 02:19:49 | 000,000,162 | -H-- | M] () -- C:\~$scued document 13.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/03/20 06:00:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/03/20 06:00:50 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/03/20 06:00:50 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-16 07:35:37

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92766455
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A14D0C2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6088A0C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:669764DD
< End of report >

--------------------------------------------------------------------------------------------------------------------------------
MBAM LOG
--------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4650

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/18/2010 10:07:55 PM
mbam-log-2010-09-18 (22-07-55).txt

Scan type: Quick scan
Objects scanned: 164064
Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------------------
GMER
--------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-19 09:49:28
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\AARONB~1\LOCALS~1\Temp\pgliqpod.sys


---- System - GMER 1.0.15 ----

SSDT F7F480EE ZwCreateKey
SSDT F7F480E4 ZwCreateThread
SSDT F7F480F3 ZwDeleteKey
SSDT F7F480FD ZwDeleteValueKey
SSDT F7F48102 ZwLoadKey
SSDT F7F480D0 ZwOpenProcess
SSDT F7F480D5 ZwOpenThread
SSDT F7F4810C ZwReplaceKey
SSDT F7F48107 ZwRestoreKey
SSDT F7F480F8 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF2424620]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3832] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3832] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 330B9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\hjgruiocncphto.sys
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\[email protected]id 10096
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\[email protected] 7200
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\main\[email protected]* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\[email protected] \systemroot\system32\drivers\hjgruiocncphto.sys
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\[email protected] \systemroot\system32\hjgruitlqjawry.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\[email protected] \systemroot\system32\hjgruieqqieouv.dat
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\[email protected] \systemroot\system32\hjgruionohbbau.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruijmyswion\[email protected] \systemroot\system32\hjgruicjwqwxak.dat
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\kungsffkvchrdq.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\[email protected] 10096
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\[email protected] 7200
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\main\[email protected]* kungsfwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\[email protected] \systemroot\system32\drivers\kungsffkvchrdq.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\[email protected] \systemroot\system32\kungsfcmxskyij.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\[email protected] \systemroot\system32\kungsfufnmxedd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\[email protected] \systemroot\system32\kungsfrddtglnd.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kungsftaeabaka\[email protected] \systemroot\system32\kungsfvwgqlsml.dat
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\SKYNETvfvnsetn.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\[email protected] 10096
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\[email protected] 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\main\[email protected]* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\[email protected] \systemroot\system32\drivers\SKYNETvfvnsetn.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbvpwidwo\[email protected] \systemroot\system32\SKYNETwxwbuemd.dll

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the Avenger folder to your desktop
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Drivers to delete:
hjgruijmyswion
kungsftaeabaka
SKYNETbvpwidwo

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply




Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - Winlogon\Notify\jkkJDWPI: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\vtUkhHAP: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21 - SSODL: dovifebas - {19ad0d15-f296-47bc-bdb0-e27d878bd328} - C:\WINDOWS\System32\rayehopo.dll File not found
    O22 - SharedTaskScheduler: {19ad0d15-f296-47bc-bdb0-e27d878bd328} - jugezatag - C:\WINDOWS\System32\rayehopo.dll File not found
    O33 - MountPoints2\{4e77a98b-2166-11df-830f-00a0d14c24ef}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
    O33 - MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\Shell - "" = AutoRun
    O33 - MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    [2010/09/19 10:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\qsdmgqvp.job
    [2010/09/16 11:18:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cmizocesofihu.bin
    [2010/09/16 11:18:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Bfaroveraxifoke.dat
    [2010/07/18 21:18:38 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
    [2008/12/12 01:31:53 | 000,000,443 | ---- | C] () -- C:\WINDOWS\System32\oemryjdm.dll
    [2008/12/12 01:31:00 | 000,000,445 | ---- | C] () -- C:\WINDOWS\System32\aqvuowod.dll
    [2008/12/11 23:02:09 | 000,000,445 | ---- | C] () -- C:\WINDOWS\System32\syiryhds.dll
    [2008/12/10 23:00:31 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\psbfjbmh.ini
    [2008/02/22 13:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • 0

#3
Amonra17

Amonra17

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello Rorschach112. Thank you for the quick reply. All of the steps requested have been completed. The logs are below.

--------------------------------------------------------------------------------------------------------------------------------------
Avenger
--------------------------------------------------------------------------------------------------------------------------------------


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\hjgruijmyswion" not found!
Deletion of driver "hjgruijmyswion" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kungsftaeabaka" not found!
Deletion of driver "kungsftaeabaka" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\SKYNETbvpwidwo" not found!
Deletion of driver "SKYNETbvpwidwo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
--------------------------------------------------------------------------------------------------------------------------------------
OTL
--------------------------------------------------------------------------------------------------------------------------------------

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkJDWPI\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUkhHAP\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\dovifebas deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19ad0d15-f296-47bc-bdb0-e27d878bd328}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{19ad0d15-f296-47bc-bdb0-e27d878bd328} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19ad0d15-f296-47bc-bdb0-e27d878bd328}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e77a98b-2166-11df-830f-00a0d14c24ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e77a98b-2166-11df-830f-00a0d14c24ef}\ not found.
File E:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7c88eda-7135-11dc-8143-0016e36ba567}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7c88eda-7135-11dc-8143-0016e36ba567}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7c88eda-7135-11dc-8143-0016e36ba567}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7c88eda-7135-11dc-8143-0016e36ba567}\ not found.
File E:\LaunchU3.exe not found.
C:\WINDOWS\tasks\qsdmgqvp.job moved successfully.
C:\WINDOWS\Cmizocesofihu.bin moved successfully.
C:\WINDOWS\Bfaroveraxifoke.dat moved successfully.
C:\zrpt.xml moved successfully.
C:\WINDOWS\system32\oemryjdm.dll moved successfully.
C:\WINDOWS\system32\aqvuowod.dll moved successfully.
C:\WINDOWS\system32\syiryhds.dll moved successfully.
C:\WINDOWS\system32\psbfjbmh.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Aaron Beverly\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Aaron Beverly\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Aaron Beverly
->Temp folder emptied: 777446 bytes
->Temporary Internet Files folder emptied: 215716 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28710624 bytes
->Flash cache emptied: 2856 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 12202295 bytes

Total Files Cleaned = 40.00 mb


[EMPTYFLASH]

User: Aaron Beverly
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Application Data

User: Default User

User: Guest

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.12.1 log created on 09192010_175953

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------------------------------------------------------------
Gooredfix
--------------------------------------------------------------------------------------------------------------------------------------


GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:12 on 19/09/2010 (Aaron Beverly)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{4ACB96BD-7DCB-4507-93DE-0E88B3BF233D} -> Success!
Deleting C:\Documents and Settings\Aaron Beverly\Local Settings\Application Data\{4ACB96BD-7DCB-4507-93DE-0E88B3BF233D} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:55 24/11/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:29 31/03/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [20:09 21/02/2010]

C:\Documents and Settings\Aaron Beverly\Application Data\Mozilla\Firefox\Profiles\ynupniss.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [03:33 27/04/2010]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [01:07 28/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:22 15/09/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:29 31/03/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [22:27 05/01/2009]

-=E.O.F=-
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
Amonra17

Amonra17

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Combofix step complete.


-----------------------------------------------------------------------------------------------------------------
ComboFix
-----------------------------------------------------------------------------------------------------------------


ComboFix 10-09-17.04 - Aaron Beverly 09/19/2010 19:15:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.181 [GMT -4:00]
Running from: c:\documents and settings\Aaron Beverly\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\hjgrui.dat
c:\windows\system32\kungsfufnmxedd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_SVCHOST


((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-19 21:59 . 2010-09-19 21:59 -------- d-----w- C:\_OTL
2010-09-19 01:53 . 2010-09-19 01:53 -------- d-----w- c:\program files\ERUNT
2010-09-19 00:14 . 2010-09-19 00:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-07 15:12 . 2010-08-12 04:07 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-09-07 15:12 . 2010-08-12 04:07 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-09-07 15:12 . 2010-08-12 04:07 133616 ------w- c:\windows\system32\pxafs.dll
2010-09-02 02:16 . 2010-09-02 02:16 -------- d-----w- c:\windows\system32\custom matrices
2010-09-02 02:15 . 2010-09-02 02:15 -------- d-----w- c:\windows\system32\QuickTime
2010-09-02 02:15 . 2010-09-02 02:18 -------- d-----w- c:\windows\system32\C2MP
2010-09-01 17:56 . 2010-09-01 17:56 -------- d-----w- c:\program files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 01:46 . 2010-09-18 23:18 63488 ----a-w- c:\documents and settings\Aaron Beverly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-19 01:46 . 2010-09-18 23:18 117760 ----a-w- c:\documents and settings\Aaron Beverly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-18 23:18 . 2010-09-18 23:18 52224 ----a-w- c:\documents and settings\Aaron Beverly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-18 23:18 . 2009-12-21 18:32 -------- d-----w- c:\documents and settings\Aaron Beverly\Application Data\SUPERAntiSpyware.com
2010-09-16 07:35 . 2009-02-13 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 14:49 . 2009-10-07 00:32 -------- d-----w- c:\documents and settings\Aaron Beverly\Application Data\vlc
2010-09-13 01:52 . 2009-03-22 02:38 -------- d-----w- c:\documents and settings\Aaron Beverly\Application Data\FrostWire
2010-09-07 15:15 . 2010-06-24 18:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-07 15:15 . 2010-03-08 02:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-07 15:15 . 2007-02-04 09:21 -------- d-----w- c:\program files\DivX
2010-09-07 15:15 . 2010-09-07 15:15 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-07 15:15 . 2010-06-24 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-07 15:15 . 2010-09-07 15:15 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-07 15:14 . 2010-09-07 15:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-07 15:14 . 2010-09-07 15:14 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-09-07 15:12 . 2010-09-07 15:12 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-09-07 15:12 . 2010-09-07 15:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-09-07 15:12 . 2010-09-07 15:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-09-07 15:12 . 2010-09-07 15:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-09-07 15:11 . 2010-09-07 15:11 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-09-07 15:11 . 2010-09-07 15:11 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-09-07 15:11 . 2010-09-07 15:11 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-09-07 15:11 . 2010-09-07 15:11 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-09-07 15:11 . 2010-09-07 15:11 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-09-07 15:11 . 2010-09-07 15:11 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-09-07 15:11 . 2010-09-07 15:11 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-09-07 14:19 . 2010-09-07 15:15 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-07 14:19 . 2010-09-07 14:19 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-07 14:19 . 2010-06-24 18:32 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-07 14:18 . 2010-06-24 18:32 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-17 13:17 . 2006-03-20 16:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 15:29 . 2010-07-20 04:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-12 14:35 . 2006-04-03 19:41 -------- d-----w- c:\program files\McAfee
2010-07-22 15:49 . 2006-03-20 16:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 15:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-20 23:33 . 2010-07-20 23:33 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 04:31 . 2008-05-21 04:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 12:31 . 2006-03-20 16:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 18:26 . 2010-06-24 18:26 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-24 18:26 . 2010-06-24 18:26 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-24 18:24 . 2010-06-24 18:24 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-24 12:22 . 2006-03-20 16:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-03-20 16:49 1851904 ----a-w- c:\windows\system32\win32k.sys
2007-07-01 20:27 . 2007-06-14 13:31 5632288 --sha-w- c:\windows\system32\drivers\fidbox.dat
2007-07-01 20:27 . 2007-06-14 13:31 68128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-03 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2006-03-04 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-04 88204]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/14/2009 11:30 PM 135336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/5/2009 6:27 PM 88176]
S0 jclprjs;jclprjs; [x]
S0 srkuww;srkuww; [x]
S3 XDva201;XDva201;\??\c:\windows\system32\XDva201.sys --> c:\windows\system32\XDva201.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Aaron Beverly\Application Data\Mozilla\Firefox\Profiles\ynupniss.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
BHO-{3A0A092E-8629-4056-ACF7-1E2D4CBA37C5} - (no file)
BHO-{8766296B-3A8C-40D0-AF4B-45CB02C0A57A} - (no file)
BHO-{8DB8D696-4693-400C-AD84-FA85F1237AB3} - (no file)
BHO-{B4ADEF68-32A1-43DC-AE55-C1C8CF2AFF29} - (no file)
BHO-{F036B7E7-36E9-4C0C-B71F-DAA90A4C4B36} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-PC Adware-Spware Removal - c:\program files\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe
HKLM-Run-Etuzepiguyoruke - c:\windows\ajaduxoxuxuvi.dll
SafeBoot-klmdb.sys
AddRemove-Mozilla Firefox (2.0.0.20) - e:\mozilla firefox\uninstall\helper.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Aaron Beverly\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 19:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1272)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TDispVol.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\RAMASST.exe
.
**************************************************************************
.
Completion time: 2010-09-19 19:39:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-19 23:39

Pre-Run: 10,430,869,504 bytes free
Post-Run: 10,257,133,568 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3EEBFF687CBBAF0005D337CDA6A9A4F0
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    
    :Services
    jclprjs
    srkuww
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
Amonra17

Amonra17

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Step complete.


----------------------------------------------------------------------------------------------------------------------------------
OTM
----------------------------------------------------------------------------------------------------------------------------------


All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service jclprjs stopped successfully!
Service jclprjs deleted successfully!
Service srkuww stopped successfully!
Service srkuww deleted successfully!
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Aaron Beverly\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Aaron Beverly\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Aaron Beverly
->Temp folder emptied: 26500 bytes
->Temporary Internet Files folder emptied: 47153 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24065868 bytes
->Flash cache emptied: 953 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.16.1 log created on 09192010_202851

Files moved on Reboot...

Registry entries deleted on Reboot...

----------------------------------------------------------------------------------------------------------------------------------
MBAM
----------------------------------------------------------------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4650

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/19/2010 9:10:00 PM
mbam-log-2010-09-19 (21-10-00).txt

Scan type: Quick scan
Objects scanned: 168427
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------------------------------
Kaspersky
----------------------------------------------------------------------------------------------------------------------------------



KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 21, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 21, 2010 02:05:53
Records in database: 4233605
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 72981
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 04:03:35

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP