Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

nothing works to remove the google redirect virus

Started by aswartz3 , Jun 01 2011 06:59 PM

This topic is locked

#1
aswartz3

Posted 01 June 2011 - 06:59 PM

Member

Member
23 posts

OTL logfile created on: 6/1/2011 7:35:08 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 61.53% Memory free
3.08 Gb Paging File | 2.37 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 24.86 Gb Free Space | 66.70% Space Free | Partition Type: NTFS

Computer Name: VALUED-71FC21E6 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Valued Customer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\WINDOWS\system32\FSRremoS.EXE ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Valued Customer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (srvFDC) -- File not found
SRV - (ShellHWDetection) -- File not found
SRV - (RemoteAccess) -- File not found
SRV - (lanmanserver) -- File not found
SRV - (HidServ) -- File not found
SRV - (helpsvc) -- File not found
SRV - (FastUserSwitchingCompatibility) -- File not found
SRV - (6to4) -- File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)

========== Driver Services (SafeList) ==========

DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\pelusblf.sys (Primax Electronics Ltd.)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.cnz.com/search/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/02/26 04:09:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/03/05 02:08:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/29 17:56:36 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/05/25 22:17:31 | 000,436,560 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15031 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1207760403906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.39.47.11 69.39.47.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 08:50:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: drwareg - (C:\WINDOWS\system32\caclsn32.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 19:23:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2011/05/31 18:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\Malwarebytes
[2011/05/31 18:10:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/31 18:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 18:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/31 18:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/31 17:21:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/31 16:45:28 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/31 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/31 16:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/05/31 16:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/30 19:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/30 19:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/05/29 20:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/29 17:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/29 17:56:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/29 17:56:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/05/29 17:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\AVG
[2011/05/29 17:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Start Menu\Programs\Lavasoft
[2011/05/29 17:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/05/29 17:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/29 17:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/29 17:53:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Valued Customer\Recent
[2011/05/27 19:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/26 17:43:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/25 18:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\DriverCure
[2011/05/25 18:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\ParetoLogic
[2011/05/22 12:37:33 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/05/15 15:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/12 03:28:51 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/12 03:28:30 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/12 03:24:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/12 03:14:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/01 19:23:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2011/06/01 18:02:29 | 000,007,574 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_11.05.2011_22.05.56_log.zip
[2011/06/01 18:02:29 | 000,007,574 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\TDSSKiller.2.5.0.0_11.05.2011_22.05.56_log.zip
[2011/05/31 18:39:49 | 000,012,652 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/31 18:39:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/31 18:10:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 17:08:35 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/31 16:47:12 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/31 16:45:28 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/31 16:42:23 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/05/29 23:24:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/29 18:24:45 | 000,000,596 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/27 22:05:36 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\mmc.exe.config.NAR01
[2011/05/27 22:05:36 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\mmc.exe.config.NAR00
[2011/05/27 18:50:14 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/27 18:50:14 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/27 18:08:28 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/27 18:08:22 | 000,441,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/27 18:08:22 | 000,071,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/26 17:21:20 | 000,014,797 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\accrestore.zip
[2011/05/25 22:17:31 | 000,436,560 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/18 18:34:35 | 000,278,488 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\SOCIAL SECURITY APP.pdf
[2011/05/16 17:17:17 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\prvlcl.dat
[2011/05/11 20:54:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 17:19:00 | 000,073,728 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\System32\ZProgBar.ocx
[2011/05/07 17:18:59 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdsp.dll
[2011/05/07 17:18:59 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdmtpdr.dll
[2011/05/07 17:18:58 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVADVE.DLL
[2011/05/07 17:18:58 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVADVD.dll
[2011/05/07 17:18:56 | 000,036,864 | ---- | M] (Clint LaFever) -- C:\WINDOWS\System32\WEBFIL~1.OCX
[2011/05/07 17:18:56 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfapi.dll
[2011/05/07 17:18:56 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm
[2011/05/07 17:18:52 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve
[2011/05/07 17:18:52 | 000,417,792 | ---- | M] (ComponentOne) -- C:\WINDOWS\System32\vsprint8.ocx
[2011/05/07 17:18:52 | 000,299,008 | ---- | M] (Aivosto Oy) -- C:\WINDOWS\System32\vbwFunctionsVB6.dll
[2011/05/07 17:18:52 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/05/07 17:18:50 | 000,008,192 | ---- | M] (DSP GROUP, INC.) -- C:\WINDOWS\System32\tssoft32.acm
[2011/05/07 17:18:49 | 000,442,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.dll
[2011/05/07 17:18:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.rll
[2011/05/07 17:18:46 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\sl_anet.acm
[2011/05/07 17:18:42 | 000,172,032 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMUNINST.EXE
[2011/05/07 17:18:42 | 000,036,864 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMUNINNT.EXE
[2011/05/07 17:18:41 | 000,225,280 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELUTIL.DLL
[2011/05/07 17:18:41 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELMICED.EXE
[2011/05/07 17:18:41 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELSCRLL.DLL
[2011/05/07 17:18:41 | 000,090,112 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELZOOM.DLL
[2011/05/07 17:18:41 | 000,081,920 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELHOOKS.DLL
[2011/05/07 17:18:41 | 000,065,536 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMIBM.DLL
[2011/05/07 17:18:41 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELRESS.DLL
[2011/05/07 17:18:41 | 000,036,864 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELCOMM.DLL
[2011/05/07 17:18:41 | 000,024,576 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelsetup.dll
[2011/05/07 17:18:33 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nlsdl.dll
[2011/05/07 17:18:32 | 001,355,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvbvm50.dll
[2011/05/07 17:18:32 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2011/05/07 17:18:32 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msstdfmt.dll
[2011/05/07 17:18:32 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msstkprp.dll
[2011/05/07 17:18:32 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2011/05/07 17:18:30 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFPLAT.dll
[2011/05/07 17:18:30 | 000,086,016 | ---- | M] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2011/05/07 17:18:28 | 000,204,800 | ---- | M] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/05/07 17:18:28 | 000,188,416 | ---- | M] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/05/07 17:18:28 | 000,163,840 | ---- | M] (America Online) -- C:\WINDOWS\System32\jgdw400.dll
[2011/05/07 17:18:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/07 17:18:28 | 000,065,536 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgsh400.dll
[2011/05/07 17:18:27 | 002,310,144 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2011/05/07 17:18:27 | 000,524,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2011/05/07 17:18:27 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/05/07 17:18:27 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/05/07 17:18:27 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/05/07 17:18:27 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2011/05/07 17:18:27 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2011/05/07 17:18:27 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2011/05/07 17:18:27 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2011/05/07 17:18:27 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2011/05/07 17:18:27 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2011/05/07 17:18:27 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2011/05/07 17:18:27 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2011/05/07 17:18:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/05/07 17:18:26 | 001,503,232 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2011/05/07 17:18:26 | 000,446,464 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2011/05/07 17:18:26 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2011/05/07 17:18:26 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2011/05/07 17:18:26 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ifxcardm.dll
[2011/05/07 17:18:26 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2011/05/07 17:18:26 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2011/05/07 17:18:26 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2011/05/07 17:18:26 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2011/05/07 17:18:26 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2011/05/07 17:18:26 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2011/05/07 17:18:26 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2011/05/07 17:18:26 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2011/05/07 17:18:26 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2011/05/07 17:18:26 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2011/05/07 17:18:26 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2011/05/07 17:18:26 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2011/05/07 17:18:26 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2011/05/07 17:18:26 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2011/05/07 17:18:26 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2011/05/07 17:18:26 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2011/05/07 17:18:26 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2011/05/07 17:18:26 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2011/05/07 17:18:26 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2011/05/07 17:18:26 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2011/05/07 17:18:26 | 000,040,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2011/05/07 17:18:26 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2011/05/07 17:18:25 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ICONSPY.EXE
[2011/05/07 17:18:25 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2011/05/07 17:18:25 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2011/05/07 17:18:25 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2011/05/07 17:18:25 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2011/05/07 17:18:25 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2011/05/07 17:18:25 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2011/05/07 17:18:25 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2011/05/07 17:18:25 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2011/05/07 17:18:25 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2011/05/07 17:18:24 | 000,114,688 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2011/05/07 17:18:24 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll
[2011/05/07 17:18:24 | 000,049,152 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2011/05/07 17:18:24 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2011/05/07 17:18:23 | 000,598,016 | ---- | M] (Clint LaFever) -- C:\WINDOWS\System32\ExtLVCTL.ocx
[2011/05/07 17:18:23 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2011/05/07 17:18:22 | 000,622,592 | ---- | M] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\DVDProX2.dll
[2011/05/07 17:18:22 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmupgds.exe
[2011/05/07 17:18:22 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELMOUSE.SYS
[2011/05/07 17:18:17 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnmpntw.dll
[2011/05/07 17:18:17 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsrpcn.dll
[2011/05/07 17:18:02 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.dll
[2011/05/07 17:18:02 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.rll
[2011/05/07 17:18:02 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2011/05/07 17:18:01 | 000,069,632 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\System32\CDNotify6.ocx
[2011/05/07 17:17:56 | 000,241,664 | ---- | M] (E-Lite Enterprises) -- C:\WINDOWS\System32\AxFormEx6k.ocx
[2011/05/07 17:14:38 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 18:02:57 | 000,007,574 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\TDSSKiller.2.5.0.0_11.05.2011_22.05.56_log.zip
[2011/06/01 18:02:29 | 000,007,574 | ---- | C] () -- C:\TDSSKiller.2.5.0.0_11.05.2011_22.05.56_log.zip
[2011/05/31 18:10:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 16:42:23 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/31 16:42:23 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/05/29 18:24:44 | 000,000,596 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/27 22:05:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config.NAR01
[2011/05/27 22:05:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config.NAR00
[2011/05/26 17:22:14 | 000,014,797 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\accrestore.zip
[2011/05/21 23:55:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/21 23:55:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/18 18:34:35 | 000,278,488 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\SOCIAL SECURITY APP.pdf
[2011/05/15 23:24:31 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/13 03:01:18 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/19 00:04:44 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17096500
[2011/04/19 00:04:44 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17096500r
[2011/04/19 00:03:48 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17096500
[2011/04/12 05:01:24 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/03/28 00:47:26 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\prvlcl.dat
[2011/03/04 10:34:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/09 16:57:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/04/09 16:57:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/04/09 16:57:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/04/09 16:57:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/04/09 16:57:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/04/09 16:57:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/04/09 13:44:44 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2008/04/09 13:44:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2008/04/09 08:52:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/09 08:46:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/08 14:11:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/08 14:10:24 | 000,131,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/14 11:32:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,441,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,071,476 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/29 17:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/29 17:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/23 19:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/03/23 23:15:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/31 16:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/06 15:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/02 22:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/05/29 18:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/05/15 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/11 17:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Aqtoac
[2011/05/29 17:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG
[2011/03/23 23:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG10
[2011/03/23 19:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG7
[2011/05/25 18:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\DriverCure
[2011/05/07 22:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FrostWire
[2008/05/23 17:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\InterVideo
[2011/05/25 18:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\ParetoLogic
[2011/03/16 18:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Vika
[2011/03/05 16:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\whitesmoketoolbar
[2011/05/29 23:24:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

#2
Gammo

Posted 03 June 2011 - 11:40 AM

Member 2k

Malware Removal
2,299 posts

Hi,

You ran the OTL scan with the wrong settings.

Please run the Quick Scan this time:

Run OTL again

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.

#3
aswartz3

Posted 03 June 2011 - 01:18 PM

Member

Topic Starter
Member
23 posts

thank you, i ran itOTL logfile created on: 6/3/2011 2:12:20 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.34% Memory free
3.08 Gb Paging File | 2.77 Gb Available in Paging File | 90.02% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 24.73 Gb Free Space | 66.36% Space Free | Partition Type: NTFS

Computer Name: VALUED-71FC21E6 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Valued Customer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\WINDOWS\system32\FSRremoS.EXE ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Valued Customer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (srvFDC) -- File not found
SRV - (ShellHWDetection) -- File not found
SRV - (RemoteAccess) -- File not found
SRV - (lanmanserver) -- File not found
SRV - (HidServ) -- File not found
SRV - (helpsvc) -- File not found
SRV - (FastUserSwitchingCompatibility) -- File not found
SRV - (6to4) -- File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)

========== Driver Services (SafeList) ==========

DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\pelusblf.sys (Primax Electronics Ltd.)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1563985344-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.cnz.com/search/
IE - HKU\S-1-5-21-1708537768-1563985344-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1708537768-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/29 17:56:36 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/05/25 22:17:31 | 000,436,560 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15031 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-1708537768-1563985344-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKU\.DEFAULT..\Run: [SvrWsc] File not found
O4 - HKU\S-1-5-18..\Run: [SvrWsc] File not found
O4 - HKU\S-1-5-21-1708537768-1563985344-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1563985344-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1708537768-1563985344-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1708537768-1563985344-725345543-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1207760403906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.39.47.11 69.39.47.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 08:50:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: drwareg - (C:\WINDOWS\system32\caclsn32.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 19:23:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2011/05/31 18:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\Malwarebytes
[2011/05/31 18:10:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/31 18:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 18:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/31 18:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/31 17:21:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/31 16:45:28 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/31 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/31 16:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/05/31 16:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/30 19:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/30 19:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/05/29 20:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/29 17:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/29 17:56:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/29 17:56:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/05/29 17:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\AVG
[2011/05/29 17:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Start Menu\Programs\Lavasoft
[2011/05/29 17:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/05/29 17:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/29 17:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/29 17:53:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Valued Customer\Recent
[2011/05/27 19:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/26 17:43:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/25 18:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\DriverCure
[2011/05/25 18:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\ParetoLogic
[2011/05/22 12:37:33 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/05/15 15:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/03 09:05:47 | 000,012,652 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/03 09:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/03 08:57:58 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/01 23:24:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/01 19:23:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2011/06/01 18:02:29 | 000,007,574 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_11.05.2011_22.05.56_log.zip
[2011/06/01 18:02:29 | 000,007,574 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\TDSSKiller.2.5.0.0_11.05.2011_22.05.56_log.zip
[2011/05/31 18:10:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 16:47:12 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/31 16:45:28 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/31 16:42:23 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/05/29 18:24:45 | 000,000,596 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/27 22:05:36 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\mmc.exe.config.NAR01
[2011/05/27 22:05:36 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\mmc.exe.config.NAR00
[2011/05/27 18:50:14 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/27 18:50:14 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/27 18:08:28 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/27 18:08:22 | 000,441,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/27 18:08:22 | 000,071,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/26 17:21:20 | 000,014,797 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\accrestore.zip
[2011/05/25 22:17:31 | 000,436,560 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/18 18:34:35 | 000,278,488 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\SOCIAL SECURITY APP.pdf
[2011/05/16 17:17:17 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\prvlcl.dat
[2011/05/11 20:54:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 17:19:00 | 000,073,728 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\System32\ZProgBar.ocx
[2011/05/07 17:18:56 | 000,036,864 | ---- | M] (Clint LaFever) -- C:\WINDOWS\System32\WEBFIL~1.OCX
[2011/05/07 17:18:56 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm
[2011/05/07 17:18:52 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve
[2011/05/07 17:18:52 | 000,417,792 | ---- | M] (ComponentOne) -- C:\WINDOWS\System32\vsprint8.ocx
[2011/05/07 17:18:52 | 000,299,008 | ---- | M] (Aivosto Oy) -- C:\WINDOWS\System32\vbwFunctionsVB6.dll
[2011/05/07 17:18:42 | 000,172,032 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMUNINST.EXE
[2011/05/07 17:18:42 | 000,036,864 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMUNINNT.EXE
[2011/05/07 17:18:41 | 000,225,280 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELUTIL.DLL
[2011/05/07 17:18:41 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELMICED.EXE
[2011/05/07 17:18:41 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELSCRLL.DLL
[2011/05/07 17:18:41 | 000,090,112 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELZOOM.DLL
[2011/05/07 17:18:41 | 000,081,920 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELHOOKS.DLL
[2011/05/07 17:18:41 | 000,065,536 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMIBM.DLL
[2011/05/07 17:18:41 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELRESS.DLL
[2011/05/07 17:18:41 | 000,036,864 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELCOMM.DLL
[2011/05/07 17:18:41 | 000,024,576 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelsetup.dll
[2011/05/07 17:18:28 | 000,204,800 | ---- | M] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/05/07 17:18:28 | 000,188,416 | ---- | M] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/05/07 17:18:27 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/05/07 17:18:27 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/05/07 17:18:27 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/05/07 17:18:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/05/07 17:18:25 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ICONSPY.EXE
[2011/05/07 17:18:23 | 000,598,016 | ---- | M] (Clint LaFever) -- C:\WINDOWS\System32\ExtLVCTL.ocx
[2011/05/07 17:18:23 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2011/05/07 17:18:22 | 000,622,592 | ---- | M] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\DVDProX2.dll
[2011/05/07 17:18:22 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELMOUSE.SYS
[2011/05/07 17:18:01 | 000,069,632 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\System32\CDNotify6.ocx
[2011/05/07 17:17:56 | 000,241,664 | ---- | M] (E-Lite Enterprises) -- C:\WINDOWS\System32\AxFormEx6k.ocx
[2011/05/07 17:14:38 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 18:02:57 | 000,007,574 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\TDSSKiller.2.5.0.0_11.05.2011_22.05.56_log.zip
[2011/06/01 18:02:29 | 000,007,574 | ---- | C] () -- C:\TDSSKiller.2.5.0.0_11.05.2011_22.05.56_log.zip
[2011/05/31 18:10:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 16:42:23 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/31 16:42:23 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/05/29 18:24:44 | 000,000,596 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/27 22:05:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config.NAR01
[2011/05/27 22:05:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config.NAR00
[2011/05/26 17:22:14 | 000,014,797 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\accrestore.zip
[2011/05/21 23:55:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/21 23:55:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/18 18:34:35 | 000,278,488 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\SOCIAL SECURITY APP.pdf
[2011/05/15 23:24:31 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/13 03:01:18 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/19 00:04:44 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17096500
[2011/04/19 00:04:44 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17096500r
[2011/04/19 00:03:48 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17096500
[2011/04/12 05:01:24 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/03/28 00:47:26 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\prvlcl.dat
[2011/03/04 10:34:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/09 16:57:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/04/09 16:57:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/04/09 16:57:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/04/09 16:57:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/04/09 16:57:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/04/09 16:57:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/04/09 13:44:44 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2008/04/09 13:44:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2008/04/09 08:52:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/09 08:46:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/08 14:11:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/08 14:10:24 | 000,131,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/14 11:32:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,441,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,071,476 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/29 17:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/29 17:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/23 19:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/03/23 23:15:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/31 16:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/06 15:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/02 22:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/05/29 18:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/05/15 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/23 19:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG7
[2008/04/09 12:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2011/03/05 16:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar
[2011/03/17 14:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/03/11 17:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Aqtoac
[2011/05/29 17:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG
[2011/03/23 23:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG10
[2011/03/23 19:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG7
[2011/05/25 18:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\DriverCure
[2011/05/07 22:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FrostWire
[2008/05/23 17:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\InterVideo
[2011/05/25 18:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\ParetoLogic
[2011/03/16 18:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Vika
[2011/03/05 16:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\whitesmoketoolbar
[2011/06/01 23:24:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

again just as you said. the results are below. i hope this is right.

#4
Gammo

Posted 03 June 2011 - 02:54 PM

Member 2k

Malware Removal
2,299 posts

Hi,

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - (srvFDC) -- File not found
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKU\.DEFAULT..\Run: [SvrWsc] File not found
O4 - HKU\S-1-5-18..\Run: [SvrWsc] File not found
O36 - AppCertDlls: drwareg - (C:\WINDOWS\system32\caclsn32.dll) - File not found
[2011/04/19 00:04:44 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17096500
[2011/04/19 00:04:44 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17096500r
[2011/04/19 00:03:48 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17096500
[2011/03/05 16:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar
[2011/03/17 14:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/03/05 16:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\whitesmoketoolbar
[2011/03/11 17:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Aqtoac
[2011/03/16 18:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Vika
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\whitesmoketoolbar
C:\Program Files\Search Toolbar

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

ComboFix may ask you to uninstall AVG. If it does, please do so.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

Click me

If you can't disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#5
aswartz3

Posted 03 June 2011 - 04:00 PM

Member

Topic Starter
Member
23 posts

OK I RAN THE OTL "FIX" BUT WHEN I GO TO RUN COMBOFIX IT DOES AS YOU SAID AND TELLS ME TO UNINSTALL AVG I DONT REALLY HAVE AVG ANYMORE I BOUGHT IT SEVERAL MONTHS AGO BUT WAS UNHAPPY AND I HAD IT UNINSTALLED AT ONE TIME BUT WITH ALL THESE COMPUTER PROBLEMS I HAVE HAD IT IS BACK AND WONT LET ME UNINSTALL IT. I THINK ALL I HAVE IS THE SHORTCUT CAUSE I DONT SEE IT IN THE TASKBAR AND ALTHOUGH IT IS SHOWING IN MY PROGRAMS IT WONT LET ME UNINSTLL IT. I ALSO HAVE SPYBOT AND MALWAREBITES AND HITMAN . DO THEY NEED DO ME DISABLED ALSO? PLEASE EXCUSE MY IGNORANCE OF THE COMPUTER WORLD. I HOPE YOU DONT LOSE PATIENCE WITH ME. YOUR MY ONLY HOPE, CANT AFFORD TO TAKE IT ANYWHERE.

#6
aswartz3

Posted 03 June 2011 - 04:05 PM

Member

Topic Starter
Member
23 posts

NOT SURE IF YOU NEEDED THIS.

All processes killed
========== OTL ==========
Service srvFDC stopped successfully!
Service srvFDC deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
File C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SvrWsc deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SvrWsc not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\drwareg deleted successfully.
C:\Documents and Settings\All Users\Application Data\~17096500 moved successfully.
C:\Documents and Settings\All Users\Application Data\~17096500r moved successfully.
C:\Documents and Settings\All Users\Application Data\17096500 moved successfully.
C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\whitesmoketoolbar\weather folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\whitesmoketoolbar folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Aqtoac folder moved successfully.
C:\Documents and Settings\Valued Customer\Application Data\Vika folder moved successfully.
C:\WINDOWS\003306_.tmp deleted successfully.
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll deleted successfully.
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll deleted successfully.
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll deleted successfully.
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP folder deleted successfully.
C:\WINDOWS\SET29.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Valued Customer\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Valued Customer\Desktop\cmd.txt deleted successfully.
C:\Program Files\whitesmoketoolbar\components folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files\whitesmoketoolbar folder moved successfully.
C:\Program Files\Search Toolbar folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16698 bytes
->Temporary Internet Files folder emptied: 312384 bytes

User: Administrator.VALUED-71FC21E6
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 655669 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 69059 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 8580448 bytes
->Java cache emptied: 1094752 bytes
->Flash cache emptied: 73597 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 539117428 bytes
->Java cache emptied: 1133096 bytes
->Flash cache emptied: 109233 bytes

User: Valued Customer
->Temp folder emptied: 245758578 bytes
->Temporary Internet Files folder emptied: 325815306 bytes
->Java cache emptied: 26982 bytes
->Flash cache emptied: 60438 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4979749 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 92087962 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 26455619 bytes

Total Files Cleaned = 1,189.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.VALUED-71FC21E6

User: All Users

User: Default User

User: Guest

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Valued Customer
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06032011_163640

Files\Folders moved on Reboot...
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\XT63EKZB\st[1] moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\WRW4CZVU\gossipcenter[1].htm moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\TY7KTL3W\gossipcenter[1].htm moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\MC761G5O\cheryl-cole-glams-cannes-film-festival-505863[1].htm moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\MC761G5O\iframe3[1].htm moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\K8YGX3RE\gossipcenter[1].htm moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\E1CH7LWJ\iframe3[1].htm moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\DD5PVFUG\statstracker[1].htm moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\97TRROFB\iframe3[1].htm moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\7NZQ8ZJA\gossipcenter[1].htm moved successfully.

Registry entries deleted on Reboot...

#7
Gammo

Posted 05 June 2011 - 04:58 AM

Member 2k

Malware Removal
2,299 posts

Hi,

These two tools should remove AVG:

1. AVG Remover: http://download.avg....6_2011_1322.exe
Download/run the file and follow the on-screen instructions.

2. AppRemover:

Download AppRemover and run it.

Click Next >>
Posted Image

Ensure "Remove Security Application" is collected and click Next >>
Posted Image

AppRemover will scan all the security applications on your PC
Posted Image

Select Any [<<Application Name>> entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot, please do so.

After doing the above, please try running ComboFix again.

#8
aswartz3

Posted 05 June 2011 - 10:12 PM

Member

Topic Starter
Member
23 posts

hi, downloaded both and ran both it shows hitman and combofix both of which i downloaded per your instructions but it doesnt show AVG when i ran the AVG uninstall it says nothing is there but combofix says it is and wont run.

also i had a weird not pop up called "catch me" on my notepad this is it:

File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File list cleared
File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File list cleared
File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File list cleared

when i run combofix it tells me that there is a patchkit volshanp.sys and it tried to disinfect it and remove it. i take it this is another virus i have contracted. oh geez now what?

#9
Gammo

Posted 06 June 2011 - 09:52 AM

Member 2k

Malware Removal
2,299 posts

Hi,

This should fix the volsnap.sys infection:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

After running TDSSKiller, please try running Combofix again. Post the resulting log file (located at C:\ComboFix.txt) in your next reply.

#10
aswartz3

Posted 10 June 2011 - 02:33 PM

Member

Topic Starter
Member
23 posts

Hi Gammo,
Sorry, i have been out of town the past four days and just got your reply today. i have ran the TDSS and am attaching the report. then i will run the combo fix again and send that report also.

2011/06/10 15:21:47.0046 3580 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 15:21:49.0046 3580 ================================================================================
2011/06/10 15:21:49.0046 3580 SystemInfo:
2011/06/10 15:21:49.0046 3580
2011/06/10 15:21:49.0046 3580 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/10 15:21:49.0046 3580 Product type: Workstation
2011/06/10 15:21:49.0046 3580 ComputerName: VALUED-71FC21E6
2011/06/10 15:21:49.0046 3580 UserName: Valued Customer
2011/06/10 15:21:49.0046 3580 Windows directory: C:\WINDOWS
2011/06/10 15:21:49.0046 3580 System windows directory: C:\WINDOWS
2011/06/10 15:21:49.0046 3580 Processor architecture: Intel x86
2011/06/10 15:21:49.0046 3580 Number of processors: 1
2011/06/10 15:21:49.0046 3580 Page size: 0x1000
2011/06/10 15:21:49.0046 3580 Boot type: Normal boot
2011/06/10 15:21:49.0046 3580 ================================================================================
2011/06/10 15:21:50.0531 3580 Initialize success
2011/06/10 15:21:57.0609 3684 ================================================================================
2011/06/10 15:21:57.0609 3684 Scan started
2011/06/10 15:21:57.0609 3684 Mode: Manual;
2011/06/10 15:21:57.0609 3684 ================================================================================
2011/06/10 15:21:59.0156 3684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/10 15:21:59.0265 3684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/10 15:21:59.0468 3684 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/10 15:21:59.0578 3684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/10 15:21:59.0687 3684 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/10 15:21:59.0843 3684 AgereSoftModem (9074e4d73bb8b06758e530a20c592dac) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/10 15:22:00.0546 3684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/10 15:22:00.0656 3684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/10 15:22:00.0796 3684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/10 15:22:00.0890 3684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/10 15:22:00.0984 3684 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/10 15:22:01.0109 3684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/10 15:22:01.0343 3684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/10 15:22:01.0562 3684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/10 15:22:01.0656 3684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/10 15:22:01.0718 3684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/10 15:22:02.0156 3684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/10 15:22:02.0281 3684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/10 15:22:02.0437 3684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/10 15:22:02.0546 3684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/10 15:22:02.0656 3684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/10 15:22:02.0843 3684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/10 15:22:02.0937 3684 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/10 15:22:03.0046 3684 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/10 15:22:03.0203 3684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/10 15:22:03.0296 3684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/10 15:22:03.0359 3684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/10 15:22:03.0437 3684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/10 15:22:03.0531 3684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/10 15:22:03.0671 3684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/10 15:22:03.0765 3684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/10 15:22:03.0843 3684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/10 15:22:03.0937 3684 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/10 15:22:04.0125 3684 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2011/06/10 15:22:04.0312 3684 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2011/06/10 15:22:04.0500 3684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/10 15:22:04.0734 3684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/10 15:22:04.0875 3684 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/10 15:22:05.0093 3684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/10 15:22:05.0250 3684 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/10 15:22:05.0343 3684 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/10 15:22:05.0406 3684 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/10 15:22:05.0515 3684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/10 15:22:05.0593 3684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/10 15:22:05.0703 3684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/10 15:22:05.0781 3684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/10 15:22:05.0859 3684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/10 15:22:05.0921 3684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/10 15:22:05.0968 3684 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/10 15:22:06.0031 3684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/10 15:22:06.0171 3684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/10 15:22:06.0343 3684 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/10 15:22:06.0500 3684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/10 15:22:06.0625 3684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/10 15:22:06.0734 3684 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/10 15:22:06.0843 3684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/10 15:22:06.0921 3684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/10 15:22:07.0046 3684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/10 15:22:07.0187 3684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/10 15:22:07.0328 3684 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/10 15:22:07.0453 3684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/10 15:22:07.0578 3684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/10 15:22:07.0656 3684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/10 15:22:07.0750 3684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/10 15:22:07.0843 3684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/10 15:22:07.0953 3684 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/10 15:22:08.0078 3684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/10 15:22:08.0171 3684 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/10 15:22:08.0250 3684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/10 15:22:08.0328 3684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/10 15:22:08.0453 3684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/10 15:22:08.0578 3684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/10 15:22:08.0640 3684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/10 15:22:08.0781 3684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/10 15:22:08.0859 3684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/10 15:22:09.0000 3684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/10 15:22:09.0078 3684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/10 15:22:09.0171 3684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/10 15:22:09.0265 3684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/10 15:22:09.0328 3684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/10 15:22:09.0437 3684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/10 15:22:09.0531 3684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/10 15:22:09.0671 3684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/10 15:22:09.0781 3684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/10 15:22:10.0218 3684 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/06/10 15:22:10.0328 3684 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/06/10 15:22:10.0609 3684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/10 15:22:10.0687 3684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/10 15:22:10.0765 3684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/10 15:22:11.0156 3684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/10 15:22:11.0250 3684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/10 15:22:11.0312 3684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/10 15:22:11.0437 3684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/10 15:22:11.0546 3684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/10 15:22:11.0671 3684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/10 15:22:11.0765 3684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/10 15:22:11.0906 3684 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/10 15:22:12.0015 3684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/10 15:22:12.0156 3684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/10 15:22:12.0281 3684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/10 15:22:12.0359 3684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/10 15:22:12.0546 3684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/10 15:22:12.0796 3684 smwdm (eb3accc928b9d97da89e1d37928167e3) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/10 15:22:12.0984 3684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/10 15:22:13.0093 3684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/10 15:22:13.0187 3684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/10 15:22:13.0312 3684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/10 15:22:13.0375 3684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/10 15:22:13.0703 3684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/10 15:22:13.0812 3684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/10 15:22:13.0937 3684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/10 15:22:14.0015 3684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/10 15:22:14.0109 3684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/10 15:22:14.0265 3684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/10 15:22:14.0500 3684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/10 15:22:14.0734 3684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/10 15:22:14.0843 3684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/10 15:22:14.0968 3684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/10 15:22:15.0062 3684 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/10 15:22:15.0156 3684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/10 15:22:15.0296 3684 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/10 15:22:15.0296 3684 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/10 15:22:15.0312 3684 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/10 15:22:15.0421 3684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/10 15:22:15.0671 3684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/10 15:22:15.0875 3684 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2011/06/10 15:22:16.0078 3684 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/10 15:22:16.0218 3684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/10 15:22:16.0296 3684 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/10 15:22:16.0359 3684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/10 15:22:16.0500 3684 ================================================================================
2011/06/10 15:22:16.0500 3684 Scan finished
2011/06/10 15:22:16.0500 3684 ================================================================================
2011/06/10 15:22:16.0531 3100 Detected object count: 1
2011/06/10 15:22:16.0531 3100 Actual detected object count: 1
2011/06/10 15:24:02.0125 3100 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/10 15:24:02.0125 3100 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/10 15:24:03.0546 3100 Backup copy found, using it..
2011/06/10 15:24:03.0546 3100 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/10 15:24:03.0546 3100 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/10 15:25:32.0500 2064 Deinitialize success

Hi,

This should fix the volsnap.sys infection:

Please read carefully and follow these steps.
Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

After running TDSSKiller, please try running Combofix again. Post the resulting log file (located at C:\ComboFix.txt) in your next reply.

#11
aswartz3

Posted 10 June 2011 - 02:36 PM

Member

Topic Starter
Member
23 posts

sorry i have been out of town and just got back. i have done what you said to do as far as the TDSS and the log is below now i wi2011/06/10 15:21:47.0046 3580 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 15:21:49.0046 3580 ================================================================================
2011/06/10 15:21:49.0046 3580 SystemInfo:
2011/06/10 15:21:49.0046 3580
2011/06/10 15:21:49.0046 3580 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/10 15:21:49.0046 3580 Product type: Workstation
2011/06/10 15:21:49.0046 3580 ComputerName: VALUED-71FC21E6
2011/06/10 15:21:49.0046 3580 UserName: Valued Customer
2011/06/10 15:21:49.0046 3580 Windows directory: C:\WINDOWS
2011/06/10 15:21:49.0046 3580 System windows directory: C:\WINDOWS
2011/06/10 15:21:49.0046 3580 Processor architecture: Intel x86
2011/06/10 15:21:49.0046 3580 Number of processors: 1
2011/06/10 15:21:49.0046 3580 Page size: 0x1000
2011/06/10 15:21:49.0046 3580 Boot type: Normal boot
2011/06/10 15:21:49.0046 3580 ================================================================================
2011/06/10 15:21:50.0531 3580 Initialize success
2011/06/10 15:21:57.0609 3684 ================================================================================
2011/06/10 15:21:57.0609 3684 Scan started
2011/06/10 15:21:57.0609 3684 Mode: Manual;
2011/06/10 15:21:57.0609 3684 ================================================================================
2011/06/10 15:21:59.0156 3684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/10 15:21:59.0265 3684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/10 15:21:59.0468 3684 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/10 15:21:59.0578 3684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/10 15:21:59.0687 3684 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/10 15:21:59.0843 3684 AgereSoftModem (9074e4d73bb8b06758e530a20c592dac) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/10 15:22:00.0546 3684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/10 15:22:00.0656 3684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/10 15:22:00.0796 3684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/10 15:22:00.0890 3684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/10 15:22:00.0984 3684 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/10 15:22:01.0109 3684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/10 15:22:01.0343 3684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/10 15:22:01.0562 3684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/10 15:22:01.0656 3684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/10 15:22:01.0718 3684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/10 15:22:02.0156 3684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/10 15:22:02.0281 3684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/10 15:22:02.0437 3684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/10 15:22:02.0546 3684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/10 15:22:02.0656 3684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/10 15:22:02.0843 3684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/10 15:22:02.0937 3684 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/10 15:22:03.0046 3684 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/10 15:22:03.0203 3684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/10 15:22:03.0296 3684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/10 15:22:03.0359 3684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/10 15:22:03.0437 3684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/10 15:22:03.0531 3684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/10 15:22:03.0671 3684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/10 15:22:03.0765 3684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/10 15:22:03.0843 3684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/10 15:22:03.0937 3684 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/10 15:22:04.0125 3684 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2011/06/10 15:22:04.0312 3684 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2011/06/10 15:22:04.0500 3684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/10 15:22:04.0734 3684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/10 15:22:04.0875 3684 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/10 15:22:05.0093 3684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/10 15:22:05.0250 3684 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/10 15:22:05.0343 3684 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/10 15:22:05.0406 3684 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/10 15:22:05.0515 3684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/10 15:22:05.0593 3684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/10 15:22:05.0703 3684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/10 15:22:05.0781 3684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/10 15:22:05.0859 3684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/10 15:22:05.0921 3684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/10 15:22:05.0968 3684 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/10 15:22:06.0031 3684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/10 15:22:06.0171 3684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/10 15:22:06.0343 3684 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/10 15:22:06.0500 3684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/10 15:22:06.0625 3684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/10 15:22:06.0734 3684 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/10 15:22:06.0843 3684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/10 15:22:06.0921 3684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/10 15:22:07.0046 3684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/10 15:22:07.0187 3684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/10 15:22:07.0328 3684 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/10 15:22:07.0453 3684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/10 15:22:07.0578 3684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/10 15:22:07.0656 3684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/10 15:22:07.0750 3684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/10 15:22:07.0843 3684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/10 15:22:07.0953 3684 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/10 15:22:08.0078 3684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/10 15:22:08.0171 3684 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/10 15:22:08.0250 3684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/10 15:22:08.0328 3684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/10 15:22:08.0453 3684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/10 15:22:08.0578 3684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/10 15:22:08.0640 3684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/10 15:22:08.0781 3684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/10 15:22:08.0859 3684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/10 15:22:09.0000 3684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/10 15:22:09.0078 3684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/10 15:22:09.0171 3684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/10 15:22:09.0265 3684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/10 15:22:09.0328 3684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/10 15:22:09.0437 3684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/10 15:22:09.0531 3684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/10 15:22:09.0671 3684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/10 15:22:09.0781 3684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/10 15:22:10.0218 3684 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/06/10 15:22:10.0328 3684 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/06/10 15:22:10.0609 3684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/10 15:22:10.0687 3684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/10 15:22:10.0765 3684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/10 15:22:11.0156 3684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/10 15:22:11.0250 3684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/10 15:22:11.0312 3684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/10 15:22:11.0437 3684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/10 15:22:11.0546 3684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/10 15:22:11.0671 3684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/10 15:22:11.0765 3684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/10 15:22:11.0906 3684 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/10 15:22:12.0015 3684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/10 15:22:12.0156 3684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/10 15:22:12.0281 3684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/10 15:22:12.0359 3684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/10 15:22:12.0546 3684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/10 15:22:12.0796 3684 smwdm (eb3accc928b9d97da89e1d37928167e3) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/10 15:22:12.0984 3684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/10 15:22:13.0093 3684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/10 15:22:13.0187 3684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/10 15:22:13.0312 3684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/10 15:22:13.0375 3684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/10 15:22:13.0703 3684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/10 15:22:13.0812 3684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/10 15:22:13.0937 3684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/10 15:22:14.0015 3684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/10 15:22:14.0109 3684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/10 15:22:14.0265 3684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/10 15:22:14.0500 3684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/10 15:22:14.0734 3684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/10 15:22:14.0843 3684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/10 15:22:14.0968 3684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/10 15:22:15.0062 3684 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/10 15:22:15.0156 3684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/10 15:22:15.0296 3684 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/10 15:22:15.0296 3684 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/10 15:22:15.0312 3684 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/10 15:22:15.0421 3684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/10 15:22:15.0671 3684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/10 15:22:15.0875 3684 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2011/06/10 15:22:16.0078 3684 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/10 15:22:16.0218 3684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/10 15:22:16.0296 3684 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/10 15:22:16.0359 3684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/10 15:22:16.0500 3684 ================================================================================
2011/06/10 15:22:16.0500 3684 Scan finished
2011/06/10 15:22:16.0500 3684 ================================================================================
2011/06/10 15:22:16.0531 3100 Detected object count: 1
2011/06/10 15:22:16.0531 3100 Actual detected object count: 1
2011/06/10 15:24:02.0125 3100 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/10 15:24:02.0125 3100 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/10 15:24:03.0546 3100 Backup copy found, using it..
2011/06/10 15:24:03.0546 3100 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/10 15:24:03.0546 3100 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/10 15:25:32.0500 2064 Deinitialize success
ll try to do the combofix again.

#12
aswartz3

Posted 10 June 2011 - 02:43 PM

Member

Topic Starter
Member
23 posts

i tried to run combo fix again but it still says AVG is active and it won't complete the scan even though i ran what you told me to and it is not showing on my "add and remove programs"

#13
Gammo

Posted 11 June 2011 - 05:21 AM

Member 2k

Malware Removal
2,299 posts

Hi,

Run OTL again

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.

#14
Gammo

Posted 12 July 2011 - 07:42 AM

Member 2k

Malware Removal
2,299 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.