Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help needed with virus removal--possible Google redirect/Trojan.Agent

Started by MichelleL , Jun 20 2011 09:22 AM

  • This topic is locked This topic is locked

#1
MichelleL
Posted 20 June 2011 - 09:22 AM

MichelleL

    New Member

  • Member
  • Pip
  • 8 posts
I need some help completely removing some malware from my system. I believe it was a Google redirect virus, as Google would redirect whenever I clicked on a search result. I am not positive how the infection was acquired (my laptop is shared within the family), but my guess would be through streaming video.

I have run multiple malware detection programs on my computer and each one detects threats. I have currently removed all malware detection programs from my computer except for Malwarebytes. The Google redirect virus does not seem to be having an effect on browsing at this time. However, threats continue to be found during Malwarebytes scans.

I have followed the directions at the Mlaware and Spyware Cleaning Guideto the letter. TDSS killer found two infections, one of which seems to have been eliminated and one that has not been. After that, I ran Malwarebytes, which picked up 4 Trojan.Agent files, which cannot be taken care of, even when the system is rebooted. I have tried deleting those 4 registry keys (which can be seen in the Malwarebytes log below) to no avail. I have tried to change the permissions on those registry keys so that they could be deleted, also to no avail.

Thank you for your time and effort on my behalf. I will be patiently waiting for your reply.

OTL LOG:
OTL logfile created on: 6/20/2011 9:58:15 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Mel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 59.12% Memory free
1.46 Gb Paging File | 1.15 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.64 Gb Total Space | 48.40 Gb Free Space | 67.56% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
PRC - [2010/04/02 06:40:25 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/13 11:23:56 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/05/13 11:23:50 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 12:40:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/07/25 17:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/04/03 04:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/12/11 10:12:15 | 000,019,456 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gjrespjz.dat -- (jxuoomvo)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/09/19 03:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/01 20:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/09/09 11:29:00 | 000,407,360 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/06/30 10:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2004/06/25 18:15:54 | 000,315,392 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://huskymail.mtu.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/19 20:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/19 20:12:54 | 000,000,000 | ---D | M]

[2008/12/09 23:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Extensions
[2011/06/17 21:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions
[2009/10/31 11:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/15 19:37:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\[email protected]
[2008/05/26 16:33:16 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\blogmusik.xml
[2008/03/08 19:14:48 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.gif
[2008/03/08 19:14:48 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.src
[2008/03/06 20:38:11 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.xml
[2011/06/19 20:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/22 09:51:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/12/16 21:30:59 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/12/08 14:13:55 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2011/06/19 22:56:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {D5440609-0F57-4548-B38A-EDB149428027} - File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1212833595875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.piclens.c...ed/plinstll.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 09:57:27 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 09:50:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/06/19 23:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\tdsskiller
[2011/06/19 23:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\GooredFix Backups
[2011/06/19 23:04:10 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:56:30 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/19 22:55:11 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\erunt
[2011/06/19 20:19:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/19 16:45:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 16:38:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 16:38:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 16:38:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 16:38:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 16:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/19 16:38:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 15:09:22 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/06/19 15:09:22 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/06/19 15:09:22 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/06/19 15:09:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/06/19 15:09:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/06/19 15:09:22 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/06/19 15:09:22 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/06/18 17:35:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/18 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/18 17:34:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/18 17:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/18 17:32:37 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 14:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\Acrobat 9.0
[2011/06/14 18:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/14 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/14 17:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/14 13:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Local Settings\Application Data\{E9AFDEC4-74E1-496F-933A-178381E1C3D0}
[2011/06/10 11:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/06/06 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/02 16:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2005/07/09 21:44:45 | 004,827,968 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 1.0.4.exe

========== Files - Modified Within 30 Days ==========

[2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 09:27:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 09:27:47 | 1333,198,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 02:04:21 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 02:04:21 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 23:06:16 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/19 23:04:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:56:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/19 22:55:14 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:05 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 21:33:14 | 000,303,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/19 20:11:07 | 000,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/19 16:45:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/19 15:36:03 | 000,004,932 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/18 17:33:28 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 16:34:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 21:27:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/15 15:41:00 | 000,233,472 | RHS- | M] () -- C:\WINDOWS\System32\slbrccsps.dll
[2011/06/14 16:19:07 | 000,017,594 | -HS- | M] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/06/14 16:19:07 | 000,017,594 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/06/14 16:11:12 | 000,007,128 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2755211163
[2011/06/14 16:10:47 | 000,002,964 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3516354164
[2011/06/14 16:10:47 | 000,002,964 | -HS- | M] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\2755211163
[2011/06/14 14:04:10 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Mel\Application Data\mlog
[2011/06/14 13:34:42 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Mel\Application Data\inlog
[2011/06/14 13:29:51 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Mel\Application Data\ylog
[2011/06/14 13:16:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ppemubadisuvubov.bin
[2011/06/14 13:16:49 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jqazahixowetohek.dat
[2011/06/13 21:58:18 | 000,085,804 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/13 16:13:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/19 23:05:41 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/19 22:54:04 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 19:58:33 | 1333,198,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 16:45:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 16:45:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 16:38:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 16:38:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 16:38:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 16:38:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 16:38:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/19 15:10:01 | 000,004,932 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/19 15:09:22 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/06/19 15:09:22 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/06/15 15:41:00 | 000,233,472 | RHS- | C] () -- C:\WINDOWS\System32\slbrccsps.dll
[2011/06/14 16:10:25 | 000,002,964 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3516354164
[2011/06/14 16:10:25 | 000,002,964 | -HS- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\2755211163
[2011/06/14 16:09:58 | 000,017,594 | -HS- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/06/14 16:09:58 | 000,007,128 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2755211163
[2011/06/14 15:58:42 | 000,017,594 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/06/14 15:58:42 | 000,009,902 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/06/14 13:18:40 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Mel\Application Data\inlog
[2011/06/14 13:17:11 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Mel\Application Data\mlog
[2011/06/14 13:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ppemubadisuvubov.bin
[2011/06/14 13:16:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jqazahixowetohek.dat
[2011/06/14 13:16:43 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Mel\Application Data\ylog
[2011/04/24 16:49:18 | 000,085,804 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/13 14:51:45 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\ougt8.bin
[2010/07/07 17:52:43 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTWiz.html
[2010/07/07 13:13:09 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTApp.html
[2010/03/01 09:51:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/20 18:12:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/22 09:46:45 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/11/01 17:26:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/08/02 18:12:41 | 001,854,464 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3938.msi
[2008/06/19 12:02:33 | 001,699,328 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iefull-release-1.7.0.3458.msi
[2008/06/10 05:37:08 | 001,579,008 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.6.4.3021.msi
[2008/06/07 12:55:54 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/03/22 22:12:46 | 000,000,038 | -H-- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\ucache.dat
[2007/11/25 19:40:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/11/08 12:53:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/10/16 08:27:17 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\gjrespjz.dat
[2007/10/16 08:27:04 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\chxoeieh.dat
[2007/08/28 10:46:54 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 06:41:15 | 000,005,033 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/24 07:30:30 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/21 12:36:14 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/07/09 21:46:12 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/09 21:45:51 | 000,005,643 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/07/09 12:46:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/09 12:32:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/28 19:11:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/28 19:07:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/28 19:03:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/28 18:57:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/01/28 18:56:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/01/28 18:23:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/01/28 18:23:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2004/12/15 18:24:59 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,303,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2008/06/07 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/09/25 06:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2006/06/20 16:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/04/10 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2009/10/11 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2011/04/24 16:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/07/09 22:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Aim
[2005/10/12 07:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Leadertech
[2006/12/08 14:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Snapfish
[2008/06/08 06:10:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\SyncToy.job

========== Purity Check ==========



< End of report >

Malwarebytes log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6897

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/20/2011 9:26:26 AM
mbam-log-2011-06-20 (09-26-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 251354
Time elapsed: 56 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Value: bf -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Value: bk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Value: iu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Value: mu -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
BlackOxide
Posted 20 June 2011 - 12:07 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, MichelleL! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



There are quite a few infections which show in the OTL log, so lets get them removed. Then I would like you to run a scan with aswMBR. Just follow the steps below :yes:


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - [2007/12/11 10:12:15 | 000,019,456 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gjrespjz.dat -- (jxuoomvo)
O2 - BHO: (no name) - {D5440609-0F57-4548-B38A-EDB149428027} - File not found
[2011/06/15 15:41:00 | 000,233,472 | RHS- | M] () -- C:\WINDOWS\System32\slbrccsps.dll
[2011/06/14 16:19:07 | 000,017,594 | -HS- | M] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/06/14 16:19:07 | 000,017,594 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/06/14 16:11:12 | 000,007,128 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2755211163
[2011/06/14 16:10:47 | 000,002,964 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3516354164
[2011/06/14 16:10:47 | 000,002,964 | -HS- | M] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\2755211163
[2011/06/14 14:04:10 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Mel\Application Data\mlog
[2011/06/14 13:34:42 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Mel\Application Data\inlog
[2011/06/14 13:29:51 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Mel\Application Data\ylog
[2011/06/14 13:16:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ppemubadisuvubov.bin
[2011/06/14 13:16:49 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jqazahixowetohek.dat
[2010/10/13 14:51:45 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\ougt8.bin
[2007/10/16 08:27:17 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\gjrespjz.dat
[2007/10/16 08:27:04 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\chxoeieh.dat

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




2)
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image




3)
Can you check to see if the following file is present on your PC - C:\ComboFix.txt
If this text file is there, could you open it and then copy and paste the contents into your next reply please.




In your next reply
Please post the contents of...
OTL log
aswMBR log
ComboFix.txt (if present)
  • 0

#3
MichelleL
Posted 20 June 2011 - 12:36 PM

MichelleL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for such a quick response! I very much appreciate your help.

OTL LOG:
OTL logfile created on: 6/20/2011 1:18:30 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Mel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 67.76% Memory free
1.46 Gb Paging File | 1.24 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.64 Gb Total Space | 48.34 Gb Free Space | 67.48% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
PRC - [2009/12/22 00:26:01 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2009/12/21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/12/21 17:35:11 | 000,148,928 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/13 11:23:56 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/05/13 11:23:50 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 12:40:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/07/25 17:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/04/03 04:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/12/11 10:12:15 | 000,019,456 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gjrespjz.dat -- (jxuoomvo)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/09/19 03:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/01 20:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/09/09 11:29:00 | 000,407,360 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/06/30 10:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2004/06/25 18:15:54 | 000,315,392 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://huskymail.mtu.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/19 20:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/19 20:12:54 | 000,000,000 | ---D | M]

[2008/12/09 23:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Extensions
[2011/06/20 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions
[2009/10/31 11:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/15 19:37:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\[email protected]
[2008/05/26 16:33:16 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\blogmusik.xml
[2008/03/08 19:14:48 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.gif
[2008/03/08 19:14:48 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.src
[2008/03/06 20:38:11 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.xml
[2011/06/20 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/22 09:51:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/12/16 21:30:59 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/12/08 14:13:55 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2011/06/20 13:14:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {D5440609-0F57-4548-B38A-EDB149428027} - File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Mel\Desktop\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1212833595875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.piclens.c...ed/plinstll.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 13:13:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/20 09:57:27 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 09:50:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/06/19 23:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\tdsskiller
[2011/06/19 23:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\GooredFix Backups
[2011/06/19 23:04:10 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:56:30 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/19 22:55:11 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\erunt
[2011/06/19 20:19:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/19 16:45:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 16:38:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 16:38:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 16:38:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 16:38:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 16:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/19 16:38:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 15:09:22 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/06/19 15:09:22 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/06/19 15:09:22 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/06/19 15:09:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/06/19 15:09:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/06/19 15:09:22 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/06/19 15:09:22 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/06/18 17:35:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/18 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/18 17:34:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/18 17:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/18 17:32:37 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 14:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\Acrobat 9.0
[2011/06/14 18:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/14 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/14 17:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/14 13:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Local Settings\Application Data\{E9AFDEC4-74E1-496F-933A-178381E1C3D0}
[2011/06/10 11:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/06/06 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/02 16:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2005/07/09 21:44:45 | 004,827,968 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 1.0.4.exe

========== Files - Modified Within 30 Days ==========

[2011/06/20 13:16:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 13:16:21 | 1333,198,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 13:14:17 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 02:04:21 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 02:04:21 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 23:06:16 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/19 23:04:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:55:14 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:05 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 21:33:14 | 000,303,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/19 20:11:07 | 000,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/19 16:45:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/19 15:36:03 | 000,004,932 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/18 17:33:28 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 16:34:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 21:27:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/13 21:58:18 | 000,085,804 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/13 16:13:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/19 23:05:41 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/19 22:54:04 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 19:58:33 | 1333,198,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 16:45:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 16:45:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 16:38:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 16:38:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 16:38:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 16:38:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 16:38:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/19 15:10:01 | 000,004,932 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/19 15:09:22 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/06/19 15:09:22 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/06/14 15:58:42 | 000,009,902 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/04/24 16:49:18 | 000,085,804 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/07 17:52:43 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTWiz.html
[2010/07/07 13:13:09 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTApp.html
[2010/03/01 09:51:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/20 18:12:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/22 09:46:45 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/11/01 17:26:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/08/02 18:12:41 | 001,854,464 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3938.msi
[2008/06/19 12:02:33 | 001,699,328 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iefull-release-1.7.0.3458.msi
[2008/06/10 05:37:08 | 001,579,008 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.6.4.3021.msi
[2008/06/07 12:55:54 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/03/22 22:12:46 | 000,000,038 | -H-- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\ucache.dat
[2007/11/25 19:40:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/11/08 12:53:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/10/16 08:27:17 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\gjrespjz.dat
[2007/10/16 08:27:04 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\chxoeieh.dat
[2007/08/28 10:46:54 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 06:41:15 | 000,005,033 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/24 07:30:30 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/21 12:36:14 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/07/09 21:46:12 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/09 21:45:51 | 000,005,643 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/07/09 12:46:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/09 12:32:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/28 19:11:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/28 19:07:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/28 19:03:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/28 18:57:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/01/28 18:56:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/01/28 18:23:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/01/28 18:23:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2004/12/15 18:24:59 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,303,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2008/06/07 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/09/25 06:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2006/06/20 16:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/04/10 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2009/10/11 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2011/04/24 16:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/07/09 22:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Aim
[2005/10/12 07:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Leadertech
[2006/12/08 14:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Snapfish
[2008/06/08 06:10:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\SyncToy.job

========== Purity Check ==========



< End of report >


aswMBR log:
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-20 13:32:15
-----------------------------
13:32:15.109 OS Version: Windows 5.1.2600 Service Pack 3
13:32:15.109 Number of processors: 1 586 0xD08
13:32:15.109 ComputerName: LAPTOP UserName: Mel
13:32:16.031 Initialize success
13:32:23.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:32:23.484 Disk 0 Vendor: FUJITSU_MHT2080AT 0022 Size: 76319MB BusType: 3
13:32:25.515 Disk 0 MBR read successfully
13:32:25.515 Disk 0 MBR scan
13:32:25.515 Disk 0 unknown MBR code
13:32:27.515 Disk 0 scanning sectors +156296385
13:32:27.546 Disk 0 scanning C:\WINDOWS\system32\drivers
13:32:36.656 Service scanning
13:32:38.125 Disk 0 trace - called modules:
13:32:38.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:32:38.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a319ab8]
13:32:38.156 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a3938b8]
13:32:38.171 Scan finished successfully
13:32:55.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mel\Desktop\MBR.dat"
13:32:55.875 The log file has been saved successfully to "C:\Documents and Settings\Mel\Desktop\aswMBR6_20_2011.txt"



ComboFix.txt:
ComboFix 11-06-17.04 - Mel 06/19/2011 16:53:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.919 [GMT -5:00]
Running from: c:\documents and settings\Mel\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\check_LSA7.txt
c:\program files\Common Files\ystem~1
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\fse
c:\temp\fse\tmpZTF.log
c:\windows\system32\C2
c:\windows\system32\f10WtR
c:\windows\system32\ycbeg.bak1
c:\windows\system32\ycbeg.bak2
c:\windows\system32\ycbeg.tmp
c:\windows\system32\Z1
c:\windows\system32\Z2
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-19 20:10 . 2011-06-19 20:36 4932 ----a-w- c:\windows\system32\tmp.reg
2011-06-19 20:09 . 2009-06-02 16:17 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2011-06-19 20:09 . 2008-12-12 06:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2011-06-19 20:09 . 2008-11-29 23:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe
2011-06-19 20:09 . 2008-10-01 20:51 87552 ----a-w- c:\windows\system32\VACFix.exe
2011-06-19 20:09 . 2008-09-20 17:45 80384 ----a-w- c:\windows\system32\o4Patch.exe
2011-06-19 20:09 . 2008-08-18 17:19 82432 ----a-w- c:\windows\system32\404Fix.exe
2011-06-19 20:09 . 2008-05-19 02:40 82944 ----a-w- c:\windows\system32\IEDFix.exe
2011-06-19 20:09 . 2007-09-06 05:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2011-06-19 20:09 . 2006-04-27 22:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2011-06-19 20:09 . 2004-07-31 23:50 51200 ----a-w- c:\windows\system32\dumphive.exe
2011-06-19 20:09 . 2003-06-06 02:13 53248 ----a-w- c:\windows\system32\Process.exe
2011-06-18 22:35 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 22:34 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 22:34 . 2011-06-18 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-16 20:12 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-15 20:41 . 2011-06-15 20:41 233472 --sha-r- c:\windows\system32\slbrccsps.dll
2011-06-14 22:53 . 2011-06-14 22:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-14 21:58 . 2011-06-14 21:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-14 21:52 . 2011-06-14 21:57 -------- d-s---w- c:\documents and settings\Administrator
2011-06-14 18:16 . 2011-06-14 18:16 0 ----a-w- c:\windows\Ppemubadisuvubov.bin
2011-06-14 18:16 . 2011-06-14 21:57 -------- d-----w- c:\documents and settings\Mel\Local Settings\Application Data\{E9AFDEC4-74E1-496F-933A-178381E1C3D0}
2011-06-10 16:45 . 2011-06-18 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-06-06 21:12 . 2011-06-06 21:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-06-02 21:32 . 2011-06-02 21:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 18:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2004-08-10 18:51 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2004-08-10 18:50 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-10 18:51 389120 ----a-w- c:\windows\system32\html.iec
2011-04-24 21:31 . 2011-04-24 21:31 1409 ----a-w- c:\windows\QTFont.for
2011-04-21 13:37 . 2004-08-10 18:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2005-07-10 02:44 . 2005-07-10 02:44 4827968 ----a-w- c:\program files\Firefox Setup 1.0.4.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 86016]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-9 113664]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ALG"=3 (0x3)
"CryptSvc"=3 (0x3)
"MSDTC"=3 (0x3)
"ERSvc"=2 (0x2)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"TermService"=3 (0x3)
"UPS"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [6/7/2008 12:55 PM 37864]
R0 jxuoomvo;jxuoomvo;c:\windows\system32\drivers\gjrespjz.dat --> c:\windows\system32\drivers\gjrespjz.dat [?]
S3 jswimd;jswimd Service;c:\windows\system32\DRIVERS\jswimd.sys --> c:\windows\system32\DRIVERS\jswimd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2008-06-08 c:\windows\Tasks\SyncToy.job
- c:\documents and settings\Mel\Start Menu\Programs\SyncToy.lnk [2007-09-29 07:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.piclens.com/shared/plinstll.cab
FF - ProfilePath - c:\documents and settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://huskymail.mtu.edu/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1D506310-B70F-43C4-93E0-68FF0ED35EC8} - (no file)
BHO-{3F496EB2-39F0-45EA-B9EC-FAC7F0ABD295} - (no file)
BHO-{7A1DA5FB-4642-4B90-3025-4971B577C2EE} - (no file)
BHO-{8695739D-497C-487F-AA0D-EEE2BC7F42C4} - (no file)
BHO-{D5440609-0F57-4548-B38A-EDB149428027} - c:\windows\system32\eventcl.dll
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Notify-itlntfy - itlnfw32.dll
MSConfigStartUp-AutoSave - c:\program files\Avanquest\AutoSave\AutoSave.exe
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6009\SiteAdv.exe
MSConfigStartUp-WebBuying - c:\program files\Web Buying\v1.8.4\webbuying.exe
MSConfigStartUp-winshow - c:\windows\winshow.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 17:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jxuoomvo]
"ImagePath"="system32\drivers\gjrespjz.dat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1448)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-06-19 17:26:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-19 22:26
.
Pre-Run: 45,537,652,736 bytes free
Post-Run: 46,221,496,320 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9C9555D3EF0D2194215D7462E2B8B140
  • 0

#4
BlackOxide
Posted 20 June 2011 - 02:47 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, thanks for the logs. OTL has removed most of those infections, but there seems to be a couple that still don't want to go at this moment in time. We'll start hitting them harder soon :)

Can you get a fresh ComboFix scan done by following the instructions below. You will need to remove the current copy of ComboFix from your Desktop, if it is still present.



Delete your current ComboFix.exe from your PC
Then, download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.
  • 0

#5
MichelleL
Posted 20 June 2011 - 03:22 PM

MichelleL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 11-06-19.0r1 - Mel 06/20/2011 16:07:33.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.839 [GMT -5:00]
Running from: c:\documents and settings\Mel\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mel\Local Settings\Application Data\{E9AFDEC4-74E1-496F-933A-178381E1C3D0}
c:\documents and settings\Mel\Local Settings\Application Data\{E9AFDEC4-74E1-496F-933A-178381E1C3D0}\chrome\content\_cfg.js
c:\documents and settings\Mel\Local Settings\Application Data\{E9AFDEC4-74E1-496F-933A-178381E1C3D0}\chrome\content\overlay.xul
c:\documents and settings\Mel\Local Settings\Application Data\{E9AFDEC4-74E1-496F-933A-178381E1C3D0}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 18:13 . 2011-06-20 18:13 -------- d-----w- C:\_OTL
2011-06-20 14:50 . 2011-06-20 14:50 -------- d-----w- C:\TDSSKiller_Quarantine
2011-06-20 03:56 . 2011-06-20 03:56 -------- d-----w- C:\_OTM
2011-06-19 20:10 . 2011-06-19 20:36 4932 ----a-w- c:\windows\system32\tmp.reg
2011-06-19 20:09 . 2009-06-02 16:17 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2011-06-19 20:09 . 2008-12-12 06:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2011-06-19 20:09 . 2008-11-29 23:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe
2011-06-19 20:09 . 2008-10-01 20:51 87552 ----a-w- c:\windows\system32\VACFix.exe
2011-06-19 20:09 . 2008-09-20 17:45 80384 ----a-w- c:\windows\system32\o4Patch.exe
2011-06-19 20:09 . 2008-08-18 17:19 82432 ----a-w- c:\windows\system32\404Fix.exe
2011-06-19 20:09 . 2008-05-19 02:40 82944 ----a-w- c:\windows\system32\IEDFix.exe
2011-06-19 20:09 . 2007-09-06 05:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2011-06-19 20:09 . 2006-04-27 22:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2011-06-19 20:09 . 2004-07-31 23:50 51200 ----a-w- c:\windows\system32\dumphive.exe
2011-06-19 20:09 . 2003-06-06 02:13 53248 ----a-w- c:\windows\system32\Process.exe
2011-06-18 22:35 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 22:34 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 22:34 . 2011-06-18 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-16 20:12 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-14 22:53 . 2011-06-14 22:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-14 21:58 . 2011-06-14 21:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-14 21:52 . 2011-06-14 21:57 -------- d-s---w- c:\documents and settings\Administrator
2011-06-10 16:45 . 2011-06-18 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-06-06 21:12 . 2011-06-06 21:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-06-02 21:32 . 2011-06-02 21:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 18:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2004-08-10 18:51 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2004-08-10 18:50 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-10 18:51 389120 ----a-w- c:\windows\system32\html.iec
2011-04-24 21:31 . 2011-04-24 21:31 1409 ----a-w- c:\windows\QTFont.for
2011-04-21 13:37 . 2004-08-10 18:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2005-07-10 02:44 . 2005-07-10 02:44 4827968 ----a-w- c:\program files\Firefox Setup 1.0.4.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5440609-0F57-4548-B38A-EDB149428027}]
c:\windows\system32\eventcl.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\documents and settings\Mel\Desktop\OTL.exe" [2011-06-20 579072]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-9 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ALG"=3 (0x3)
"CryptSvc"=3 (0x3)
"MSDTC"=3 (0x3)
"ERSvc"=2 (0x2)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"TermService"=3 (0x3)
"UPS"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 jxuoomvo;jxuoomvo;c:\windows\system32\drivers\gjrespjz.dat --> c:\windows\system32\drivers\gjrespjz.dat [?]
S3 jswimd;jswimd Service;c:\windows\system32\DRIVERS\jswimd.sys --> c:\windows\system32\DRIVERS\jswimd.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2011 5:35 PM 39984]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - JXUOOMVO
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2008-06-08 c:\windows\Tasks\SyncToy.job
- c:\documents and settings\Mel\Start Menu\Programs\SyncToy.lnk [2007-09-29 07:00]
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.piclens.com/shared/plinstll.cab
FF - ProfilePath - c:\documents and settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://huskymail.mtu.edu/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jxuoomvo]
"ImagePath"="system32\drivers\gjrespjz.dat"
.
Completion time: 2011-06-20 16:21:25
ComboFix-quarantined-files.txt 2011-06-20 21:21
.
Pre-Run: 51,684,102,144 bytes free
Post-Run: 51,934,965,760 bytes free
.
- - End Of File - - 989CCE5892285AD810B673715FFA1D20
  • 0

#6
BlackOxide
Posted 20 June 2011 - 04:02 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Lets now try and remove these stubborn infections. Follow the instructions below carefully, then get back to me with the log again at the end please.



Remove Items with ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste all of the text in the quotebox below into it (including the http line):

http://www.geekstogo.com/forum/topic/302931-help-needed-with-virus-removal-possible-google-redirecttrojanagent/page__view__findpost__p__2027511

KillAll::

Collect::
c:\windows\system32\drivers\gjrespjz.dat

Driver::
jxuoomvo

Folder::
C:\Documents and Settings\NetworkService\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s

Save this as CFScript.txt to the Desktop


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

#7
MichelleL
Posted 20 June 2011 - 04:42 PM

MichelleL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 11-06-19.0r1 - Mel 06/20/2011 17:16:43.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.782 [GMT -5:00]
Running from: c:\documents and settings\Mel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mel\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
file zipped: c:\windows\system32\drivers\gjrespjz.dat
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JXUOOMVO
-------\Service_jxuoomvo
.
.
((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 18:13 . 2011-06-20 18:13 -------- d-----w- C:\_OTL
2011-06-20 14:50 . 2011-06-20 14:50 -------- d-----w- C:\TDSSKiller_Quarantine
2011-06-20 03:56 . 2011-06-20 03:56 -------- d-----w- C:\_OTM
2011-06-19 20:10 . 2011-06-19 20:36 4932 ----a-w- c:\windows\system32\tmp.reg
2011-06-19 20:09 . 2009-06-02 16:17 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2011-06-19 20:09 . 2008-12-12 06:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2011-06-19 20:09 . 2008-11-29 23:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe
2011-06-19 20:09 . 2008-10-01 20:51 87552 ----a-w- c:\windows\system32\VACFix.exe
2011-06-19 20:09 . 2008-09-20 17:45 80384 ----a-w- c:\windows\system32\o4Patch.exe
2011-06-19 20:09 . 2008-08-18 17:19 82432 ----a-w- c:\windows\system32\404Fix.exe
2011-06-19 20:09 . 2008-05-19 02:40 82944 ----a-w- c:\windows\system32\IEDFix.exe
2011-06-19 20:09 . 2007-09-06 05:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2011-06-19 20:09 . 2006-04-27 22:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2011-06-19 20:09 . 2004-07-31 23:50 51200 ----a-w- c:\windows\system32\dumphive.exe
2011-06-19 20:09 . 2003-06-06 02:13 53248 ----a-w- c:\windows\system32\Process.exe
2011-06-18 22:35 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 22:34 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 22:34 . 2011-06-18 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-16 20:12 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-14 22:53 . 2011-06-14 22:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-14 21:58 . 2011-06-14 21:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-14 21:52 . 2011-06-14 21:57 -------- d-s---w- c:\documents and settings\Administrator
2011-06-10 16:45 . 2011-06-18 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-06-06 21:12 . 2011-06-06 21:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-06-02 21:32 . 2011-06-02 21:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 18:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2004-08-10 18:51 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2004-08-10 18:50 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-10 18:51 389120 ----a-w- c:\windows\system32\html.iec
2011-04-24 21:31 . 2011-04-24 21:31 1409 ----a-w- c:\windows\QTFont.for
2011-04-21 13:37 . 2004-08-10 18:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2005-07-10 02:44 . 2005-07-10 02:44 4827968 ----a-w- c:\program files\Firefox Setup 1.0.4.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5440609-0F57-4548-B38A-EDB149428027}]
c:\windows\system32\eventcl.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-9 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ALG"=3 (0x3)
"CryptSvc"=3 (0x3)
"MSDTC"=3 (0x3)
"ERSvc"=2 (0x2)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"TermService"=3 (0x3)
"UPS"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S3 jswimd;jswimd Service;c:\windows\system32\DRIVERS\jswimd.sys --> c:\windows\system32\DRIVERS\jswimd.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2011 5:35 PM 39984]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2008-06-08 c:\windows\Tasks\SyncToy.job
- c:\documents and settings\Mel\Start Menu\Programs\SyncToy.lnk [2007-09-29 07:00]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.piclens.com/shared/plinstll.cab
FF - ProfilePath - c:\documents and settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://huskymail.mtu.edu/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 17:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2308)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-06-20 17:32:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-20 22:32
ComboFix2.txt 2011-06-20 21:21
.
Pre-Run: 51,978,633,216 bytes free
Post-Run: 51,874,553,856 bytes free
.
- - End Of File - - 47FC1A615CC734A648A8AA84517CC288
Upload was successful
  • 0

#8
BlackOxide
Posted 20 June 2011 - 04:57 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Nicely done :)

Could you now try new scans with TDSSKiller and MBAM please. Also, could you do a fresh OTL scan, so I can check that the previous infections have now been removed.


1)
Run a fresh TDSSKiller scan by downloading the latest version

Please read carefully and follow these steps.
  • Delete your current copy of TDSSKiller and then Download a new copy from here and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




2)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




3)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




In your next reply
Please post the contents of...
TDSSKiller log
MBAM log
OTL log
  • 0

#9
MichelleL
Posted 20 June 2011 - 05:26 PM

MichelleL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
TDSSKiller Log:
2011/06/20 18:05:23.0437 1488 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/20 18:05:24.0046 1488 ================================================================================
2011/06/20 18:05:24.0046 1488 SystemInfo:
2011/06/20 18:05:24.0046 1488
2011/06/20 18:05:24.0046 1488 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/20 18:05:24.0046 1488 Product type: Workstation
2011/06/20 18:05:24.0046 1488 ComputerName: LAPTOP
2011/06/20 18:05:24.0046 1488 UserName: Mel
2011/06/20 18:05:24.0046 1488 Windows directory: C:\WINDOWS
2011/06/20 18:05:24.0046 1488 System windows directory: C:\WINDOWS
2011/06/20 18:05:24.0046 1488 Processor architecture: Intel x86
2011/06/20 18:05:24.0046 1488 Number of processors: 1
2011/06/20 18:05:24.0046 1488 Page size: 0x1000
2011/06/20 18:05:24.0046 1488 Boot type: Normal boot
2011/06/20 18:05:24.0046 1488 ================================================================================
2011/06/20 18:05:25.0828 1488 Initialize success
2011/06/20 18:05:29.0234 3544 ================================================================================
2011/06/20 18:05:29.0234 3544 Scan started
2011/06/20 18:05:29.0234 3544 Mode: Manual;
2011/06/20 18:05:29.0234 3544 ================================================================================
2011/06/20 18:05:32.0265 3544 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/20 18:05:32.0515 3544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/20 18:05:32.0625 3544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/20 18:05:32.0750 3544 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/20 18:05:32.0890 3544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/20 18:05:33.0281 3544 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/20 18:05:33.0421 3544 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/20 18:05:33.0546 3544 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/20 18:05:33.0656 3544 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/20 18:05:33.0796 3544 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/20 18:05:33.0921 3544 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/20 18:05:34.0281 3544 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/20 18:05:34.0421 3544 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/20 18:05:34.0562 3544 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/20 18:05:34.0671 3544 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/20 18:05:34.0843 3544 Appdrv (ec94e05b76d033b74394e7b2175103cf) C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
2011/06/20 18:05:35.0078 3544 AR5211 (9b4116232c1135fd9bfddb72ab6e4586) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/06/20 18:05:35.0484 3544 AR5416 (43cb9e73a60d27ad069046b88cc4efeb) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/06/20 18:05:35.0765 3544 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/20 18:05:35.0890 3544 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/20 18:05:36.0140 3544 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/20 18:05:36.0281 3544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/20 18:05:36.0484 3544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/20 18:05:36.0828 3544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/20 18:05:37.0046 3544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/20 18:05:37.0218 3544 BCM43XX (52d67c5465c01913b03b7daca0cc4077) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/20 18:05:37.0453 3544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/20 18:05:37.0750 3544 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/20 18:05:38.0015 3544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/20 18:05:38.0265 3544 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/20 18:05:38.0359 3544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/20 18:05:38.0546 3544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/20 18:05:38.0734 3544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/20 18:05:39.0062 3544 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/20 18:05:39.0156 3544 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/20 18:05:39.0328 3544 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/20 18:05:39.0484 3544 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/20 18:05:39.0687 3544 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/20 18:05:39.0843 3544 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/20 18:05:39.0968 3544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/20 18:05:40.0187 3544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/20 18:05:40.0390 3544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/20 18:05:40.0671 3544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/20 18:05:40.0812 3544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/20 18:05:40.0984 3544 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/20 18:05:41.0281 3544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/20 18:05:41.0515 3544 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/20 18:05:41.0687 3544 eeCtrl (a9185543bc0da72b19e52b97327b6ca2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/20 18:05:42.0046 3544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/20 18:05:42.0265 3544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/20 18:05:42.0406 3544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/20 18:05:42.0703 3544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/20 18:05:42.0875 3544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/20 18:05:43.0453 3544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/20 18:05:43.0828 3544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/20 18:05:43.0968 3544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/20 18:05:44.0109 3544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/20 18:05:44.0406 3544 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/20 18:05:44.0578 3544 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/20 18:05:44.0734 3544 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/06/20 18:05:44.0875 3544 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/20 18:05:45.0109 3544 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2011/06/20 18:05:45.0500 3544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/20 18:05:45.0671 3544 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/20 18:05:45.0796 3544 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/20 18:05:46.0109 3544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/20 18:05:46.0328 3544 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/20 18:05:46.0578 3544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/20 18:05:46.0718 3544 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/20 18:05:47.0046 3544 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/20 18:05:47.0156 3544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/20 18:05:47.0296 3544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/20 18:05:47.0406 3544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/20 18:05:47.0781 3544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/20 18:05:47.0968 3544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/20 18:05:48.0109 3544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/20 18:05:48.0437 3544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/20 18:05:48.0625 3544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/20 18:05:48.0859 3544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/20 18:05:49.0156 3544 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/20 18:05:49.0328 3544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/20 18:05:49.0468 3544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/20 18:05:49.0937 3544 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/20 18:05:50.0187 3544 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/20 18:05:50.0359 3544 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/06/20 18:05:50.0531 3544 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/06/20 18:05:50.0828 3544 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/06/20 18:05:51.0000 3544 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/06/20 18:05:51.0187 3544 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
2011/06/20 18:05:51.0421 3544 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/06/20 18:05:51.0640 3544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/20 18:05:51.0765 3544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/20 18:05:52.0000 3544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/20 18:05:52.0250 3544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/20 18:05:52.0375 3544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/20 18:05:52.0656 3544 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/20 18:05:52.0921 3544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/20 18:05:53.0421 3544 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/20 18:05:53.0671 3544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/20 18:05:53.0937 3544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/20 18:05:54.0062 3544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/20 18:05:54.0265 3544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/20 18:05:54.0515 3544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/20 18:05:54.0687 3544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/20 18:05:54.0906 3544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/20 18:05:55.0187 3544 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/20 18:05:55.0375 3544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/20 18:05:55.0531 3544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/20 18:05:55.0656 3544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/20 18:05:55.0843 3544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/20 18:05:56.0015 3544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/20 18:05:56.0328 3544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/20 18:05:56.0593 3544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/20 18:05:56.0765 3544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/20 18:05:57.0109 3544 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/20 18:05:57.0406 3544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/20 18:05:57.0546 3544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/20 18:05:57.0687 3544 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/06/20 18:05:57.0843 3544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/20 18:05:58.0078 3544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/20 18:05:58.0343 3544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/20 18:05:58.0984 3544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/20 18:05:59.0171 3544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/20 18:05:59.0312 3544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/20 18:05:59.0953 3544 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/20 18:06:00.0093 3544 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/20 18:06:00.0375 3544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/20 18:06:00.0625 3544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/20 18:06:00.0703 3544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/20 18:06:00.0968 3544 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/20 18:06:01.0125 3544 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/20 18:06:01.0328 3544 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/20 18:06:01.0578 3544 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/20 18:06:01.0640 3544 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/20 18:06:01.0796 3544 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/20 18:06:02.0000 3544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/20 18:06:02.0312 3544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/20 18:06:02.0453 3544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/20 18:06:02.0578 3544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/20 18:06:02.0796 3544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/20 18:06:03.0031 3544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/20 18:06:03.0234 3544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/20 18:06:03.0390 3544 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/20 18:06:03.0593 3544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/20 18:06:03.0921 3544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/20 18:06:04.0156 3544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/20 18:06:04.0359 3544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/20 18:06:04.0468 3544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/20 18:06:04.0921 3544 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/20 18:06:05.0109 3544 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/20 18:06:05.0296 3544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/20 18:06:05.0515 3544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/20 18:06:05.0796 3544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/20 18:06:06.0093 3544 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
2011/06/20 18:06:06.0359 3544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/20 18:06:06.0562 3544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/20 18:06:06.0828 3544 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/20 18:06:07.0015 3544 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/20 18:06:07.0171 3544 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/20 18:06:07.0406 3544 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/20 18:06:07.0671 3544 SynTP (24f75b01c02992ad2e800b387269c50d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/20 18:06:07.0937 3544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/20 18:06:08.0234 3544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/20 18:06:08.0484 3544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/20 18:06:08.0781 3544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/20 18:06:08.0906 3544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/20 18:06:09.0156 3544 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/20 18:06:09.0359 3544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/20 18:06:10.0265 3544 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/20 18:06:10.0437 3544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/20 18:06:10.0640 3544 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/20 18:06:10.0921 3544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/20 18:06:11.0093 3544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/20 18:06:11.0265 3544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/20 18:06:11.0375 3544 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/20 18:06:11.0687 3544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/20 18:06:11.0843 3544 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/20 18:06:12.0171 3544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/20 18:06:12.0328 3544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/20 18:06:12.0453 3544 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/20 18:06:12.0593 3544 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/20 18:06:12.0937 3544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/20 18:06:13.0140 3544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/20 18:06:13.0640 3544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/20 18:06:13.0875 3544 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/20 18:06:14.0203 3544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/20 18:06:14.0359 3544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/20 18:06:14.0453 3544 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
2011/06/20 18:06:14.0484 3544 ================================================================================
2011/06/20 18:06:14.0484 3544 Scan finished
2011/06/20 18:06:14.0484 3544 ================================================================================
2011/06/20 18:06:14.0500 2732 Detected object count: 0
2011/06/20 18:06:14.0500 2732 Actual detected object count: 0



MBAM log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6905

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/20/2011 6:15:06 PM
mbam-log-2011-06-20 (18-15-06).txt

Scan type: Quick scan
Objects scanned: 177016
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\drivers\chxoeieh.dat (Rootkit.Agent) -> Quarantined and deleted successfully.



OTL log:
OTL logfile created on: 6/20/2011 6:17:49 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Mel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 68.44% Memory free
1.46 Gb Paging File | 1.25 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.64 Gb Total Space | 48.02 Gb Free Space | 67.02% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
PRC - [2009/12/22 00:26:01 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2009/12/21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/12/21 17:35:11 | 000,148,928 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/13 11:23:56 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/05/13 11:23:50 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 12:40:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/07/25 17:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/04/03 04:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/09/19 03:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/01 20:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/09/09 11:29:00 | 000,407,360 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/06/30 10:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2004/06/25 18:15:54 | 000,315,392 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://huskymail.mtu.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/19 20:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/19 20:12:54 | 000,000,000 | ---D | M]

[2008/12/09 23:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Extensions
[2011/06/20 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions
[2009/10/31 11:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/15 19:37:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\[email protected]
[2008/05/26 16:33:16 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\blogmusik.xml
[2008/03/08 19:14:48 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.gif
[2008/03/08 19:14:48 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.src
[2008/03/06 20:38:11 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.xml
[2011/06/20 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/22 09:51:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/12/16 21:30:59 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/12/08 14:13:55 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2011/06/20 17:25:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {D5440609-0F57-4548-B38A-EDB149428027} - File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1212833595875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.piclens.c...ed/plinstll.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 18:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\tdsskiller
[2011/06/20 18:02:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/20 15:58:26 | 004,131,325 | R--- | C] (Swearware) -- C:\Documents and Settings\Mel\Desktop\ComboFix.exe
[2011/06/20 13:25:01 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mel\Desktop\aswMBR.exe
[2011/06/20 13:13:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/20 09:57:27 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 09:50:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/06/19 23:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\GooredFix Backups
[2011/06/19 23:04:10 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:56:30 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/19 22:55:11 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\erunt
[2011/06/19 16:45:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 16:38:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 16:38:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 16:38:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 16:38:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 16:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/19 16:38:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 15:09:22 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/06/19 15:09:22 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/06/19 15:09:22 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/06/19 15:09:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/06/19 15:09:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/06/19 15:09:22 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/06/19 15:09:22 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/06/18 17:35:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/18 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/18 17:34:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/18 17:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/18 17:32:37 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 14:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\Acrobat 9.0
[2011/06/14 18:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/14 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/14 17:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/10 11:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/06/06 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/02 16:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2005/07/09 21:44:45 | 004,827,968 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 1.0.4.exe

========== Files - Modified Within 30 Days ==========

[2011/06/20 18:16:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 18:16:38 | 1333,198,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 18:04:23 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/20 17:25:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/20 15:58:59 | 004,131,325 | R--- | M] (Swearware) -- C:\Documents and Settings\Mel\Desktop\ComboFix.exe
[2011/06/20 13:32:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\MBR.dat
[2011/06/20 13:26:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mel\Desktop\aswMBR.exe
[2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 02:04:21 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 02:04:21 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 23:04:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:55:14 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:05 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 21:33:14 | 000,303,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/19 20:11:07 | 000,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/19 16:45:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/19 15:36:03 | 000,004,932 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/18 17:33:28 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 16:34:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 21:27:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/13 21:58:18 | 000,085,804 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/13 16:13:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/20 18:03:43 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/20 13:32:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\MBR.dat
[2011/06/19 22:54:04 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 19:58:33 | 1333,198,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 16:45:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 16:45:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 16:38:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 16:38:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 16:38:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 16:38:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 16:38:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/19 15:10:01 | 000,004,932 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/19 15:09:22 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/06/19 15:09:22 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/06/14 15:58:42 | 000,009,902 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/04/24 16:49:18 | 000,085,804 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/07 17:52:43 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTWiz.html
[2010/07/07 13:13:09 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTApp.html
[2010/03/01 09:51:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/20 18:12:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/22 09:46:45 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/11/01 17:26:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/08/02 18:12:41 | 001,854,464 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3938.msi
[2008/06/19 12:02:33 | 001,699,328 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iefull-release-1.7.0.3458.msi
[2008/06/10 05:37:08 | 001,579,008 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.6.4.3021.msi
[2008/06/07 12:55:54 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/03/22 22:12:46 | 000,000,038 | -H-- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\ucache.dat
[2007/11/25 19:40:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/11/08 12:53:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/10/16 08:27:17 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\gjrespjz.dat
[2007/08/28 10:46:54 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 06:41:15 | 000,005,033 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/24 07:30:30 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/21 12:36:14 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/07/09 21:46:12 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/09 21:45:51 | 000,005,643 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/07/09 12:46:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/09 12:32:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/28 19:11:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/28 19:07:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/28 19:03:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/28 18:57:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/01/28 18:56:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/01/28 18:23:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/01/28 18:23:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2004/12/15 18:24:59 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,303,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2008/06/07 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/09/25 06:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2006/06/20 16:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/04/10 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2009/10/11 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2011/04/24 16:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/07/09 22:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Aim
[2005/10/12 07:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Leadertech
[2006/12/08 14:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Snapfish
[2008/06/08 06:10:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\SyncToy.job

========== Purity Check ==========



< End of report >
  • 0

#10
BlackOxide
Posted 21 June 2011 - 12:35 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hmmm, the OTL log still shows the infection is there, yet ComboFix doesn't. Lets do a custom OTL scan and see if those files are indeed there or not. Could you then get a scan done with ESET Online please.



1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

    C:\WINDOWS\System32\drivers\*.dat
C:\Documents and Settings\NetworkService\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s\*.*
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • If you are running a 64bit version of Windows, the log should be found at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic




In your next reply
Please post the contents of...
OTL log
ESET Online Scanner log
  • 0

Advertisements

#11
MichelleL
Posted 21 June 2011 - 02:47 PM

MichelleL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Log:
OTL logfile created on: 6/21/2011 1:44:16 PM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Mel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 59.75% Memory free
1.46 Gb Paging File | 1.16 Gb Available in Paging File | 79.09% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.64 Gb Total Space | 48.42 Gb Free Space | 67.59% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
PRC - [2010/04/02 06:40:25 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/13 11:23:56 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/05/13 11:23:50 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 12:40:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/07/25 17:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/04/03 04:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/09/19 03:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/01 20:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/09/09 11:29:00 | 000,407,360 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/06/30 10:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2004/06/25 18:15:54 | 000,315,392 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://huskymail.mtu.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/19 20:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/19 20:12:54 | 000,000,000 | ---D | M]

[2008/12/09 23:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Extensions
[2011/06/20 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions
[2009/10/31 11:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/15 19:37:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\[email protected]
[2008/05/26 16:33:16 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\blogmusik.xml
[2008/03/08 19:14:48 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.gif
[2008/03/08 19:14:48 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.src
[2008/03/06 20:38:11 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.xml
[2011/06/20 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/22 09:51:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/12/16 21:30:59 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/12/08 14:13:55 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2011/06/20 17:25:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {D5440609-0F57-4548-B38A-EDB149428027} - File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1212833595875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.piclens.c...ed/plinstll.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 18:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\tdsskiller
[2011/06/20 18:02:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/20 15:58:26 | 004,131,325 | R--- | C] (Swearware) -- C:\Documents and Settings\Mel\Desktop\ComboFix.exe
[2011/06/20 13:25:01 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mel\Desktop\aswMBR.exe
[2011/06/20 13:13:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/20 09:57:27 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 09:50:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/06/19 23:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\GooredFix Backups
[2011/06/19 23:04:10 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:56:30 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/19 22:55:11 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\erunt
[2011/06/19 16:45:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 16:38:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 16:38:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 16:38:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 16:38:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 16:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/19 16:38:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 15:09:22 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/06/19 15:09:22 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/06/19 15:09:22 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/06/19 15:09:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/06/19 15:09:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/06/19 15:09:22 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/06/19 15:09:22 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/06/18 17:35:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/18 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/18 17:34:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/18 17:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/18 17:32:37 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 14:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\Acrobat 9.0
[2011/06/14 18:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/14 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/14 17:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/10 11:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/06/06 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/02 16:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2005/07/09 21:44:45 | 004,827,968 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 1.0.4.exe

========== Files - Modified Within 30 Days ==========

[2011/06/21 13:38:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 13:38:11 | 1333,198,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 18:04:23 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/20 17:25:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/20 15:58:59 | 004,131,325 | R--- | M] (Swearware) -- C:\Documents and Settings\Mel\Desktop\ComboFix.exe
[2011/06/20 13:32:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\MBR.dat
[2011/06/20 13:26:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mel\Desktop\aswMBR.exe
[2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 02:04:21 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 02:04:21 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 23:04:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:55:14 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:05 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 21:33:14 | 000,303,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/19 20:11:07 | 000,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/19 16:45:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/19 15:36:03 | 000,004,932 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/18 17:33:28 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 16:34:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 21:27:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/13 21:58:18 | 000,085,804 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/13 16:13:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/20 18:03:43 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/20 13:32:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\MBR.dat
[2011/06/19 22:54:04 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 19:58:33 | 1333,198,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 16:45:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 16:45:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 16:38:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 16:38:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 16:38:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 16:38:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 16:38:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/19 15:10:01 | 000,004,932 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/19 15:09:22 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/06/19 15:09:22 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/06/14 15:58:42 | 000,009,902 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/04/24 16:49:18 | 000,085,804 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/07 17:52:43 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTWiz.html
[2010/07/07 13:13:09 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTApp.html
[2010/03/01 09:51:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/20 18:12:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/22 09:46:45 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/11/01 17:26:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/08/02 18:12:41 | 001,854,464 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3938.msi
[2008/06/19 12:02:33 | 001,699,328 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iefull-release-1.7.0.3458.msi
[2008/06/10 05:37:08 | 001,579,008 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.6.4.3021.msi
[2008/06/07 12:55:54 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/03/22 22:12:46 | 000,000,038 | -H-- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\ucache.dat
[2007/11/25 19:40:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/11/08 12:53:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/10/16 08:27:17 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\gjrespjz.dat
[2007/08/28 10:46:54 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 06:41:15 | 000,005,033 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/24 07:30:30 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/21 12:36:14 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/07/09 21:46:12 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/09 21:45:51 | 000,005,643 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/07/09 12:46:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/09 12:32:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/28 19:11:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/28 19:07:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/28 19:03:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/28 18:57:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/01/28 18:56:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/01/28 18:23:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/01/28 18:23:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2004/12/15 18:24:59 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,303,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2008/06/07 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/09/25 06:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2006/06/20 16:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/04/10 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2009/10/11 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2011/04/24 16:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/07/09 22:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Aim
[2005/10/12 07:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Leadertech
[2006/12/08 14:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Snapfish
[2008/06/08 06:10:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\SyncToy.job

========== Purity Check ==========



========== Custom Scans ==========


< C:\WINDOWS\System32\drivers\*.dat >
[2007/12/11 10:12:15 | 000,019,456 | ---- | M] () -- C:\WINDOWS\system32\drivers\gjrespjz.dat

< C:\Documents and Settings\NetworkService\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s\*.* >

< End of report >




ESET Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=889c232a9da2304ca1d342fd3c7fbf66
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-21 08:10:31
# local_time=2011-06-21 03:10:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=7937 16777214 0 25 99757544 99757544 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88304
# found=6
# cleaned=6
# scan_time=3676
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.AJL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ycbeg.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ycbeg.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ycbeg.tmp.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\20.06.2011_09.49.35\susp0000\svc0000\tsk0000.dta Win32/Agent.NOU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06202011_131307\C_WINDOWS\system32\slbrccsps.dll a variant of Win32/Kryptik.NPR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#12
BlackOxide
Posted 21 June 2011 - 05:08 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
ESET log looks positive, the only infections found, were already in Quarantine.

We'll now attempt to remove this remaining file that's being stubborn...

1)
1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\drivers\gjrespjz.dat

Drivers to delete:
jxuoomvo

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.





2)
Once Avenger has completed, please run a fresh OTL Quick Scan...

OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

    C:\WINDOWS\System32\drivers\*.dat
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




In your next reply
Please post the contents of...
Avenger log
OTL log
  • 0

#13
MichelleL
Posted 21 June 2011 - 06:00 PM

MichelleL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Avenger Log:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\drivers\gjrespjz.dat" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\jxuoomvo" not found!
Deletion of driver "jxuoomvo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.



OTL Log:
OTL logfile created on: 6/21/2011 6:55:28 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Mel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 63.49% Memory free
1.46 Gb Paging File | 1.20 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.64 Gb Total Space | 48.18 Gb Free Space | 67.26% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
PRC - [2010/04/02 06:40:25 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/13 11:23:56 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/05/13 11:23:50 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 12:40:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/07/25 17:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/04/03 04:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/09/19 03:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/01 20:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/09/09 11:29:00 | 000,407,360 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/06/30 10:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2004/06/25 18:15:54 | 000,315,392 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://huskymail.mtu.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/19 20:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/19 20:12:54 | 000,000,000 | ---D | M]

[2008/12/09 23:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Extensions
[2011/06/21 13:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions
[2009/10/31 11:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/15 19:37:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\extensions\[email protected]
[2008/05/26 16:33:16 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\blogmusik.xml
[2008/03/08 19:14:48 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.gif
[2008/03/08 19:14:48 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.src
[2008/03/06 20:38:11 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\5jos7isq.default\searchplugins\siteadvisor.xml
[2011/06/21 13:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/22 09:51:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/12/16 21:30:59 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/12/08 14:13:55 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2011/06/20 17:25:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {D5440609-0F57-4548-B38A-EDB149428027} - File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1212833595875 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.piclens.c...ed/plinstll.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 18:52:24 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/06/21 18:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\avenger
[2011/06/21 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/20 18:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\tdsskiller
[2011/06/20 18:02:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/20 15:58:26 | 004,131,325 | R--- | C] (Swearware) -- C:\Documents and Settings\Mel\Desktop\ComboFix.exe
[2011/06/20 13:25:01 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mel\Desktop\aswMBR.exe
[2011/06/20 13:13:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/20 09:57:27 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 09:50:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/06/19 23:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\GooredFix Backups
[2011/06/19 23:04:10 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:56:30 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/19 22:55:11 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\erunt
[2011/06/19 16:45:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 16:38:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 16:38:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 16:38:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 16:38:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 16:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/19 16:38:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 15:09:22 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/06/19 15:09:22 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/06/19 15:09:22 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/06/19 15:09:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/06/19 15:09:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/06/19 15:09:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/06/19 15:09:22 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/06/19 15:09:22 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/06/18 17:35:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/18 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/18 17:34:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/18 17:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/18 17:32:37 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 14:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\Acrobat 9.0
[2011/06/14 18:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/06/14 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/14 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/14 17:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/10 11:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/06/06 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/02 16:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2005/07/09 21:44:45 | 004,827,968 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 1.0.4.exe

========== Files - Modified Within 30 Days ==========

[2011/06/21 18:52:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 18:52:52 | 1333,198,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/21 18:49:13 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\avenger.zip
[2011/06/20 18:04:23 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/20 17:25:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/20 15:58:59 | 004,131,325 | R--- | M] (Swearware) -- C:\Documents and Settings\Mel\Desktop\ComboFix.exe
[2011/06/20 13:32:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\MBR.dat
[2011/06/20 13:26:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mel\Desktop\aswMBR.exe
[2011/06/20 09:57:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2011/06/20 02:04:21 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 02:04:21 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 23:04:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mel\Desktop\GooredFix.exe
[2011/06/19 22:55:14 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTM.exe
[2011/06/19 22:54:05 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 21:33:14 | 000,303,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/19 20:11:07 | 000,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/19 16:45:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/19 15:36:03 | 000,004,932 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/18 17:33:28 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/18 16:34:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 21:27:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/13 21:58:18 | 000,085,804 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/13 16:13:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/21 18:49:11 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\avenger.zip
[2011/06/20 18:03:43 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\tdsskiller.zip
[2011/06/20 13:32:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\MBR.dat
[2011/06/19 22:54:04 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\erunt.zip
[2011/06/19 19:58:33 | 1333,198,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 16:45:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 16:45:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 16:38:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 16:38:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 16:38:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 16:38:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 16:38:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/19 15:10:01 | 000,004,932 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/19 15:09:22 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/06/19 15:09:22 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/06/14 15:58:42 | 000,009,902 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\48us8w3f1to16xul6toc58xy324vsb8o1vj8118lxm1s
[2011/04/24 16:49:18 | 000,085,804 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/07 17:52:43 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTWiz.html
[2010/07/07 13:13:09 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\FASTApp.html
[2010/03/01 09:51:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/20 18:12:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/22 09:46:45 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/11/01 17:26:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/08/02 18:12:41 | 001,854,464 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3938.msi
[2008/06/19 12:02:33 | 001,699,328 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iefull-release-1.7.0.3458.msi
[2008/06/10 05:37:08 | 001,579,008 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\piclens-win-iemin-release-1.6.4.3021.msi
[2008/06/07 12:55:54 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/03/22 22:12:46 | 000,000,038 | -H-- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\ucache.dat
[2007/11/25 19:40:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/11/08 12:53:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/08/28 10:46:54 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 06:41:15 | 000,005,033 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/05/24 07:30:30 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/21 12:36:14 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/07/09 21:46:12 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/09 21:45:51 | 000,005,643 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/07/09 12:46:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/09 12:32:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/28 19:11:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/28 19:07:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/28 19:03:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/28 18:57:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/01/28 18:56:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/01/28 18:23:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/01/28 18:23:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2004/12/15 18:24:59 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,303,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2008/06/07 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/09/25 06:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2006/06/20 16:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/04/10 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2009/10/11 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2011/04/24 16:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/07/09 22:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Aim
[2005/10/12 07:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Leadertech
[2006/12/08 14:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Snapfish
[2008/06/08 06:10:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\SyncToy.job

========== Purity Check ==========



========== Custom Scans ==========


< C:\WINDOWS\System32\drivers\*.dat >

< End of report >
  • 0

#14
BlackOxide
Posted 22 June 2011 - 11:57 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Your logs are now looking good. That stubborn file looks to have been fully removed now. Could you do another scan with MBAM, just to make sure that it is not reporting any threats now please.

How is your PC behaving now, any virus alerts, redirects etc?


Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply

  • 0

#15
MichelleL
Posted 22 June 2011 - 01:08 PM

MichelleL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything seems to be running well. I have come to the conclusion that you are a wizard. I appreciate your time. Here's the (hopefully) final log:

MBAM Log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6920

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/22/2011 1:30:40 PM
mbam-log-2011-06-22 (13-30-40).txt

Scan type: Quick scan
Objects scanned: 177565
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP