Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus Removal Problems...please help!

Started by taradee , Jun 30 2011 09:18 PM

  • This topic is locked This topic is locked

#1
taradee
Posted 30 June 2011 - 09:18 PM

taradee

    New Member

  • Member
  • Pip
  • 9 posts
So I somehow acquired this wonderful redirect virus the other day. I followed everything in this forum http://www.geekstogo...ogle-redirects/ downloaded TDSSKiller but it won't open?? Not sure what else to do from here. I downloaded and ran OTL and here is the log.....



OTL logfile created on: 6/30/2011 9:07:41 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\tara\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.76% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 220.91 Gb Free Space | 94.86% Space Free | Partition Type: NTFS
Drive D: | 70.25 Gb Total Space | 69.55 Gb Free Space | 99.00% Space Free | Partition Type: NTFS

Computer Name: TARA-HOME | User Name: tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 21:07:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
PRC - [2011/06/30 07:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/28 20:24:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 16:00:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 14:31:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/15 13:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 21:07:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/28 20:24:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 16:00:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 20:24:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 20:24:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mytelus....rtal/index.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/06/30 20:11:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe (LITE-ON TECHNOLOGY CORP.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O16 - DPF: {0449A3DB-050C-4895-9236-D9B11778459B} http://content.dll1....nPrinterVig.cab (SmartCouponPrinter Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartph...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/14 22:39:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 21:07:06 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
[2011/06/30 20:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Desktop\tdsskiller
[2011/06/30 20:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Desktop\GooredFix Backups
[2011/06/30 20:21:01 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\tara\Desktop\GooredFix.exe
[2011/06/30 20:11:19 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/30 20:10:15 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTM.exe
[2011/06/30 20:09:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/30 16:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/30 16:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/29 10:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/29 10:04:48 | 006,556,992 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
[2011/06/28 19:13:28 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tara\Desktop\TDSSKiller.exe
[2011/06/24 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Uxonna
[2011/06/24 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Feicop
[2011/06/23 20:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/17 14:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/06/17 14:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/06/17 14:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/06/17 12:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\My Documents\OneNote Notebooks
[2011/06/17 03:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/11 11:01:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tara\Recent
[2011/06/11 10:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\SUPERAntiSpyware.com
[2011/06/11 10:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/11 09:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Malwarebytes
[2011/06/11 09:32:48 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/11 09:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 09:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/11 09:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/06/30 21:07:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
[2011/06/30 21:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/30 20:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/30 20:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 20:45:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/30 20:40:58 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/30 20:22:48 | 001,317,103 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\tdsskiller.zip
[2011/06/30 20:21:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\tara\Desktop\GooredFix.exe
[2011/06/30 20:18:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/30 20:11:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/30 20:10:22 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTM.exe
[2011/06/30 20:08:27 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\erunt.zip
[2011/06/30 18:04:44 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Shortcut to xp_exe_fix.reg.lnk
[2011/06/30 16:58:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 16:42:51 | 000,011,850 | -HS- | M] () -- C:\Documents and Settings\tara\Local Settings\Application Data\k5ihj1v20246mi
[2011/06/30 16:42:51 | 000,011,850 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\k5ihj1v20246mi
[2011/06/30 16:09:43 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\fix.reg
[2011/06/30 14:56:24 | 000,507,904 | ---- | M] () -- C:\Documents and Settings\tara\Local Settings\Application Data\gvc.dl_
[2011/06/30 08:47:38 | 000,000,279 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/29 10:06:25 | 006,556,992 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
[2011/06/29 06:05:26 | 000,405,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/29 06:05:26 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/28 23:44:50 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 20:24:34 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/28 20:24:34 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/28 19:13:28 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tara\Desktop\TDSSKiller.exe
[2011/06/26 17:43:55 | 000,099,188 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\Coupon_Fashion_Biore_EN.pdf
[2011/06/26 17:41:23 | 000,292,964 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\JohnsonsMoonWebCouponPDF.pdf
[2011/06/23 20:19:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/23 03:02:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 14:26:21 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/17 14:26:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/17 14:26:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/17 14:25:04 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/17 14:24:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/17 12:11:05 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\tara\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/17 08:07:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/15 17:22:47 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\AntiVir Desktop.lnk
[2011/06/15 17:22:08 | 000,000,246 | ---- | M] () -- C:\Security Center.lnk
[2011/06/15 17:21:27 | 000,000,281 | ---- | M] () -- C:\Shortcut to HD III (D).lnk
[2011/06/15 17:10:34 | 000,005,644 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\i69 ,4u8erj7u7u7 tyfrdggghjm hyu u.Theme
[2011/06/14 16:23:13 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Start AntiVir.lnk
[2011/06/11 09:32:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/06/30 20:22:48 | 001,317,103 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\tdsskiller.zip
[2011/06/30 20:08:24 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\erunt.zip
[2011/06/30 18:04:44 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Shortcut to xp_exe_fix.reg.lnk
[2011/06/30 16:58:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 16:00:12 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\fix.reg
[2011/06/30 14:56:29 | 000,011,850 | -HS- | C] () -- C:\Documents and Settings\tara\Local Settings\Application Data\k5ihj1v20246mi
[2011/06/30 14:56:29 | 000,011,850 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k5ihj1v20246mi
[2011/06/30 14:56:23 | 000,507,904 | ---- | C] () -- C:\Documents and Settings\tara\Local Settings\Application Data\gvc.dl_
[2011/06/30 08:47:38 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/29 10:08:20 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/26 17:43:55 | 000,099,188 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\Coupon_Fashion_Biore_EN.pdf
[2011/06/26 17:41:23 | 000,292,964 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\JohnsonsMoonWebCouponPDF.pdf
[2011/06/23 20:19:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/23 20:19:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/17 14:26:11 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/17 14:24:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/17 12:11:05 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\tara\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/17 03:00:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 17:22:47 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\AntiVir Desktop.lnk
[2011/06/15 17:22:08 | 000,000,246 | ---- | C] () -- C:\Security Center.lnk
[2011/06/15 17:21:27 | 000,000,281 | ---- | C] () -- C:\Shortcut to HD III (D).lnk
[2011/06/15 17:10:34 | 000,005,644 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\i69 ,4u8erj7u7u7 tyfrdggghjm hyu u.Theme
[2011/06/14 16:23:13 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Start AntiVir.lnk
[2011/06/11 11:07:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Adobe Reader 8.lnk
[2011/06/11 11:06:21 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\HP Solution Center.lnk
[2011/06/11 09:32:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 16:01:32 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21094180r
[2011/05/26 16:01:31 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21094180
[2011/05/26 16:01:28 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\21094180
[2010/11/02 08:17:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 14:05:14 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\tara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 14:07:30 | 000,135,150 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/09/16 07:46:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/15 10:07:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/09/15 10:07:21 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/09/14 22:42:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/14 22:34:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/14 16:12:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/14 16:09:32 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,405,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,054,472 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/03/08 04:43:03 | 000,010,335 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2007/02/27 20:19:55 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat

========== LOP Check ==========

[2011/06/10 22:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/01/18 20:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigiCont
[2011/02/19 09:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2011/06/29 11:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/27 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS media player
[2011/04/02 15:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/03 17:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2011/06/29 09:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Feicop
[2011/06/11 11:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\FrostWire
[2010/12/28 22:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\GARMIN
[2010/11/07 21:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Image Zone Express
[2011/04/02 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\MysteryStudio
[2010/11/02 08:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Pogo Games
[2010/10/03 17:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Printer Info Cache
[2011/06/11 11:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\TELUS media player
[2011/06/29 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Uxonna
[2011/06/30 21:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4149A170

< End of report >
  • 0

Advertisements

#2
ali.B
Posted 01 July 2011 - 03:16 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :)

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/06/30 14:56:24 | 000,507,904 | ---- | M] () -- C:\Documents and Settings\tara\Local Settings\Application Data\gvc.dl_
[2011/06/15 17:10:34 | 000,005,644 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\i69 ,4u8erj7u7u7 tyfrdggghjm hyu u.Theme
[2011/06/30 14:56:29 | 000,011,850 | -HS- | C] () -- C:\Documents and Settings\tara\Local Settings\Application Data\k5ihj1v20246mi
[2011/06/30 14:56:29 | 000,011,850 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k5ihj1v20246mi
[2011/05/26 16:01:32 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21094180r
[2011/05/26 16:01:31 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21094180
[2011/05/26 16:01:28 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\21094180

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Things I would like to see in your reply:
  • OTL Log
  • aswMBR Log

  • 0

#3
taradee
Posted 01 July 2011 - 07:55 PM

taradee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the quick reply! Here's the OTL log

OTL logfile created on: 7/1/2011 7:38:00 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\tara\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.03% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 220.93 Gb Free Space | 94.87% Space Free | Partition Type: NTFS
Drive D: | 70.25 Gb Total Space | 69.55 Gb Free Space | 99.00% Space Free | Partition Type: NTFS

Computer Name: TARA-HOME | User Name: tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 21:07:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
PRC - [2011/06/30 07:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/28 20:24:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 16:00:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 14:31:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/05 15:22:28 | 000,262,144 | ---- | M] (LITE-ON TECHNOLOGY CORP.) -- C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe
PRC - [2005/11/15 13:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 21:07:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/28 20:24:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 16:00:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 20:24:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 20:24:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mytelus....rtal/index.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/07/01 19:28:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe (LITE-ON TECHNOLOGY CORP.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O16 - DPF: {0449A3DB-050C-4895-9236-D9B11778459B} http://content.dll1....nPrinterVig.cab (SmartCouponPrinter Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartph...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/14 22:39:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 19:28:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/30 21:07:06 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
[2011/06/30 20:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Desktop\tdsskiller
[2011/06/30 20:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Desktop\GooredFix Backups
[2011/06/30 20:21:01 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\tara\Desktop\GooredFix.exe
[2011/06/30 20:11:19 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/30 20:10:15 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTM.exe
[2011/06/30 20:09:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/30 16:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/30 16:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/29 10:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/29 10:04:48 | 006,556,992 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
[2011/06/28 19:13:28 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tara\Desktop\TDSSKiller.exe
[2011/06/24 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Uxonna
[2011/06/24 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Feicop
[2011/06/23 20:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/17 14:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/06/17 14:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/06/17 14:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/06/17 12:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\My Documents\OneNote Notebooks
[2011/06/17 03:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/11 11:01:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tara\Recent
[2011/06/11 10:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\SUPERAntiSpyware.com
[2011/06/11 10:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/11 09:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Malwarebytes
[2011/06/11 09:32:48 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/11 09:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 09:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/11 09:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/07/01 19:31:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/01 19:28:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/01 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/01 18:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 18:40:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/30 21:07:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
[2011/06/30 20:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 20:40:58 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/30 20:22:48 | 001,317,103 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\tdsskiller.zip
[2011/06/30 20:21:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\tara\Desktop\GooredFix.exe
[2011/06/30 20:10:22 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTM.exe
[2011/06/30 20:08:27 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\erunt.zip
[2011/06/30 18:04:44 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Shortcut to xp_exe_fix.reg.lnk
[2011/06/30 16:58:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 16:09:43 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\fix.reg
[2011/06/30 08:47:38 | 000,000,279 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/29 10:06:25 | 006,556,992 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
[2011/06/29 06:05:26 | 000,405,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/29 06:05:26 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/28 23:44:50 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 20:24:34 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/28 20:24:34 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/28 19:13:28 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tara\Desktop\TDSSKiller.exe
[2011/06/26 17:43:55 | 000,099,188 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\Coupon_Fashion_Biore_EN.pdf
[2011/06/26 17:41:23 | 000,292,964 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\JohnsonsMoonWebCouponPDF.pdf
[2011/06/23 20:19:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/23 03:02:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 14:26:21 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/17 14:26:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/17 14:26:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/17 14:25:04 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/17 14:24:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/17 12:11:05 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\tara\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/17 08:07:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/15 17:22:47 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\AntiVir Desktop.lnk
[2011/06/15 17:22:08 | 000,000,246 | ---- | M] () -- C:\Security Center.lnk
[2011/06/15 17:21:27 | 000,000,281 | ---- | M] () -- C:\Shortcut to HD III (D).lnk
[2011/06/14 16:23:13 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Start AntiVir.lnk
[2011/06/11 09:32:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/06/30 20:22:48 | 001,317,103 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\tdsskiller.zip
[2011/06/30 20:08:24 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\erunt.zip
[2011/06/30 18:04:44 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Shortcut to xp_exe_fix.reg.lnk
[2011/06/30 16:58:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 16:00:12 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\fix.reg
[2011/06/30 08:47:38 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/29 10:08:20 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/26 17:43:55 | 000,099,188 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\Coupon_Fashion_Biore_EN.pdf
[2011/06/26 17:41:23 | 000,292,964 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\JohnsonsMoonWebCouponPDF.pdf
[2011/06/23 20:19:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/23 20:19:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/17 14:26:11 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/17 14:24:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/17 12:11:05 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\tara\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/17 03:00:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 17:22:47 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\AntiVir Desktop.lnk
[2011/06/15 17:22:08 | 000,000,246 | ---- | C] () -- C:\Security Center.lnk
[2011/06/15 17:21:27 | 000,000,281 | ---- | C] () -- C:\Shortcut to HD III (D).lnk
[2011/06/14 16:23:13 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Start AntiVir.lnk
[2011/06/11 11:07:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Adobe Reader 8.lnk
[2011/06/11 11:06:21 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\HP Solution Center.lnk
[2011/06/11 09:32:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 08:17:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 14:05:14 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\tara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 14:07:30 | 000,135,150 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/09/16 07:46:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/15 10:07:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/09/15 10:07:21 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/09/14 22:42:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/14 22:34:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/14 16:12:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/14 16:09:32 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,405,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,054,472 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/03/08 04:43:03 | 000,010,335 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2007/02/27 20:19:55 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat

========== LOP Check ==========

[2011/06/10 22:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/01/18 20:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigiCont
[2011/02/19 09:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2011/06/29 11:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/27 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS media player
[2011/04/02 15:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/03 17:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2011/06/29 09:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Feicop
[2011/06/11 11:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\FrostWire
[2010/12/28 22:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\GARMIN
[2010/11/07 21:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Image Zone Express
[2011/04/02 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\MysteryStudio
[2010/11/02 08:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Pogo Games
[2010/10/03 17:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Printer Info Cache
[2011/06/11 11:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\TELUS media player
[2011/06/29 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Uxonna
[2011/07/01 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4149A170

< End of report >
  • 0

#4
taradee
Posted 01 July 2011 - 08:01 PM

taradee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Downloaded aswMBR.exe and double clicked on it then a message popped up saying "This application can use the Avast! Free Antivirus for scanning. Would you like to download it now?" Should I download it or just go ahead with the scan?
  • 0

#5
ali.B
Posted 02 July 2011 - 03:25 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
no need to download it, just go with the scan
  • 0

#6
taradee
Posted 02 July 2011 - 06:59 AM

taradee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
aswMBR log

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-02 06:56:12
-----------------------------
06:56:12.859 OS Version: Windows 5.1.2600 Service Pack 3
06:56:12.859 Number of processors: 1 586 0x4F02
06:56:12.859 ComputerName: TARA-HOME UserName: tara
06:56:15.000 Initialize success
06:56:38.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
06:56:38.343 Disk 0 Vendor: WDC_WD2500AAKS-00SBA0 12.01B01 Size: 238475MB BusType: 3
06:56:38.343 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
06:56:38.359 Disk 1 Vendor: WDC_WD800JD-08MSA1 10.01E01 Size: 76324MB BusType: 3
06:56:38.390 Disk 0 MBR read successfully
06:56:38.390 Disk 0 MBR scan
06:56:38.406 Disk 0 Windows XP default MBR code
06:56:38.421 Disk 0 scanning sectors +488376000
06:56:38.500 Disk 0 scanning C:\WINDOWS\system32\drivers
06:56:42.000 Service scanning
06:56:42.796 Disk 0 trace - called modules:
06:56:42.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89de21ed]<<
06:56:42.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db7ab8]
06:56:42.828 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x89e07f18]
06:56:48.062 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\0000005f[0x89d7f030]
06:56:48.343 \Driver\nvata[0x89db9a08] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x89de21ed
06:56:48.640 Scan finished successfully
06:56:58.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\tara\Desktop\MBR.dat"
06:56:58.796 The log file has been saved successfully to "C:\Documents and Settings\tara\Desktop\aswMBR.txt"
  • 0

#7
ali.B
Posted 02 July 2011 - 12:31 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#8
taradee
Posted 02 July 2011 - 04:28 PM

taradee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I downloaded TDSSKiller but it won't open. I double-click on the icon on my desktop and nothing happens.
  • 0

#9
ali.B
Posted 02 July 2011 - 05:16 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#10
taradee
Posted 03 July 2011 - 07:46 AM

taradee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Combofix log

ComboFix 11-07-02.02 - tara 07/02/2011 22:58:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1638 [GMT -6:00]
Running from: c:\documents and settings\tara\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-02 01:28 . 2011-07-02 01:28 -------- d-----w- C:\_OTL
2011-07-01 02:11 . 2011-07-01 02:11 -------- d-----w- C:\_OTM
2011-06-30 22:58 . 2011-06-30 22:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-30 15:36 . 2011-06-30 15:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-29 16:08 . 2011-07-01 02:40 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-29 16:04 . 2011-06-29 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-06-29 16:04 . 2011-06-29 16:06 6556992 ----a-w- c:\program files\HitmanPro35.exe
2011-06-24 18:56 . 2011-06-29 17:17 -------- d-----w- c:\documents and settings\tara\Application Data\Uxonna
2011-06-24 18:56 . 2011-06-29 15:44 -------- d-----w- c:\documents and settings\tara\Application Data\Feicop
2011-06-17 20:26 . 2011-06-17 20:26 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-17 20:23 . 2011-07-01 01:01 -------- d-----w- c:\windows\system32\LogFiles
2011-06-17 20:23 . 2011-06-17 20:24 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-17 09:02 . 2011-06-17 09:24 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-11 16:30 . 2011-06-11 16:30 -------- d-----w- c:\documents and settings\tara\Application Data\SUPERAntiSpyware.com
2011-06-11 16:30 . 2011-06-11 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-11 15:32 . 2011-06-11 15:32 -------- d-----w- c:\documents and settings\tara\Application Data\Malwarebytes
2011-06-11 15:32 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 15:32 . 2011-06-11 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-11 15:32 . 2011-06-11 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 02:24 . 2010-09-15 18:04 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-29 02:24 . 2010-09-15 18:04 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-22 00:37 . 2011-05-22 00:37 398760 ----a-r- c:\windows\cpnprt2.cid
2011-05-22 00:37 . 2011-05-22 00:37 398760 ------w- c:\windows\system32\cpnprt2.cid
2011-05-02 15:31 . 2010-09-15 04:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 01:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-05 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2006-12-05 262144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\tara\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HitmanPro35.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/15/2010 12:04 PM 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2011 5:35 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2011 5:35 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/11/2011 9:32 AM 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 23:35]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 23:35]
.
2011-07-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-02 01:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mytelus.com/telusen/portal/index.aspx
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0449A3DB-050C-4895-9236-D9B11778459B} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinterVig.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-02 23:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(484)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-07-02 23:03:27
ComboFix-quarantined-files.txt 2011-07-03 05:03
.
Pre-Run: 237,115,637,760 bytes free
Post-Run: 237,081,264,128 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 56172A2ACB31FFBCB27E8D757BD4EF2D
  • 0

Advertisements

#11
ali.B
Posted 03 July 2011 - 11:56 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#12
taradee
Posted 03 July 2011 - 08:02 PM

taradee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the MBAM log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7014

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/3/2011 7:06:14 PM
mbam-log-2011-07-03 (19-06-14).txt

Scan type: Quick scan
Objects scanned: 158627
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I can't get the ESET scanner to download though.

The computer seems to be running fine. No redirects as of yet.
  • 0

#13
ali.B
Posted 04 July 2011 - 03:53 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#14
taradee
Posted 04 July 2011 - 09:33 AM

taradee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 7/4/2011 9:29:46 AM - Run 3
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\tara\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.59% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 220.60 Gb Free Space | 94.73% Space Free | Partition Type: NTFS
Drive D: | 70.25 Gb Total Space | 69.55 Gb Free Space | 99.00% Space Free | Partition Type: NTFS

Computer Name: TARA-HOME | User Name: tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/04 09:29:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
PRC - [2011/06/28 20:24:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 16:00:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 14:31:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/05 15:22:28 | 000,262,144 | ---- | M] (LITE-ON TECHNOLOGY CORP.) -- C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe
PRC - [2005/11/15 13:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


========== Modules (SafeList) ==========

MOD - [2011/07/04 09:29:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/28 20:24:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 16:00:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/06/28 20:24:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 20:24:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mytelus....rtal/index.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/07/01 19:28:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe (LITE-ON TECHNOLOGY CORP.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O16 - DPF: {0449A3DB-050C-4895-9236-D9B11778459B} http://content.dll1....nPrinterVig.cab (SmartCouponPrinter Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartph...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/14 22:39:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 09:29:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
[2011/07/03 23:21:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 19:03:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/03 19:02:16 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tara\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/02 22:56:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/02 22:42:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/02 22:42:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/02 22:42:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/02 22:42:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/02 20:16:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/02 20:16:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tara\My Documents\My Videos
[2011/07/02 20:16:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/07/02 20:16:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tara\Start Menu\Programs\Administrative Tools
[2011/07/02 20:09:48 | 004,130,503 | R--- | C] (Swearware) -- C:\Documents and Settings\tara\Desktop\ComboFix.exe
[2011/07/01 19:56:47 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\tara\Desktop\aswMBR.exe
[2011/07/01 19:28:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/30 20:11:19 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/30 20:09:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/30 16:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/30 16:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/29 10:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/29 10:04:48 | 006,556,992 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
[2011/06/24 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Uxonna
[2011/06/24 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Feicop
[2011/06/23 20:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/17 14:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/06/17 14:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/06/17 14:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/06/17 12:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\My Documents\OneNote Notebooks
[2011/06/17 03:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/11 11:01:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tara\Recent
[2011/06/11 10:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\SUPERAntiSpyware.com
[2011/06/11 10:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/11 09:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tara\Application Data\Malwarebytes
[2011/06/11 09:32:48 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/11 09:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 09:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/11 09:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/07/04 09:29:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tara\Desktop\OTL.exe
[2011/07/04 09:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/04 08:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 00:09:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/03 20:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/03 19:03:07 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/03 19:03:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/03 19:02:16 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tara\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/02 22:56:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/02 22:37:01 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/02 22:36:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/02 20:09:48 | 004,130,503 | R--- | M] (Swearware) -- C:\Documents and Settings\tara\Desktop\ComboFix.exe
[2011/07/01 19:56:45 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\tara\Desktop\aswMBR.exe
[2011/07/01 19:28:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/30 20:40:58 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/30 16:58:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 08:47:38 | 000,000,279 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/29 10:06:25 | 006,556,992 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro35.exe
[2011/06/29 06:05:26 | 000,405,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/29 06:05:26 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/28 20:24:34 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/28 20:24:34 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/26 17:43:55 | 000,099,188 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\Coupon_Fashion_Biore_EN.pdf
[2011/06/26 17:41:23 | 000,292,964 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\JohnsonsMoonWebCouponPDF.pdf
[2011/06/26 00:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 20:19:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/23 03:02:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 14:26:21 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/17 14:26:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/17 14:26:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/17 14:25:04 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/17 14:24:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/17 12:11:05 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\tara\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/17 08:07:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/15 17:22:47 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\tara\My Documents\AntiVir Desktop.lnk
[2011/06/15 17:22:08 | 000,000,246 | ---- | M] () -- C:\Security Center.lnk
[2011/06/15 17:21:27 | 000,000,281 | ---- | M] () -- C:\Shortcut to HD III (D).lnk
[2011/06/14 16:23:13 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\tara\Desktop\Start AntiVir.lnk

========== Files Created - No Company Name ==========

[2011/07/03 19:03:07 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/02 22:56:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/02 22:56:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/02 22:42:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/02 22:42:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/02 22:42:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/02 22:42:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/02 22:42:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 16:58:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 08:47:38 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/29 10:08:20 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/26 17:43:55 | 000,099,188 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\Coupon_Fashion_Biore_EN.pdf
[2011/06/26 17:41:23 | 000,292,964 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\JohnsonsMoonWebCouponPDF.pdf
[2011/06/23 20:19:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/23 20:19:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/17 14:26:11 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/17 14:24:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/17 12:11:05 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\tara\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/17 03:00:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 17:22:47 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\tara\My Documents\AntiVir Desktop.lnk
[2011/06/15 17:22:08 | 000,000,246 | ---- | C] () -- C:\Security Center.lnk
[2011/06/15 17:21:27 | 000,000,281 | ---- | C] () -- C:\Shortcut to HD III (D).lnk
[2011/06/14 16:23:13 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Start AntiVir.lnk
[2011/06/11 11:07:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\Adobe Reader 8.lnk
[2011/06/11 11:06:21 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\tara\Desktop\HP Solution Center.lnk
[2011/06/11 09:32:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 08:17:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 14:05:14 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\tara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 14:07:30 | 000,135,150 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/09/16 07:46:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/15 10:07:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/09/15 10:07:21 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/09/14 22:42:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/14 22:34:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/14 16:12:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/14 16:09:32 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,405,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,054,472 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/03/08 04:43:03 | 000,010,335 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2007/02/27 20:19:55 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat

========== LOP Check ==========

[2011/06/10 22:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/01/18 20:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigiCont
[2011/02/19 09:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2011/06/29 11:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/27 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS media player
[2011/04/02 15:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/03 17:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2011/06/29 09:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Feicop
[2011/06/11 11:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\FrostWire
[2010/12/28 22:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\GARMIN
[2010/11/07 21:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Image Zone Express
[2011/04/02 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\MysteryStudio
[2010/11/02 08:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Pogo Games
[2010/10/03 17:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Printer Info Cache
[2011/06/11 11:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\TELUS media player
[2011/06/29 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tara\Application Data\Uxonna
[2011/07/04 09:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4149A170

< End of report >
  • 0

#15
ali.B
Posted 04 July 2011 - 12:59 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Thank you :unsure:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP