Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirects; MS Security Essentials won't run

Started by Harman , Jul 15 2011 08:29 PM

  • Please log in to reply

#1
Harman
Posted 15 July 2011 - 08:29 PM

Harman

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I've got a virus. I probably picked it up via Firefox from some horrible site--I have to visit a lot of sites, some of them horrible, for my job (search engine evaluation). It started as a fake virus scanner that took over Windows; I killed that. But I know there's still something left, because I'm getting the Google redirection problem and MS Security Essentials won't run (it pops up and then immediately dies). Also, some anti-malware programs refuse to finish their scans.

I've tried GooredFix and TDSSKiller. Both seemed to run successfully, and neither seemed to help. I ran Malwarebytes' Anti-Malware and SUPERAntiSpyware; each one found some problems and then hung up, along with much of the rest of Windows, forcing me into a hard reset. Through repeated running of Malwarebytes I was able to get it to clean most of the problems it found, but that didn't seem to affect my main problem. The problems SUPERAntiSpyware found were mostly just tracking cookies.

Any help?




OTL logfile created on: 7/15/2011 9:11:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Glammerphone Lowelli\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 69.17% Memory free
3.60 Gb Paging File | 3.17 Gb Available in Paging File | 88.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 21.89 Gb Free Space | 17.11% Space Free | Partition Type: NTFS
Drive E: | 6.42 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HUMBIS-I5WKUR5Q | User Name: Glammerphone Lowelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 21:11:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glammerphone Lowelli\My Documents\Downloads\OTL.exe
PRC - [2011/06/15 03:55:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 10:45:39 | 000,351,112 | ---- | M] (Cloanto Corporation) -- C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
PRC - [2010/09/21 13:33:02 | 004,867,952 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/09/21 13:33:02 | 002,953,072 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/09/21 13:33:02 | 001,152,368 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/09/21 13:33:02 | 000,414,576 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/05/21 12:56:04 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2010/05/21 12:55:40 | 000,561,263 | ---- | M] () -- C:\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
PRC - [2010/03/18 20:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 21:11:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glammerphone Lowelli\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/18 20:17:48 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MsMpSvc32)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/13 15:28:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/09/21 13:33:02 | 004,867,952 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/09/21 13:33:02 | 000,414,576 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/05/21 12:56:04 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 16:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/15 10:13:46 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/09/15 10:03:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/09/15 10:02:58 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/08/04 02:20:14 | 005,243,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/21 12:56:04 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2010/05/15 06:11:40 | 002,136,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/03/18 21:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 21:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 21:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 21:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 21:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 21:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 21:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 21:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 21:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 21:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/01/26 22:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2010/01/05 02:31:32 | 001,714,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/12/22 01:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/11/30 01:31:42 | 000,050,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 15:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/08 18:00:10 | 000,989,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 17:59:36 | 000,257,408 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/11/08 17:59:30 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Service for AC'97 Sample Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.update.mi...t.aspx?ln=en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 39 8A 55 92 35 14 AA 42 B7 68 01 64 10 9A 42 F9 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: qrptoolbar@leapforceathome:1.80
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {f035aa18-ee32-4e6e-81d2-57e32867f8a7}:1.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 10:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 10:50:24 | 000,000,000 | ---D | M]

[2009/01/13 15:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Extensions
[2011/07/15 20:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Firefox\Profiles\6hed0qtk.default\extensions
[2011/06/22 12:39:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Firefox\Profiles\6hed0qtk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/03 12:58:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Firefox\Profiles\6hed0qtk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/06/22 10:51:25 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Firefox\Profiles\6hed0qtk.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/06/22 10:51:24 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Firefox\Profiles\6hed0qtk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/06/22 10:51:24 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Firefox\Profiles\6hed0qtk.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
[2011/06/22 10:51:25 | 000,000,000 | ---D | M] (Close other tabs) -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Firefox\Profiles\6hed0qtk.default\extensions\[email protected]
[2011/07/14 09:51:16 | 000,000,000 | ---D | M] ("Leapforce - Search Engine Evaluator Toolbar") -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mozilla\Firefox\Profiles\6hed0qtk.default\extensions\qrptoolbar@leapforceathome
[2011/07/15 19:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/22 10:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/22 10:04:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/10 13:34:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/15 18:00:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/10/22 10:04:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/15 20:50:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {92558A39-1435-42AA-B768-0164109A42F9} - File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ATICustomerCare] c:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TWCU] C:\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Software Director Scheduler.lnk = C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1287778733389 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1287764441140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 97.64.183.164 97.64.209.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 03:08:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 20:53:29 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/15 20:53:29 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/07/15 20:52:57 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/07/15 20:50:23 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/15 20:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\GooredFix Backups
[2011/07/15 19:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\SUPERAntiSpyware.com
[2011/07/15 19:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/15 19:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/15 19:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/15 19:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\Cloanto
[2011/07/15 19:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cloanto
[2011/07/15 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/15 18:41:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/15 18:41:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/15 18:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Malwarebytes
[2011/07/15 18:37:13 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/15 18:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/15 18:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/15 18:37:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/15 18:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/15 18:30:56 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/15 18:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/07/05 11:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\always there is more
[2011/07/01 12:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\archaeology
[2011/06/17 10:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/17 10:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/22 13:27:31 | 011,159,064 | ---- | C] (Foxit Corporation) -- C:\Program Files\Foxit Reader.exe
[2010/10/21 23:53:50 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2010/03/18 20:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 19:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Glammerphone Lowelli\*.tmp files -> C:\Documents and Settings\Glammerphone Lowelli\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/15 21:12:15 | 000,492,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/15 21:12:14 | 000,083,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/15 21:08:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/15 21:08:05 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/15 21:07:58 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\tasks\rzljyyif.job
[2011/07/15 21:07:58 | 000,000,358 | -HS- | M] () -- C:\WINDOWS\tasks\QYTNDSDF.job
[2011/07/15 21:07:58 | 000,000,344 | -HS- | M] () -- C:\WINDOWS\tasks\Tlsrfvnph.job
[2011/07/15 21:07:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/15 21:07:53 | 1878,183,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 21:07:05 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/07/15 21:07:05 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/07/15 21:07:05 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/07/15 21:07:05 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/07/15 21:07:05 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/07/15 21:02:42 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1202660629-1708537768-1003UA.job
[2011/07/15 20:52:49 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/07/15 20:21:37 | 004,933,554 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF
[2011/07/15 20:21:37 | 004,933,554 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.BAK
[2011/07/15 20:17:11 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/15 19:28:35 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/15 18:43:34 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/15 18:31:02 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/15 17:27:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\{B79F5F73-DE9B-403F-8270-CB059250ADFD}
[2011/07/15 17:01:06 | 000,000,517 | ---- | M] () -- C:\WINDOWS\ovufisaw.dll
[2011/07/15 16:59:52 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/15 16:21:16 | 000,000,517 | -HS- | M] () -- C:\WINDOWS\System32\msdtcuiu32.dll
[2011/07/15 16:21:16 | 000,000,101 | ---- | M] () -- C:\WINDOWS\System32\1526447228
[2011/07/15 15:25:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/15 15:21:49 | 000,000,517 | ---- | M] () -- C:\WINDOWS\azizebuf.dll
[2011/07/15 15:14:56 | 000,000,517 | ---- | M] () -- C:\WINDOWS\isekesuha.dll
[2011/07/15 15:14:03 | 000,065,536 | RHS- | M] () -- C:\WINDOWS\System32\datimed.dll
[2011/07/15 07:59:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1202660629-1708537768-1003Core.job
[2011/07/13 12:08:04 | 000,080,372 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\well done!.PNG
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 13:07:57 | 000,028,899 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\00062769.0001.gif
[2011/07/02 17:07:09 | 001,586,494 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\horrors victorious.PNG
[2011/07/02 17:06:34 | 001,772,111 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\they just keep coming.PNG
[2011/07/02 17:06:03 | 001,617,927 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\c'teem casts bane fire.PNG
[2011/07/02 17:05:35 | 001,828,473 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\horror's revenge.PNG
[2011/07/02 17:04:07 | 001,579,322 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\death of a horror.PNG
[2011/06/30 17:31:32 | 005,717,370 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\moldcourse.pdf
[2011/06/30 17:31:04 | 001,184,232 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\MOLD GUIDE.pdf
[2011/06/23 09:51:11 | 000,522,669 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\the god of the void is dreaming.PNG
[2011/06/18 13:34:43 | 000,745,693 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\the modern internet.PNG
[2011/06/16 09:47:03 | 063,890,920 | ---- | M] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\Save.rar
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Glammerphone Lowelli\*.tmp files -> C:\Documents and Settings\Glammerphone Lowelli\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/15 20:52:49 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/07/15 19:28:35 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/15 19:02:26 | 1878,183,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/15 18:42:33 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/15 17:27:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\{B79F5F73-DE9B-403F-8270-CB059250ADFD}
[2011/07/15 17:01:06 | 000,000,517 | ---- | C] () -- C:\WINDOWS\ovufisaw.dll
[2011/07/15 16:21:16 | 000,000,517 | -HS- | C] () -- C:\WINDOWS\System32\msdtcuiu32.dll
[2011/07/15 15:21:49 | 000,000,517 | ---- | C] () -- C:\WINDOWS\azizebuf.dll
[2011/07/15 15:16:04 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\1526447228
[2011/07/15 15:14:56 | 000,000,517 | ---- | C] () -- C:\WINDOWS\isekesuha.dll
[2011/07/15 15:14:04 | 000,000,366 | -HS- | C] () -- C:\WINDOWS\tasks\rzljyyif.job
[2011/07/15 15:14:04 | 000,000,358 | -HS- | C] () -- C:\WINDOWS\tasks\QYTNDSDF.job
[2011/07/15 15:14:04 | 000,000,344 | -HS- | C] () -- C:\WINDOWS\tasks\Tlsrfvnph.job
[2011/07/15 15:14:03 | 000,065,536 | RHS- | C] () -- C:\WINDOWS\System32\datimed.dll
[2011/07/13 12:08:04 | 000,080,372 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\well done!.PNG
[2011/07/06 14:00:17 | 001,184,232 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\MOLD GUIDE.pdf
[2011/07/06 14:00:12 | 005,717,370 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\moldcourse.pdf
[2011/07/04 13:07:57 | 000,028,899 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\00062769.0001.gif
[2011/07/02 17:07:09 | 001,586,494 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\horrors victorious.PNG
[2011/07/02 17:06:34 | 001,772,111 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\they just keep coming.PNG
[2011/07/02 17:06:03 | 001,617,927 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\c'teem casts bane fire.PNG
[2011/07/02 17:05:34 | 001,828,473 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\horror's revenge.PNG
[2011/07/02 17:04:07 | 001,579,322 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\death of a horror.PNG
[2011/06/23 09:51:11 | 000,522,669 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\the god of the void is dreaming.PNG
[2011/06/18 13:35:39 | 000,745,693 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\the modern internet.PNG
[2011/06/16 09:44:48 | 063,890,920 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Desktop\Save.rar
[2010/11/12 15:13:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/11 16:11:49 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/10/22 16:13:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/22 15:58:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/10/22 14:46:03 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/10/22 14:45:54 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2010/10/22 14:45:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\wgapiloc.dll
[2010/10/22 13:32:27 | 000,095,744 | ---- | C] () -- C:\Program Files\metapad.exe
[2010/10/21 23:54:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2010/10/21 23:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/21 23:38:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/21 23:38:08 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/21 23:38:08 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/21 23:38:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/10/21 23:37:58 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/18 20:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 20:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 20:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 20:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 20:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 20:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 20:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 20:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 20:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 20:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 20:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 19:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 19:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 19:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/07/08 16:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/01/13 15:21:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/13 03:11:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 03:04:49 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/12 18:55:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/12 18:54:06 | 000,119,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/04 17:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 17:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/04 17:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 17:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/04 17:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 17:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 17:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/04 17:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/04 17:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 21:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,492,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,083,466 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/15 19:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloanto
[2010/10/22 14:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
[2009/01/13 01:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/24 19:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\.minecraft
[2010/10/22 09:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\acccore
[2010/10/22 09:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Ahoihoi
[2010/10/22 09:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Aim
[2011/03/26 12:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\CCS64
[2011/06/25 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\FileZilla
[2010/10/22 13:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Foxit Software
[2011/05/08 00:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\gtk-2.0
[2009/08/01 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\InfraRecorder
[2011/03/11 22:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Mount&Blade
[2010/10/22 19:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\OpenOffice.org
[2009/01/13 14:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Opera
[2011/01/07 21:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\SecondLife
[2010/10/22 12:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Subversion
[2010/10/30 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\Trillian
[2010/12/06 15:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\UDP Software
[2011/07/13 14:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glammerphone Lowelli\Application Data\uTorrent
[2011/07/15 21:07:58 | 000,000,358 | -HS- | M] () -- C:\WINDOWS\Tasks\QYTNDSDF.job
[2011/07/15 21:07:58 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\Tasks\rzljyyif.job
[2011/07/15 21:07:58 | 000,000,344 | -HS- | M] () -- C:\WINDOWS\Tasks\Tlsrfvnph.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 16 July 2011 - 01:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
2010/10/22 10:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/22 10:04:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/10 13:34:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O2 - BHO: (no name) - {92558A39-1435-42AA-B768-0164109A42F9} - File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
[2011/07/15 17:27:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glammerphone Lowelli\Local Settings\Application Data\{B79F5F73-DE9B-403F-8270-CB059250ADFD}
[2011/07/15 17:01:06 | 000,000,517 | ---- | C] () -- C:\WINDOWS\ovufisaw.dll
[2011/07/15 16:21:16 | 000,000,517 | -HS- | C] () -- C:\WINDOWS\System32\msdtcuiu32.dll
[2011/07/15 15:21:49 | 000,000,517 | ---- | C] () -- C:\WINDOWS\azizebuf.dll
[2011/07/15 15:16:04 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\1526447228
[2011/07/15 15:14:56 | 000,000,517 | ---- | C] () -- C:\WINDOWS\isekesuha.dll
[2011/07/15 15:14:04 | 000,000,366 | -HS- | C] () -- C:\WINDOWS\tasks\rzljyyif.job
[2011/07/15 15:14:04 | 000,000,358 | -HS- | C] () -- C:\WINDOWS\tasks\QYTNDSDF.job
[2011/07/15 15:14:04 | 000,000,344 | -HS- | C] () -- C:\WINDOWS\tasks\Tlsrfvnph.job
[2011/07/15 15:14:03 | 000,065,536 | RHS- | C] () -- C:\WINDOWS\System32\datimed.dll

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
   
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button (not the FIXMBR button) is enabled and tell me) click save log, save it to your desktop and post in your next reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP