Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan.dnschanger-codec

Started by mullac , Jul 20 2011 02:37 AM

  • Please log in to reply

#1
mullac
Posted 20 July 2011 - 02:37 AM

mullac

    Member

  • Member
  • PipPip
  • 23 posts
hello,apoligies for being a pest,have a similar problem as john12345,been trying to solve this allday! have done numerous scans but to no avail.windows malicous malware tool, atf cleaner,malware bytes,currently running superantispyware which has picked up the above.
problem began when we couldn't open any browsers firefox,chrome, and even spybot to see if we had a problem.can open micosoft office for email. read a post with similar bug, but operating system was vista.we have win xp media edtion 2002 service pack 3,the pc is a dell dimension 9150, unsure if i can use the same process of eliminating the problem as advised in a previous post,is it possible to have some help please. :)
  • 0

Advertisements

#2
RKinner
Posted 20 July 2011 - 09:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Here is my generic list of things to try when you can't get on line. The two sections in bold or the most likely to fix your problem. If you get it to work then:
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart and test. If still no good:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box: 


ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset reset.log
(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test.

Ron
  • 0

#3
mullac
Posted 20 July 2011 - 02:31 PM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Ron here's the logs.,i'm running win xp,couldn't do as administrator just ran it !

OTL logfile created on: 20/07/2011 21:05:40 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\The Fraser Household\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.09 Mb Total Physical Memory | 532.39 Mb Available Physical Memory | 52.09% Memory free
2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.40% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 169.95 Gb Total Space | 40.00 Gb Free Space | 23.54% Space Free | Partition Type: NTFS
Drive D: | 58.19 Gb Total Space | 56.40 Gb Free Space | 96.93% Space Free | Partition Type: NTFS

Computer Name: FRAZZLEHOUSE | User Name: The Fraser Household | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 20:34:56 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\The Fraser Household\Local Settings\Temp\clclean.0001
PRC - [2011/07/20 11:59:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Fraser Household\Desktop\OTL.exe
PRC - [2011/07/20 11:45:44 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/30 14:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/05/30 14:21:04 | 029,290,496 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\wirelesscm.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/25 12:30:29 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2005/09/15 10:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 11:59:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Fraser Household\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IAANTMon) Intel®
SRV - File not found [Auto | Stopped] -- -- (ACS)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/06/02 10:10:08 | 000,809,842 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/16 16:52:18 | 000,356,434 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe -- (jswpsapi)
SRV - [2006/07/25 12:30:29 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005/12/12 09:52:32 | 000,352,743 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 22:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/01 19:42:06 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2009/12/14 10:21:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/03/19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/17 13:25:46 | 001,331,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/12/13 21:31:02 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/08/28 22:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007/03/13 12:35:56 | 000,476,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2005/12/12 09:52:34 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/12/12 09:52:34 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/12/12 09:52:34 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/12/12 09:52:34 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/12/12 09:52:32 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/11 17:34:16 | 000,353,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2005/09/22 11:19:54 | 000,148,608 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/03 21:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/06 14:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/25 15:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/25 09:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/01/10 17:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/10 17:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2004/12/22 18:58:00 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFModNT.sys -- (PfModNT)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.virginmedia.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009/05/17 18:52:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/05/17 18:52:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/26 22:13:26 | 000,000,000 | ---D | M]

[2009/05/12 18:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Extensions
[2009/05/12 18:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Extensions\[email protected]
[2011/07/25 20:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Firefox\Profiles\uudmpnuv.default\extensions
[2010/05/25 19:34:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Firefox\Profiles\uudmpnuv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/25 20:52:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Firefox\Profiles\uudmpnuv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/25 20:52:58 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Firefox\Profiles\uudmpnuv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/06/15 20:44:41 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Firefox\Profiles\uudmpnuv.default\extensions\[email protected]
[2009/05/10 16:15:25 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Firefox\Profiles\uudmpnuv.default\searchplugins\ask.xml
File not found (No name found) --
[2009/07/27 09:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/05 10:58:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/06/15 21:50:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 22:01:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/04 19:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/12 08:09:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/07/18 23:24:21 | 000,434,916 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14993 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A33FA729-D155-4B23-842B-2C665ECABDB6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DriverFinder] File not found
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\wirelesscm.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn...k.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.micr...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202000i/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202000i/InstFred.ocx (InstaFred Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202000i/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\xdfobdmy\gjxmnecc.exe) - C:\Program Files\xdfobdmy\gjxmnecc.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\The Fraser Household\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Fraser Household\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/04 22:51:30 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/25 17:48:44 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\Shell - "" = Autorun
O33 - MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-4-2-59-100026363-100014375-100002235-1249.com k:\
O33 - MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\Shell\Open\command - "" = RECYCLER\S-4-2-59-100026363-100014375-100002235-1249.com k:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 21:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\xdfobdmy
[2011/07/30 08:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/30 08:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/30 08:45:31 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/07/25 19:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WebM Project
[2011/07/25 19:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Fraser Household\Application Data\Immunet
[2011/07/25 19:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet
[2011/07/25 19:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps
[2011/07/25 11:14:27 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/07/20 20:41:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Fraser Household\Desktop\OTL.exe
[2011/07/20 14:06:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/20 14:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/20 11:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/07/20 11:45:53 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/07/20 11:45:45 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/07/20 11:45:45 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/07/20 11:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/07/20 11:21:10 | 000,589,680 | ---- | C] (Google Inc.) -- C:\Documents and Settings\The Fraser Household\My Documents\ChromeSetup.exe
[2011/07/20 11:05:59 | 013,685,936 | ---- | C] (Mozilla) -- C:\Documents and Settings\The Fraser Household\My Documents\Firefox Setup 5.0.1.exe
[2011/07/19 23:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Fraser Household\Desktop\New Folder
[2011/07/19 20:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Fraser Household\Application Data\SUPERAntiSpyware.com
[2011/07/19 20:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/19 20:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/19 20:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/19 12:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/07/19 12:00:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/07/18 23:08:35 | 000,000,000 | ---D | C] -- C:\Software
[2011/07/18 23:07:48 | 003,796,065 | ---- | C] (Safer Networking Ltd. ) -- C:\Documents and Settings\All Users\Application Data\sbsdwin95req.exe
[2011/07/18 23:04:36 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\The Fraser Household\My Documents\bugbuster.exe
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 21:47:22 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/07/30 08:54:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/30 08:52:17 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/25 23:02:04 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 19:18:26 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2011/07/25 19:18:26 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2011/07/25 19:18:26 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2011/07/25 17:14:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/07/20 20:39:42 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/07/20 20:35:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/20 20:34:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/20 20:34:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/20 20:34:26 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 20:34:26 | 000,402,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/20 20:23:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/20 20:22:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/20 14:09:49 | 000,496,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/20 14:09:49 | 000,095,300 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/20 14:06:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/20 14:03:05 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to mseinstall.lnk
[2011/07/20 14:02:53 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to OTL.lnk
[2011/07/20 14:02:34 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to OnlineArmorSetup.lnk
[2011/07/20 14:02:25 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to mbam-setup.lnk
[2011/07/20 11:59:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Fraser Household\Desktop\OTL.exe
[2011/07/20 11:45:53 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/07/20 11:45:45 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/07/20 11:45:45 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/07/20 11:45:45 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/07/20 11:21:19 | 000,589,680 | ---- | M] (Google Inc.) -- C:\Documents and Settings\The Fraser Household\My Documents\ChromeSetup.exe
[2011/07/20 11:06:43 | 013,685,936 | ---- | M] (Mozilla) -- C:\Documents and Settings\The Fraser Household\My Documents\Firefox Setup 5.0.1.exe
[2011/07/19 20:56:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/19 20:55:56 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to SUPERAntiSpyware.lnk
[2011/07/19 20:36:41 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F3E9AD35-73EA-4671-A7C6-1741985FCEA3}.job
[2011/07/19 19:54:51 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/19 16:14:55 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to ATF-Cleaner.lnk
[2011/07/19 12:25:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/19 11:57:47 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to windows-kb890830-v3.21.lnk
[2011/07/18 23:24:21 | 000,434,916 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/18 23:08:01 | 003,796,065 | ---- | M] (Safer Networking Ltd. ) -- C:\Documents and Settings\All Users\Application Data\sbsdwin95req.exe
[2011/07/18 22:51:16 | 000,168,826 | ---- | M] () -- C:\WINDOWS\Explorermgr.exe
[2011/07/18 22:50:53 | 1071,841,280 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/07/17 11:56:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 21:47:22 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/07/30 08:54:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/30 08:54:42 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/30 08:52:17 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/30 08:39:17 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/30 08:39:17 | 000,002,397 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/30 08:39:17 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/07/25 19:58:17 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 19:18:26 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2011/07/25 19:18:26 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2011/07/25 19:18:26 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2011/07/20 14:06:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/20 14:03:05 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to mseinstall.lnk
[2011/07/20 14:02:53 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to OTL.lnk
[2011/07/20 14:02:34 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to OnlineArmorSetup.lnk
[2011/07/20 14:02:25 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to mbam-setup.lnk
[2011/07/19 20:56:46 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/19 20:55:56 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to SUPERAntiSpyware.lnk
[2011/07/19 16:14:55 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to ATF-Cleaner.lnk
[2011/07/19 12:25:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/19 11:57:47 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Desktop\Shortcut to windows-kb890830-v3.21.lnk
[2011/07/18 22:51:16 | 000,168,826 | ---- | C] () -- C:\WINDOWS\Explorermgr.exe
[2011/05/31 13:51:39 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092r
[2011/05/31 13:51:38 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092
[2011/05/31 13:51:29 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293092
[2011/05/21 10:59:40 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Local Settings\Application Data\fusioncache.dat
[2010/09/30 17:34:23 | 000,000,604 | ---- | C] () -- C:\Program Files\STST Notifier
[2010/09/04 20:51:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/03 09:24:49 | 000,000,085 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Application Data\RSBot Accounts.ini
[2010/04/15 12:06:21 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/05 20:14:37 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/03/05 20:14:37 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/03/05 20:14:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Application Data\$_hpcst$.hpc
[2009/12/24 21:06:17 | 000,000,333 | ---- | C] () -- C:\WINDOWS\Silvercrest PH 1012B.ini
[2009/11/03 12:39:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/17 12:53:52 | 000,000,622 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/08 13:44:01 | 000,089,072 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/12/28 12:15:20 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\The Fraser Household\Application Data\dvd.bmk
[2008/04/21 17:33:28 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\429E889E7B.sys
[2008/04/04 17:55:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008/02/10 15:05:06 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/10 15:05:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/07 14:20:16 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/29 22:22:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/01/29 22:22:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/01/29 22:22:26 | 000,000,486 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/29 22:21:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2008/01/29 18:34:59 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/01/29 17:44:23 | 000,000,347 | -H-- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/01/29 17:44:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/01/29 17:34:19 | 000,006,008 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/29 17:34:19 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\09F2456FD7.sys
[2008/01/29 16:06:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/07/25 12:51:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/25 12:41:25 | 000,000,682 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/25 12:38:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/25 12:37:39 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/25 12:35:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/25 12:30:53 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/07/25 12:05:19 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2006/07/25 12:05:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/07/25 12:04:58 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/07/25 12:04:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2006/07/25 12:04:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/07/25 12:04:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/07/25 12:04:11 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/07/25 12:02:33 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,402,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:33 | 000,496,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,095,300 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/03/22 23:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 23:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 05:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/13 15:32:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SETLANG.EXE
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/06 18:03:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\brss01a.exe:SummaryInformation
@Alternate Data Stream - 388141 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 1500 bytes -> C:\WINDOWS\Help:help
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Attached Files


  • 0

#4
RKinner
Posted 20 July 2011 - 02:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Please copy and paste your logs. Do not attach.

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:Services
Micorsoft Windows Service

:OTL
DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
[2009/05/10 16:15:25 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Firefox\Profiles\uudmpnuv.default\searchplugins\ask.xml
File not found (No name found) --
[2009/07/27 09:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/05 10:58:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/06/15 21:50:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 22:01:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/04 19:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/12 08:09:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A33FA729-D155-4B23-842B-2C665ECABDB6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [DriverFinder] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O20 - HKLM Winlogon: UserInit - (C:\Program Files\xdfobdmy\gjxmnecc.exe) - C:\Program Files\xdfobdmy\gjxmnecc.exe File not found
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\Shell - "" = Autorun
O33 - MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-4-2-59-100026363-100014375-100002235-1249.com k:\
O33 - MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\Shell\Open\command - "" = RECYCLER\S-4-2-59-100026363-100014375-100002235-1249.com k:\
[2011/07/18 23:07:48 | 003,796,065 | ---- | C] (Safer Networking Ltd. ) -- C:\Documents and Settings\All Users\Application Data\sbsdwin95req.exe
[2011/07/18 23:04:36 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\The Fraser Household\My Documents\bugbuster.exe
[2011/07/18 22:51:16 | 000,168,826 | ---- | C] () -- C:\WINDOWS\Explorermgr.exe
[2011/05/31 13:51:39 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092r
[2011/05/31 13:51:38 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092
[2011/05/31 13:51:29 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293092

:files
C:\Program Files\xdfobdmy
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

   
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#5
mullac
Posted 20 July 2011 - 03:10 PM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ron,i have internet,can only open microsoft office for emails in which i'm getting.when i try to open internet explorer and safari it opens up briefly to quick to get to options!i tried the command prompt only the first two were reconised.do you still require me to do the last two operations? mullac
  • 0

#6
mullac
Posted 20 July 2011 - 04:17 PM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Ron i'm having difficulty in copying and pasting,the information in that box. i'm using my netbook and transfering all info to my desktop. i can copy but cannot paste to my removable memory stick? any advice please? mullac
  • 0

#7
RKinner
Posted 20 July 2011 - 04:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text from this site then open notepad. (Start, Run, notepad, OK ) Paste the text in (Edit, Paste or Ctrl + v). Save the file (call it junk) to your USB stick. Move stick to sick PC. Open junk, copy text, open OTL, paste. Alternatively since you have email, just paste the text into an email and send it to yourself. Pick it up on the sick PC.

No need to change the proxy. OTL says it is OK. However, if you have the IE icon on the desktop you can right click on it and if you select Properties it should be the same as Tools, Internet Options. You can also try when you right click on it to Start without Add-Ons and see if that works.

I checked your DNS in OTL and it appears to be OK.

See if you can run Combofix. It may see something.

Ron
  • 0

#8
mullac
Posted 21 July 2011 - 03:42 AM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service Micorsoft Windows Service stopped successfully!
Service\Driver key Micorsoft Windows Service not found.
========== OTL ==========
Error: No service named Micorsoft Windows Service was found to stop!
Service\Driver key Micorsoft Windows Service not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
C:\Documents and Settings\The Fraser Household\Application Data\Mozilla\Firefox\Profiles\uudmpnuv.default\searchplugins\ask.xml moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 3.5 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{A33FA729-D155-4B23-842B-2C665ECABDB6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A33FA729-D155-4B23-842B-2C665ECABDB6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriverFinder deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TomTomHOME.exe deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\xdfobdmy\gjxmnecc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-4-2-59-100026363-100014375-100002235-1249.com k:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8a14d3c-b8db-11de-846a-0022b0bc1ed3}\ not found.
File C:\RECYCLER\S-4-2-59-100026363-100014375-100002235-1249.com k:\ not found.
C:\Documents and Settings\All Users\Application Data\sbsdwin95req.exe moved successfully.
C:\Documents and Settings\The Fraser Household\My Documents\bugbuster.exe moved successfully.
C:\WINDOWS\Explorermgr.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\~17293092r moved successfully.
C:\Documents and Settings\All Users\Application Data\~17293092 moved successfully.
C:\Documents and Settings\All Users\Application Data\17293092 moved successfully.
========== FILES ==========
C:\Program Files\xdfobdmy folder moved successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\The Fraser Household\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\The Fraser Household\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\The Fraser Household\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\The Fraser Household\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\The Fraser Household\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\The Fraser Household\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\The Fraser Household\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\The Fraser Household\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_102625

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#9
mullac
Posted 21 July 2011 - 04:21 AM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7219

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/07/2011 11:07:50
mbam-log-2011-07-21 (11-07-50).txt

Scan type: Quick scan
Objects scanned: 206148
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
mullac
Posted 21 July 2011 - 07:53 AM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ComboFix 11-07-21.02 - The Fraser Household 21/07/2011 14:17:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.372 [GMT 1:00]
Running from: c:\documents and settings\The Fraser Household\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\THEFRA~1\LOCALS~1\Temp\clclean.0001.dir.0040\~df394b.tmp
c:\documents and settings\The Fraser Household\Application Data\Adobe\plugs
c:\documents and settings\The Fraser Household\Application Data\Adobe\shed
c:\documents and settings\The Fraser Household\Local Settings\Temp\clclean.0001.dir.0040\~df394b.tmp
c:\documents and settings\The Fraser Household\mdsys.s
c:\documents and settings\The Fraser Household\mdusys.s
c:\documents and settings\The Fraser Household\System
c:\documents and settings\The Fraser Household\System\win_qs8.jqx
c:\documents and settings\The Fraser Household\WINDOWS
c:\program files\Internet Explorer\IEXPLOREmgr.exe
c:\program files\Internet Explorer\SET33.tmp
c:\program files\Internet Explorer\SET34.tmp
c:\program files\Internet Explorer\SET35.tmp
c:\windows\system32\fxe.sp
c:\windows\system32\system
c:\windows\ynh.dx
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-30 07:51 . 2011-07-30 07:51 -------- d-----w- c:\program files\iPod
2011-07-30 07:45 . 2011-05-10 07:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-07-30 07:45 . 2011-05-10 07:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-07-25 18:18 . 2011-07-25 18:18 -------- d-----w- c:\program files\Common Files\WebM Project
2011-07-25 18:18 . 2011-07-25 18:18 -------- d-----w- c:\documents and settings\The Fraser Household\Application Data\Immunet
2011-07-25 10:14 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-07-25 10:08 . 2011-07-25 10:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-21 09:59 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 09:28 . 2011-07-21 13:30 -------- d-----w- c:\program files\xdfobdmy
2011-07-21 09:28 . 2011-07-21 09:28 168826 ----a-w- c:\windows\Explorermgr.exe
2011-07-21 09:26 . 2011-07-21 09:26 -------- d-----w- C:\_OTL
2011-07-20 15:34 . 2011-07-20 15:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-20 10:46 . 2011-07-20 10:46 -------- d-----w- c:\program files\Common Files\xing shared
2011-07-19 19:56 . 2011-07-19 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-19 11:24 . 2011-07-19 11:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-19 11:00 . 2011-07-19 15:04 -------- d-----w- c:\windows\system32\MpEngineStore
2011-07-18 22:08 . 2011-07-18 22:08 -------- d-----w- C:\Software
2011-07-18 21:51 . 2011-07-18 21:51 168826 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agentmgr.exe
2011-07-18 21:51 . 2011-07-18 21:51 168826 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 10:45 . 2006-07-11 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-02 14:02 . 2004-08-10 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2005-08-16 03:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-10 11:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-10 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-10 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 09:11 . 2007-08-13 18:54 11081728 ----a-w- c:\windows\system32\ieframe(2).dll
2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-20 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 311855]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 516486]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-20 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\wirelesscm.exe [2009-1-7 29290496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\xdfobdmy\gjxmnecc.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\D-Link\\D-Link DWA-547 Wireless N Desktop Adapter\\wirelesscm.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:*:Disabled:Remote Media Center Experience
.
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [01/06/2011 19:42 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [22/06/2011 18:01 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [22/06/2011 18:01 158904]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [07/01/2009 16:06 57344]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\THEFRA~1\LOCALS~1\Temp\nxytnbuo.sys --> c:\docume~1\THEFRA~1\LOCALS~1\Temp\nxytnbuo.sys [?]
S1 yswlspws;yswlspws;\??\c:\windows\system32\drivers\yswlspws.sys --> c:\windows\system32\drivers\yswlspws.sys [?]
S2 epuqkfmq;epuqkfmq;\??\c:\windows\System32\Drivers\epuqkfmq.sys --> c:\windows\System32\Drivers\epuqkfmq.sys [?]
S2 gupdate1c9999895f967de;Google Update Service (gupdate1c9999895f967de);c:\program files\Google\Update\GoogleUpdate.exe [28/02/2009 12:34 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/07/2011 10:59 366640]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [24/02/2008 12:45 16512]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [05/03/2010 20:14 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/02/2009 12:34 133104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe [07/01/2009 16:06 356434]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26/08/2009 22:10 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26/08/2009 22:10 8320]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\DRIVERS\qcserxp.sys --> c:\windows\system32\DRIVERS\qcserxp.sys [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [22/06/2011 18:01 53816]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2011-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-07 18:17]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 11:34]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 11:34]
.
2011-07-19 c:\windows\Tasks\User_Feed_Synchronization-{F3E9AD35-73EA-4671-A7C6-1741985FCEA3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\The Fraser Household\Start Menu\Programs\Startup\gjxmnecc.exe 168826 bytes executable
C:\gjxmnecc.exe 168826 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
Completion time: 2011-07-21 14:40:04
ComboFix-quarantined-files.txt 2011-07-21 13:39
Pre-Run: 40,604,209,152 bytes free
Post-Run: 40,871,907,328 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C3BA7252359CCE55501AD5932A02FD41
  • 0

Advertisements

#11
RKinner
Posted 21 July 2011 - 08:22 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Nasty little rootkit you have there.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\docume~1\THEFRA~1\LOCALS~1\Temp\nxytnbuo.sys
c:\windows\system32\drivers\yswlspws.sys
c:\windows\System32\Drivers\epuqkfmq.sys
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\DRIVERS\qcserxp.sys
c:\program files\xdfobdmy
c:\windows\Explorermgr.exe

Driver::
Micorsoft Windows Service
yswlspws
epuqkfmq
gupdate1c9999895f967de
qcserxp

Folder::
c:\program files\xdfobdmy

RootKit::
c:\docume~1\THEFRA~1\LOCALS~1\Temp\nxytnbuo.sys
c:\windows\system32\drivers\yswlspws.sys
c:\windows\System32\Drivers\epuqkfmq.sys
c:\documents and settings\The Fraser Household\Start Menu\Programs\Startup\gjxmnecc.exe
C:\gjxmnecc.exe
c:\windows\Explorermgr.exe

RegLock::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Also
Copy the text in the code box by highlighting and Ctrl + c 


/md5start
userinit.exe
explorer.exe
ntdll.dll
ieframe.dll
dbghelp.dll
upgrade.dll
/md5stop
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered. Save the log and copy and paste it to a reply.



Ron
  • 0

#12
mullac
Posted 21 July 2011 - 08:44 AM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
2011/07/21 15:23:02.0406 0616 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/21 15:23:03.0703 0616 ================================================================================
2011/07/21 15:23:03.0703 0616 SystemInfo:
2011/07/21 15:23:03.0703 0616
2011/07/21 15:23:03.0703 0616 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/21 15:23:03.0703 0616 Product type: Workstation
2011/07/21 15:23:03.0703 0616 ComputerName: FRAZZLEHOUSE
2011/07/21 15:23:03.0703 0616 UserName: The Fraser Household
2011/07/21 15:23:03.0703 0616 Windows directory: C:\WINDOWS
2011/07/21 15:23:03.0703 0616 System windows directory: C:\WINDOWS
2011/07/21 15:23:03.0703 0616 Processor architecture: Intel x86
2011/07/21 15:23:03.0703 0616 Number of processors: 2
2011/07/21 15:23:03.0703 0616 Page size: 0x1000
2011/07/21 15:23:03.0703 0616 Boot type: Normal boot
2011/07/21 15:23:03.0703 0616 ================================================================================
2011/07/21 15:23:04.0109 0616 Initialize success
2011/07/21 15:23:16.0125 0500 ================================================================================
2011/07/21 15:23:16.0125 0500 Scan started
2011/07/21 15:23:16.0125 0500 Mode: Manual;
2011/07/21 15:23:16.0125 0500 ================================================================================
2011/07/21 15:23:16.0421 0500 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/21 15:23:16.0500 0500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/21 15:23:16.0546 0500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/21 15:23:16.0593 0500 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/21 15:23:16.0640 0500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/21 15:23:16.0718 0500 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/21 15:23:16.0781 0500 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/21 15:23:16.0796 0500 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/21 15:23:16.0828 0500 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/21 15:23:16.0859 0500 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/21 15:23:16.0906 0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/21 15:23:17.0000 0500 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/21 15:23:17.0140 0500 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/21 15:23:17.0218 0500 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/21 15:23:17.0250 0500 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/21 15:23:17.0343 0500 AR5416 (2f9a4beb4163590b78e26cdedc789ed4) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/07/21 15:23:17.0421 0500 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/21 15:23:17.0468 0500 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/21 15:23:17.0515 0500 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/21 15:23:17.0546 0500 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/07/21 15:23:17.0609 0500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/21 15:23:17.0640 0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/21 15:23:17.0734 0500 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/21 15:23:17.0796 0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/21 15:23:17.0843 0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/21 15:23:17.0906 0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/21 15:23:17.0968 0500 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/07/21 15:23:18.0296 0500 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/21 15:23:18.0343 0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/21 15:23:18.0406 0500 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/21 15:23:18.0437 0500 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/21 15:23:18.0468 0500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/21 15:23:18.0531 0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/21 15:23:18.0546 0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/21 15:23:18.0578 0500 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/07/21 15:23:18.0640 0500 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/21 15:23:18.0671 0500 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/21 15:23:18.0734 0500 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/07/21 15:23:18.0750 0500 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/07/21 15:23:18.0796 0500 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/21 15:23:18.0828 0500 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/21 15:23:18.0890 0500 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
2011/07/21 15:23:18.0953 0500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/21 15:23:19.0015 0500 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/07/21 15:23:19.0062 0500 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/07/21 15:23:19.0109 0500 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/07/21 15:23:19.0140 0500 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/07/21 15:23:19.0156 0500 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/07/21 15:23:19.0171 0500 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/07/21 15:23:19.0234 0500 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/07/21 15:23:19.0265 0500 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/07/21 15:23:19.0296 0500 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/07/21 15:23:19.0359 0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/21 15:23:19.0421 0500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/07/21 15:23:19.0468 0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/21 15:23:19.0515 0500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/21 15:23:19.0546 0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/21 15:23:19.0578 0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/21 15:23:19.0593 0500 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/07/21 15:23:19.0609 0500 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/07/21 15:23:19.0656 0500 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/21 15:23:19.0718 0500 e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/07/21 15:23:19.0781 0500 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
2011/07/21 15:23:19.0828 0500 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
2011/07/21 15:23:19.0890 0500 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
2011/07/21 15:23:19.0906 0500 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
2011/07/21 15:23:19.0921 0500 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
2011/07/21 15:23:20.0015 0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/21 15:23:20.0109 0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/21 15:23:20.0187 0500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/21 15:23:20.0265 0500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/21 15:23:20.0296 0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/21 15:23:20.0343 0500 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/21 15:23:20.0406 0500 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/07/21 15:23:20.0500 0500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/21 15:23:20.0531 0500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/21 15:23:20.0593 0500 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/21 15:23:20.0656 0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/21 15:23:20.0734 0500 hcwPP2 (ecc2b633b909448c2806ea36ffea1933) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
2011/07/21 15:23:20.0812 0500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/21 15:23:20.0875 0500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/21 15:23:20.0921 0500 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/21 15:23:20.0984 0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/21 15:23:21.0062 0500 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/21 15:23:21.0109 0500 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/21 15:23:21.0171 0500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/21 15:23:21.0250 0500 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/07/21 15:23:21.0281 0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/21 15:23:21.0343 0500 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/21 15:23:21.0359 0500 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/21 15:23:21.0406 0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/21 15:23:21.0437 0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/21 15:23:21.0468 0500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/21 15:23:21.0500 0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/21 15:23:21.0531 0500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/21 15:23:21.0562 0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/21 15:23:21.0578 0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/21 15:23:21.0640 0500 JSWSCIMD (20e5e4d1c055f36d341d7cda92b99dc8) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
2011/07/21 15:23:21.0656 0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/21 15:23:21.0671 0500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/21 15:23:21.0734 0500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/21 15:23:21.0781 0500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/21 15:23:21.0937 0500 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/07/21 15:23:22.0234 0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/21 15:23:22.0281 0500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/21 15:23:22.0328 0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/21 15:23:22.0390 0500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/21 15:23:22.0406 0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/21 15:23:22.0453 0500 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/21 15:23:22.0515 0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/21 15:23:22.0578 0500 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/21 15:23:22.0609 0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/21 15:23:22.0640 0500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/21 15:23:22.0671 0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/21 15:23:22.0718 0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/21 15:23:22.0781 0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/21 15:23:22.0828 0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/21 15:23:22.0875 0500 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/21 15:23:22.0921 0500 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/21 15:23:22.0937 0500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/21 15:23:22.0968 0500 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/21 15:23:23.0015 0500 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/21 15:23:23.0093 0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/21 15:23:23.0125 0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/21 15:23:23.0187 0500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/21 15:23:23.0250 0500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/21 15:23:23.0281 0500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/21 15:23:23.0390 0500 nmwcdnsu (02e96113511171ba7559386d10d3daea) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2011/07/21 15:23:23.0421 0500 nmwcdnsuc (fb09150cfc7a499a53c308d04841a3bd) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2011/07/21 15:23:23.0437 0500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/21 15:23:23.0500 0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/21 15:23:23.0562 0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/21 15:23:23.0671 0500 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/21 15:23:23.0734 0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/21 15:23:23.0781 0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/21 15:23:23.0921 0500 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/07/21 15:23:23.0984 0500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/21 15:23:24.0000 0500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/21 15:23:24.0046 0500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/21 15:23:24.0109 0500 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/07/21 15:23:24.0125 0500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/21 15:23:24.0171 0500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/21 15:23:24.0203 0500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/21 15:23:24.0296 0500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/21 15:23:24.0375 0500 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/21 15:23:24.0437 0500 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/07/21 15:23:24.0546 0500 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/07/21 15:23:24.0656 0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/21 15:23:24.0734 0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/21 15:23:24.0781 0500 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/21 15:23:24.0843 0500 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/21 15:23:24.0890 0500 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/21 15:23:24.0921 0500 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/21 15:23:24.0968 0500 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/21 15:23:25.0000 0500 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/21 15:23:25.0031 0500 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
2011/07/21 15:23:25.0281 0500 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
2011/07/21 15:23:25.0500 0500 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/07/21 15:23:25.0562 0500 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/07/21 15:23:25.0609 0500 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/07/21 15:23:25.0640 0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/21 15:23:25.0703 0500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/21 15:23:25.0734 0500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/21 15:23:25.0796 0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/21 15:23:25.0859 0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/21 15:23:25.0890 0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/21 15:23:25.0968 0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/21 15:23:25.0984 0500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/21 15:23:26.0031 0500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/21 15:23:26.0125 0500 rt2870 (2be6b34244e2a2aaaf1e93d765483512) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/07/21 15:23:26.0203 0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/21 15:23:26.0218 0500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/21 15:23:26.0265 0500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/21 15:23:26.0312 0500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/21 15:23:26.0406 0500 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
2011/07/21 15:23:26.0531 0500 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/21 15:23:26.0593 0500 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/21 15:23:26.0671 0500 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/21 15:23:26.0718 0500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/21 15:23:26.0750 0500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/21 15:23:26.0828 0500 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/21 15:23:26.0906 0500 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/21 15:23:26.0953 0500 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/21 15:23:27.0031 0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/21 15:23:27.0109 0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/21 15:23:27.0140 0500 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/21 15:23:27.0187 0500 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/21 15:23:27.0218 0500 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/21 15:23:27.0265 0500 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/21 15:23:27.0312 0500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/21 15:23:27.0390 0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/21 15:23:27.0453 0500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/21 15:23:27.0515 0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/21 15:23:27.0531 0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/21 15:23:27.0578 0500 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/21 15:23:27.0640 0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/21 15:23:27.0687 0500 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/21 15:23:27.0734 0500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/21 15:23:27.0812 0500 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/07/21 15:23:27.0859 0500 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/21 15:23:27.0890 0500 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/21 15:23:27.0921 0500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/21 15:23:27.0953 0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/21 15:23:27.0968 0500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/21 15:23:28.0000 0500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/21 15:23:28.0015 0500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/21 15:23:28.0078 0500 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/07/21 15:23:28.0125 0500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/21 15:23:28.0140 0500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/21 15:23:28.0156 0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/21 15:23:28.0203 0500 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/21 15:23:28.0218 0500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/21 15:23:28.0234 0500 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/21 15:23:28.0234 0500 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/07/21 15:23:28.0234 0500 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/21 15:23:28.0296 0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/21 15:23:28.0406 0500 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/21 15:23:28.0484 0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/21 15:23:28.0578 0500 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/21 15:23:28.0609 0500 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/07/21 15:23:28.0640 0500 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/21 15:23:28.0703 0500 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/21 15:23:28.0718 0500 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/21 15:23:28.0781 0500 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
2011/07/21 15:23:28.0796 0500 Boot (0x1200) (d35d750903c10cb0a9d18426d43bbd2d) \Device\Harddisk0\DR0\Partition0
2011/07/21 15:23:28.0843 0500 Boot (0x1200) (de97ff29baab0f40a47f5ebe5e2e66ac) \Device\Harddisk0\DR0\Partition1
2011/07/21 15:23:28.0843 0500 ================================================================================
2011/07/21 15:23:28.0843 0500 Scan finished
2011/07/21 15:23:28.0843 0500 ================================================================================
2011/07/21 15:23:28.0875 5080 Detected object count: 1
2011/07/21 15:23:28.0875 5080 Actual detected object count: 1
2011/07/21 15:23:45.0468 5080 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/21 15:23:45.0468 5080 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/07/21 15:23:47.0046 5080 Backup copy found, using it..
2011/07/21 15:23:47.0062 5080 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/07/21 15:23:47.0062 5080 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/07/21 15:24:36.0968 1144 Deinitialize success
  • 0

#13
mullac
Posted 21 July 2011 - 08:46 AM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-21 15:31:15
-----------------------------
15:31:15.093 OS Version: Windows 5.1.2600 Service Pack 3
15:31:15.093 Number of processors: 2 586 0x407
15:31:15.093 ComputerName: FRAZZLEHOUSE UserName:
15:31:15.609 Initialize success
15:32:18.453 AVAST engine download error: 0
15:32:35.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:32:35.609 Disk 0 Vendor: WDC_WD25 10.0 Size: 238418MB BusType: 3
15:32:35.640 Disk 0 MBR read successfully
15:32:35.640 Disk 0 MBR scan
15:32:35.640 Disk 0 unknown MBR code
15:32:35.640 Disk 0 scanning sectors +488263545
15:32:35.734 Disk 0 scanning C:\WINDOWS\system32\drivers
15:32:46.312 Service scanning
15:32:48.078 Disk 0 trace - called modules:
15:32:48.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys nxytnbuo.sys iaStor.sys hal.dll
15:32:48.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86850ab8]
15:32:48.109 3 CLASSPNP.SYS[f7612fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x871d3030]
15:32:48.109 Scan finished successfully
15:35:46.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\The Fraser Household\Desktop\mbrscan\MBR.dat"
15:35:46.859 The log file has been saved successfully to "C:\Documents and Settings\The Fraser Household\Desktop\mbrscan\aswMBR.txt"
  • 0

#14
RKinner
Posted 21 July 2011 - 08:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
After you run Combofix again with the CFScript, rerun TDSSKiller to see if it was able to fix the volsnap problem.

Ron
  • 0

#15
mullac
Posted 21 July 2011 - 09:12 AM

mullac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Ron, i'm all scanned out!! Ron all scans are done!!the last 1 aswmbr, the fix it button was there,i clicked on it and another window popped up stating that i could change something to the system,i bottled out and clicked no.! i still have internet,emails are coming in,still can't open any web browsers,have deleted firefox. have just realised you given me some more scanning!! mullac :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP