Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Really need some help, having no luck.


(!)

the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
07-Sep-2010, 08:02 PM #1
Really need some help, having no luck.
Cant go to windows update, iexplorer is getting redirected, cant turn on windows firewall, cant post to hijack this forums, I have used several anti malware/virus/spyware solutions with no luck. Running windows xp 3


1 Hijack This

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:35 AM, on 9/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Desktop\HijackThis.exe

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [iolo 3rd Party Reboot] C:\Documents and Settings\Rob\Application Data\iolo\IRestartStub.exe /t "System Mechanic Professional" /i "fromreg" /v "iolo 3rd Party Reboot" /av "fromreg"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166103550577
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Windows Network Service (MCIService) - Unknown owner - (no file)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6832 bytes

2 DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Rob at 9:06:33.02 on Tue 09/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.17 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\My Documents\Downloads\SysInfo.exe
C:\Documents and Settings\Rob\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\rob\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Google Sidewiki...
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166103550577
DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} - hxxp://www.callwave.com/include/cab/CWDL_DownLoad.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-4 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-2 28552]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-3 11608]
R1 MpKsld4dc232b;MpKsld4dc232b;c:\program files\windows live safety center\MpKsld4dc232b.sys [2010-9-5 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-3 60936]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-12 47640]
S1 mas;mas;\??\c:\windows\system32\drivers\mas.sys --> c:\windows\system32\drivers\mas.sys [?]
S3 BW2NDIS5;BW2NDIS5; [x]
S3 ExterminateIt;ExterminateIt;c:\windows\system32\drivers\extit.sys [2009-10-25 22016]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-09-07 03:41:34 0 d-----w- C:\VundoFix Backups
2010-09-06 16:46:26 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-06 16:46:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-05 18:27:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-04 22:46:01 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-04 22:45:14 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-04 19:42:16 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-04 19:37:22 0 d-----w- c:\program files\Lavasoft
2010-09-04 19:18:25 0 d-----w- C:\iolo
2010-09-04 18:16:31 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-09-04 18:16:23 0 d-----w- c:\docume~1\rob\applic~1\iolo
2010-09-04 18:16:23 0 d-----w- c:\docume~1\alluse~1\applic~1\iolo
2010-09-03 12:20:23 0 d-----w- c:\docume~1\rob\applic~1\SUPERAntiSpyware.com
2010-09-03 11:56:22 0 d-----w- c:\docume~1\rob\applic~1\Avira
2010-09-03 10:53:19 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-03 10:53:16 0 d-----w- c:\program files\Avira
2010-09-03 10:53:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-09-03 00:56:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-03 00:54:33 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-03 00:53:57 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-03 00:53:49 0 d-----w- c:\program files\Panda Security
2010-08-28 20:43:34 0 d-----w- c:\program files\CCleaner
2010-08-26 22:58:21 0 d-----w- c:\windows\system32\NtmsData
2010-08-26 21:20:03 0 d-----w- c:\docume~1\rob\applic~1\Malwarebytes
2010-08-26 21:19:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 21:19:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-26 21:19:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 21:19:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 21:10:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 04:52:44 54156 ---ha-w- c:\windows\QTFont.qfn
2010-08-16 04:52:44 1409 ----a-w- c:\windows\QTFont.for
2010-08-14 19:51:09 0 d-----w- c:\docume~1\rob\applic~1\EasyPDFReader
2010-08-14 19:50:38 0 d-----w- c:\program files\Search Toolbar
2010-08-14 19:48:36 0 d-----w- c:\program files\Easy PDF Reader
2010-08-14 19:11:43 0 d-----w- c:\docume~1\alluse~1\applic~1\FileCure

==================== Find3M ====================

2010-08-27 23:36:14 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-08-27 23:36:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-08-27 23:36:11 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-11-18 05:24:32 29784 -c--a-w- c:\program files\popcorn Terms.html
2002-11-18 11:26:06 61440 -c--a-w- c:\windows\inf\i386\onetUSD.dll
2002-10-24 13:29:30 36864 -c--a-w- c:\windows\inf\i386\Vizmicro.dll
2002-10-24 13:28:28 172032 -c--a-w- c:\windows\inf\i386\viceo.dll
2002-10-24 13:02:22 225280 -c--a-w- c:\windows\inf\i386\rtscan.dll
2001-08-03 23:29:18 13824 -c--a-w- c:\windows\inf\i386\Usbscan.sys
2009-02-15 07:32:55 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021520090216\index.dat

============= FINISH: 9:10:02.88 ===============

3 Attached txt is attached

4 Ark.txt


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-07 17:19:46
Windows 5.1.2600 Service Pack 3
Running: 2db6gluv.exe; Driver: C:\DOCUME~1\Rob\LOCALS~1\Temp\axrirpow.sys


---- System - GMER 1.0.15 ----

SSDT F99A9DCE ZwCreateKey
SSDT F99A9DC4 ZwCreateThread
SSDT F99A9DD3 ZwDeleteKey
SSDT F99A9DDD ZwDeleteValueKey
SSDT F99A9DE2 ZwLoadKey
SSDT F99A9DB0 ZwOpenProcess
SSDT F99A9DB5 ZwOpenThread
SSDT F99A9DEC ZwReplaceKey
SSDT F99A9DE7 ZwRestoreKey
SSDT F99A9DD8 ZwSetValueKey

INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EE58116D
INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EE580FC2

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xED76D400, 0x82482, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xED80D420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xED80D420]
.protect˙˙˙˙hardlockunknown last code section [0xED80D200, 0x5105, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xED80D200, 0x5105, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[988] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0145000A
.text C:\WINDOWS\System32\svchost.exe[988] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D8000A
.text C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@ Installed 1

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
08-Sep-2010, 07:30 AM #2
bump
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
10-Sep-2010, 08:03 AM #3
Any chance of getting some help. Its been a few days since my original post. I would really appreciate some help.
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,305 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
10-Sep-2010, 06:20 PM #4
Hello the-drew,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
10-Sep-2010, 11:24 PM #5
Hello Emeraldnzl,

Thanks for the reply!

Here is the combo fix log

ComboFix 10-09-09.04 - Rob 09/10/2010 21:21:14.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.15 [GMT -5:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\zumf
c:\program files\Common Files\zumf\zumfd\class-barrel
c:\program files\popcorn Terms.html
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_MAS
-------\Legacy_MICROSOFT_MEDIA_TOOLS
-------\Legacy_RDRIV
-------\Service_Boonty Games
-------\Service_mas
-------\Service_MicroSoft Media Tools

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-06 16:46 . 2010-09-06 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-04 19:37 . 2010-09-08 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-04 19:21 . 2010-07-06 20:11 492208 ----a-w- c:\documents and settings\Rob\Application Data\iolo\IRestartStub.exe
2010-09-04 18:16 . 2010-09-07 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-09-04 18:16 . 2010-09-04 19:21 -------- d-----w- c:\documents and settings\Rob\Application Data\iolo
2010-09-03 12:23 . 2010-09-03 12:23 63488 ----a-w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-03 12:23 . 2010-09-03 12:23 52224 ----a-w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-03 12:22 . 2010-09-03 12:22 117760 ----a-w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 12:20 . 2010-09-03 12:20 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
2010-09-03 11:56 . 2010-09-03 11:56 -------- d-----w- c:\documents and settings\Rob\Application Data\Avira
2010-09-03 11:06 . 2010-09-03 11:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-03 11:04 . 2010-09-03 11:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-09-03 10:53 . 2010-09-03 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-03 00:57 . 2010-09-03 00:57 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-03 00:57 . 2010-09-03 00:57 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-03 00:56 . 2010-09-03 00:56 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 00:56 . 2010-09-03 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-03 00:56 . 2010-09-03 00:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-08-29 04:22 . 2010-08-29 04:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-08-26 21:20 . 2010-08-26 21:20 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2010-08-26 21:19 . 2010-08-26 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-14 19:51 . 2010-08-14 19:51 -------- d-----w- c:\documents and settings\Rob\Application Data\EasyPDFReader
2010-08-14 19:11 . 2010-08-14 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 11:35 . 2010-01-13 00:00 -------- d-----w- c:\program files\LogMeIn
2010-09-08 01:08 . 2002-09-03 19:53 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-09-06 17:30 . 2010-09-06 16:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-05 22:33 . 2010-09-05 21:49 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-04 22:45 . 2010-09-04 22:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-04 19:24 . 2010-09-04 19:24 -------- d-----w- c:\program files\Windows Defender
2010-09-04 18:16 . 2010-09-04 18:16 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-09-03 12:02 . 2010-09-10 02:05 254324 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
2010-09-03 12:02 . 2010-09-10 02:05 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
2010-09-03 12:02 . 2010-09-10 02:05 1364346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
2010-09-03 12:02 . 2010-09-10 02:05 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
2010-09-03 12:02 . 2010-09-10 02:05 614772 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
2010-09-03 12:02 . 2010-09-10 02:05 471412 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
2010-09-03 12:02 . 2010-09-10 02:05 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
2010-09-03 12:02 . 2010-09-10 02:05 2883958 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
2010-09-03 12:02 . 2010-09-10 02:05 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
2010-09-03 12:02 . 2010-09-10 02:05 397684 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
2010-09-03 12:02 . 2010-09-10 02:05 393588 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
2010-09-03 12:02 . 2010-09-10 02:05 192887 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
2010-09-03 10:53 . 2010-09-03 10:53 -------- d-----w- c:\program files\Avira
2010-09-03 00:56 . 2010-09-03 00:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-03 00:53 . 2010-09-03 00:53 -------- d-----w- c:\program files\Panda Security
2010-08-29 05:00 . 2010-05-16 19:57 -------- d-----w- c:\program files\PokerStars.NET
2010-08-29 04:07 . 2010-08-26 21:10 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-28 20:44 . 2010-08-28 20:43 -------- d-----w- c:\program files\CCleaner
2010-08-27 23:36 . 2010-01-13 00:03 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-08-27 23:36 . 2010-01-13 00:04 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-08-27 23:36 . 2010-01-13 00:03 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-08-27 20:09 . 2009-07-10 22:01 -------- d-----w- c:\program files\Lx_cats
2010-08-26 22:25 . 2010-02-28 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-26 21:19 . 2010-08-26 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 23:52 . 2008-11-06 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-14 20:32 . 2010-01-13 01:04 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-08-14 19:50 . 2010-08-14 19:48 -------- d-----w- c:\program files\Easy PDF Reader
2010-07-24 01:31 . 2008-06-21 18:03 -------- d-----w- c:\documents and settings\Rob\Application Data\Chessmaster Challenge
2010-06-30 12:31 . 2002-09-03 19:54 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-09-03 20:03 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-09-03 19:57 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-09-03 19:39 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-08-12 08:29 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-28 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-08-27 23:36 87424 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\.protected
backup=c:\windows\pss\.protectedCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^.protected]
path=c:\documents and settings\Rob\Start Menu\Programs\Startup\.protected
backup=c:\windows\pss\.protectedStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Rob\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HelpCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\License Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MenaceFighter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 23:25 1961984 -c----w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2002-11-18 11:17 94208 -c--a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 09:10 49152 -c--a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
R2 MCIService;Windows Network Service; [x]
R3 BW2NDIS5;BW2NDIS5; [x]
R3 ExterminateIt;ExterminateIt;c:\windows\system32\drivers\extit.sys [2009-10-25 22016]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\s pool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1563985344-1957994488-1003Core.job
- c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 20:14]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1563985344-1957994488-1003UA.job
- c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 20:14]
2010-09-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{04F5700C-F654-472D-BCEA-47DB8CB9AB9A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki...
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-NetZero_uoltray - c:\program files\NetZero\exec.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 21:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_Ac tiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-10 22:01:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 03:01
Pre-Run: 18,830,417,920 bytes free
Post-Run: 19,217,137,664 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 1E213ACD840564B251DEEBCB6AC99105
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,305 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
10-Sep-2010, 11:37 PM #6
Hello

I take it you use the remote Logmein program? If not please tell me when you return.

Now

Please download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
    • o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.
So when you return please post
  • the two OTL logs - OTL.txt and Extras.txt


Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
11-Sep-2010, 12:25 AM #7
Yes I do use logmein on this machine.

Here is the otl.txt file

OTL logfile created on: 9/10/2010 10:57:58 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 71.00 Mb Available Physical Memory | 28.00% Memory free
625.00 Mb Paging File | 255.00 Mb Available in Paging File | 41.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 17.90 Gb Free Space | 48.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.84 Gb Total Space | 1.57 Gb Free Space | 85.60% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROB-JIDY
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/10 22:57:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
PRC - [2010/08/27 18:37:06 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/08/27 18:36:07 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/07/25 11:00:56 | 000,876,032 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe


========== Modules (SafeList) ==========

MOD - [2010/09/10 22:57:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MCIService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/27 18:37:06 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/07/26 16:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/07/25 11:00:56 | 000,876,032 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/07/25 11:00:56 | 000,876,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/08/27 18:36:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/23 11:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/01 12:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/10/25 11:45:20 | 000,022,016 | ---- | M] (Curiolab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\extit.sys -- (ExterminateIt)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2006/10/16 09:47:22 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\FlexiSIGN-PRO 8.1v1\Program\Par1284.sys -- (Par1284)
DRV - [2006/08/15 19:59:16 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/07/25 10:53:28 | 000,101,504 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/25 10:53:04 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/25 04:52:59 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 00:29:39 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 00:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/07/14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2003/11/13 13:19:48 | 000,210,304 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 13:18:36 | 000,679,808 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 13:17:00 | 001,042,816 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/12/15 18:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/12/15 18:41:10 | 000,026,120 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 2E 6B 6C DE 81 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2009/03/29 02:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions
[2009/03/29 02:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/09/10 21:46:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Escape%20...es/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1166103550577 (WUWebControl Class)
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} http://www.callwave.com/include/cab/CWDL_DownLoad.CAB (CWDL_DownLoadControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Escape%20.../armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///D:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.130 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/12 03:33:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.DivXa32 - C:\WINDOWS\System32\DivXa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.div4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/10 22:56:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2010/09/10 22:55:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/10 21:18:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/10 21:14:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/10 21:14:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/10 21:14:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/10 21:14:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/10 21:13:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/10 21:13:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 22:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Local Settings\Application Data\ApplicationHistory
[2010/09/07 20:52:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/09/07 20:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\tdsskiller
[2010/09/07 09:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\New Folder
[2010/09/06 22:41:34 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/09/06 11:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/06 11:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/05 16:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/04 17:45:14 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/04 14:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Local Settings\Application Data\Sunbelt Software
[2010/09/04 14:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/09/04 14:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/09/04 14:18:25 | 000,000,000 | ---D | C] -- C:\iolo
[2010/09/04 13:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\iolo
[2010/09/04 13:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/09/03 07:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\SUPERAntiSpyware.com
[2010/09/03 06:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\Avira
[2010/09/03 05:53:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/03 05:53:19 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/03 05:53:19 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/09/03 05:53:19 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/03 05:53:18 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/03 05:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/03 05:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/09/02 19:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/02 19:54:33 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/09/02 19:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/02 19:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/08/28 23:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo
[2010/08/28 23:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/08/28 23:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\lrhdydpsm
[2010/08/28 23:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/28 15:59:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rob\Recent
[2010/08/28 15:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/28 15:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\My Documents\Downloads
[2010/08/28 15:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Local Settings\Application Data\Temp
[2010/08/26 17:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/26 16:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\Malwarebytes
[2010/08/26 16:19:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/26 16:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/26 16:19:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/26 16:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/26 16:16:11 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob\My Documents\mbam-setup-1.46.exe
[2010/08/25 01:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/25 01:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/14 14:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\EasyPDFReader
[2010/08/14 14:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Easy PDF Reader
[2010/08/14 14:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/06/06 13:07:23 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2010/06/06 13:07:23 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2010/06/06 13:07:23 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2010/06/06 13:07:22 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2010/06/06 13:07:21 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2010/06/06 13:07:20 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2010/06/06 13:07:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2010/06/06 13:07:20 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2010/06/06 13:07:19 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2010/06/06 13:07:16 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2010/06/06 13:07:11 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2010/06/06 13:07:09 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\Documents and Settings\Rob\My Documents\*.tmp files -> C:\Documents and Settings\Rob\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/10 22:57:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2010/09/10 22:21:03 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1563985344-1957994488-1003UA.job
[2010/09/10 21:47:50 | 000,000,465 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/10 21:46:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/10 21:44:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 21:43:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/10 21:40:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 21:40:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 21:39:58 | 266,645,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 21:38:22 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Rob\ntuser.ini
[2010/09/10 21:38:21 | 004,874,240 | ---- | M] () -- C:\Documents and Settings\Rob\ntuser.dat
[2010/09/10 21:18:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/10 21:06:27 | 002,549,156 | -H-- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\IconCache.db
[2010/09/10 21:05:39 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Really need some help, having no luck. - Tech Support Guy Forums.url
[2010/09/10 21:00:29 | 003,842,041 | R--- | M] () -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2010/09/10 19:28:15 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/10 19:28:14 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Google Chrome.lnk
[2010/09/10 17:19:37 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{04F5700C-F654-472D-BCEA-47DB8CB9AB9A}.job
[2010/09/10 15:20:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1563985344-1957994488-1003Core.job
[2010/09/07 22:28:48 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 22:28:48 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/07 22:28:47 | 000,509,574 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 20:57:57 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/07 20:01:22 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\tdsskiller.zip
[2010/09/06 11:47:16 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/06 11:47:16 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Spybot - Search & Destroy.lnk
[2010/09/04 17:45:13 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/04 13:16:31 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/03 05:54:08 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/09/02 19:54:24 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/28 23:07:35 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/27 18:36:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/08/27 18:36:11 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/08/27 18:36:11 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/08/27 14:41:46 | 000,248,832 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\BBQ SHRIMP.FS
[2010/08/27 12:51:15 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\loeffelholtz prop inv lp.FS
[2010/08/27 12:38:20 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\LOEFFLEHOLTZ.FS
[2010/08/26 17:23:27 | 000,002,621 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/26 16:42:16 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\avira_antivir_personal_en.exe
[2010/08/26 16:19:24 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/26 16:16:27 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob\My Documents\mbam-setup-1.46.exe
[2010/08/23 16:02:41 | 000,072,038 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\LA DEMOLITION INV.jpg
[2010/08/23 16:02:18 | 000,355,840 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\LA DEMOLITION INV.FS
[2010/08/22 15:22:17 | 091,249,152 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\la demo changes.FS cut one.FS
[2010/08/22 13:25:38 | 002,724,864 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\LA DEMOLITION LAYOUT.FS
[2010/08/22 13:23:59 | 002,725,376 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\la demo changes.FS
[2010/08/21 18:46:58 | 000,260,608 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\loeffleholtz.doc
[2010/08/20 14:54:58 | 011,700,736 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-ball new
[2010/08/20 14:53:35 | 012,273,664 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\SNOW-BALL.FS
[2010/08/20 09:50:05 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-ball trailor inv.FS
[2010/08/17 19:52:27 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-ball.FS
[2010/08/17 19:44:17 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-ball newest.fs
[2010/08/17 11:05:57 | 005,883,392 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-balls side 2.FS
[2010/08/17 10:49:57 | 008,612,864 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\SNOW-BALL !!.fs
[2010/08/15 23:52:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/15 23:52:44 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/15 23:46:51 | 091,134,464 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\la demo changes 3
[2010/08/15 23:44:47 | 001,084,441 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\la demo change 3.jpg
[2010/08/15 22:53:07 | 001,084,441 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\la demo changes 2.jpg
[2010/08/15 22:15:46 | 001,084,441 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\la demo changes.jpg
[2010/08/15 21:39:08 | 001,076,295 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\LA DEMOLITION LAYOUT.jpg
[2010/08/14 14:50:28 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Easy PDF Reader.lnk
[2010/08/13 03:57:44 | 000,946,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 22:22:34 | 005,829,120 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\snoball
[2010/08/12 12:24:35 | 000,266,812 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-balls front.jpg
[2010/08/12 12:24:10 | 005,862,912 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-balls front.FS
[2010/08/12 12:21:17 | 000,262,980 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-balls side 2.jpg
[2010/08/12 11:59:18 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\sno-balls pro.fs
[2010/08/12 11:40:18 | 000,342,072 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\SNOW-BALL.jpg
[2010/08/12 00:04:50 | 000,338,950 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\SNOW-BALL PIC.jpg
[2010/08/11 23:21:26 | 009,092,096 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\SNO-BALLS PICS.FS
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\Documents and Settings\Rob\My Documents\*.tmp files -> C:\Documents and Settings\Rob\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 21:39:58 | 266,645,504 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/10 21:18:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/10 21:18:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/10 21:14:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/10 21:14:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/10 21:14:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/10 21:14:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/10 21:14:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/10 21:05:39 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Really need some help, having no luck. - Tech Support Guy Forums.url
[2010/09/10 21:00:17 | 003,842,041 | R--- | C] () -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2010/09/07 20:57:52 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/07 20:01:17 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\tdsskiller.zip
[2010/09/06 11:47:16 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/06 11:47:16 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Spybot - Search & Destroy.lnk
[2010/09/04 18:06:25 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/04 13:16:31 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/03 05:54:08 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/09/02 19:54:24 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/28 15:30:24 | 000,002,246 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/28 15:30:22 | 000,002,268 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Google Chrome.lnk
[2010/08/28 15:16:03 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1563985344-1957994488-1003UA.job
[2010/08/28 15:15:49 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1563985344-1957994488-1003Core.job
[2010/08/27 12:51:13 | 000,220,672 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\loeffelholtz prop inv lp.FS
[2010/08/26 16:39:41 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\avira_antivir_personal_en.exe
[2010/08/26 16:19:24 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/26 16:10:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/23 16:02:37 | 000,072,038 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\LA DEMOLITION INV.jpg
[2010/08/23 16:02:16 | 000,355,840 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\LA DEMOLITION INV.FS
[2010/08/22 15:21:33 | 091,249,152 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\la demo changes.FS cut one.FS
[2010/08/21 21:28:46 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\LOEFFLEHOLTZ.FS
[2010/08/21 18:46:55 | 000,260,608 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\loeffleholtz.doc
[2010/08/20 09:50:01 | 000,225,792 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-ball trailor inv.FS
[2010/08/17 19:44:17 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-ball newest.fs
[2010/08/17 19:43:43 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-ball.FS
[2010/08/17 18:30:36 | 011,700,736 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-ball new
[2010/08/17 11:06:11 | 012,273,664 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\SNOW-BALL.FS
[2010/08/17 10:33:52 | 008,612,864 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\SNOW-BALL !!.fs
[2010/08/15 23:52:44 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/08/15 23:52:44 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/15 23:46:20 | 091,134,464 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\la demo changes 3
[2010/08/15 23:44:17 | 001,084,441 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\la demo change 3.jpg
[2010/08/15 22:52:36 | 001,084,441 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\la demo changes 2.jpg
[2010/08/15 22:17:27 | 002,725,376 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\la demo changes.FS
[2010/08/15 22:15:12 | 001,084,441 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\la demo changes.jpg
[2010/08/14 14:50:28 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Easy PDF Reader.lnk
[2010/08/12 22:22:24 | 005,829,120 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\snoball
[2010/08/12 12:24:25 | 000,266,812 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-balls front.jpg
[2010/08/12 12:24:09 | 005,862,912 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-balls front.FS
[2010/08/12 12:21:07 | 000,262,980 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-balls side 2.jpg
[2010/08/12 12:20:48 | 005,883,392 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-balls side 2.FS
[2010/08/12 11:59:01 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\sno-balls pro.fs
[2010/08/12 11:39:59 | 000,342,072 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\SNOW-BALL.jpg
[2010/08/12 00:04:32 | 000,338,950 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\SNOW-BALL PIC.jpg
[2010/08/11 23:21:47 | 009,092,096 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\SNO-BALLS PICS.FS
[2010/06/06 13:17:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2010/06/06 13:17:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2010/06/06 13:10:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2010/06/06 13:07:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2010/06/06 13:07:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/08/16 17:53:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/10 16:54:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2009/07/10 16:54:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2009/07/10 16:53:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2009/07/10 16:53:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009/01/13 00:00:04 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS
[2008/12/06 11:05:17 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/11/11 01:35:29 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/10/08 10:34:59 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2007/08/15 00:13:08 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\update.log
[2007/06/07 16:28:43 | 000,000,103 | ---- | C] () -- C:\WINDOWS\TTINSTAL.INI
[2007/02/20 00:50:05 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\dm.ini
[2007/01/26 17:39:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/23 13:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2007/01/01 22:58:14 | 000,001,616 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/01/01 22:58:04 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2007/01/01 22:58:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2007/01/01 22:58:04 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2007/01/01 22:57:52 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2006/12/29 15:32:56 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/12/29 15:32:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/05 19:20:10 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/10/03 00:06:41 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/15 19:59:16 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/08/12 15:56:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/08/12 15:48:50 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/12 15:03:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/12 14:37:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/05 11:17:52 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/12/14 15:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/12/14 15:46:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 15:46:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 15:46:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/12 19:03:00 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/09/07 21:04:10 | 000,004,285 | ---- | M] () -- C:\aaw7boot.log
[2008/01/31 10:54:14 | 000,036,352 | ---- | M] () -- C:\arm mcall new.FS
[2006/08/12 03:33:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/12 19:46:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/10 21:18:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2007/11/20 11:40:12 | 000,263,713 | ---- | M] () -- C:\children's orc comb.eps
[2007/11/20 11:40:59 | 000,178,176 | ---- | M] () -- C:\children's orc comb.FS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/10 22:01:47 | 000,019,382 | ---- | M] () -- C:\ComboFix.txt
[2006/08/12 03:33:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/30 17:56:54 | 000,086,677 | ---- | M] () -- C:\CybDefInstallInfo.log
[2008/07/26 15:32:25 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2010/09/10 21:39:58 | 266,645,504 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/09 20:44:06 | 000,241,622 | ---- | M] () -- C:\hpfr3320.log
[2009/07/09 20:44:08 | 000,000,532 | ---- | M] () -- C:\hpfr3320.xml
[2006/08/12 03:33:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/18 17:36:29 | 000,523,671 | ---- | M] () -- C:\lxdd.log
[2006/11/06 20:31:18 | 000,066,048 | ---- | M] () -- C:\MARTIN LAST NOT CUT
[2006/11/02 22:06:12 | 000,057,856 | ---- | M] () -- C:\MARTIN LAWRENCE NEW LAYOUT
[2006/08/12 03:33:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/11/07 13:37:20 | 000,158,720 | ---- | M] () -- C:\NEW CITIES
[2006/11/06 22:35:50 | 000,000,000 | ---- | M] () -- C:\New FlexiSTARTER Desay Edition.FS
[2006/12/16 13:17:50 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/15 01:35:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/10 21:39:51 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2007/08/17 14:06:32 | 000,007,324 | ---- | M] () -- C:\rapport.txt
[2006/04/14 23:05:02 | 000,009,952 | ---- | M] () -- C:\regxpcom.exe
[2010/09/07 20:07:17 | 000,042,356 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_07.09.2010_20.03.19_log.txt
[2006/11/07 11:29:33 | 000,010,240 | ---- | M] () -- C:\Untitled.FS
[2010/09/07 06:23:26 | 000,000,136 | ---- | M] () -- C:\VundoFix.txt
[2006/11/03 13:06:48 | 000,044,032 | ---- | M] () -- C:\w.i.n.o. inset

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/12 03:32:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/08/27 18:36:13 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007/02/26 23:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/11 22:16:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/11 22:16:03 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/11 22:16:03 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/15 01:59:20 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/12/16 14:58:27 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/08/12 03:42:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/10 21:00:29 | 003,842,041 | R--- | M] () -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2010/09/10 22:57:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2006/07/11 11:57:48 | 017,344,752 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\avg71free_394a763.exe
[2010/08/26 16:42:16 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\avira_antivir_personal_en.exe
[2006/11/15 15:50:02 | 015,505,200 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Rob\My Documents\IE7-WindowsXP-x86-enu.exe
[2010/08/26 16:16:27 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob\My Documents\mbam-setup-1.46.exe
[2006/12/16 15:57:12 | 000,161,280 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\rmsality.exe
[2010/03/16 15:12:56 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Rob\My Documents\wordview_en-us.exe
[12 C:\Documents and Settings\Rob\My Documents\*.tmp files -> C:\Documents and Settings\Rob\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2001/08/03 18:29:18 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\Usbscan.sys

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/12/16 14:58:28 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rob\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/07/20 12:29:41 | 000,005,547 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install\\LastSuccessTime: 2010-09-10 12:11:27

< Click the Run Scan button. Do not change any settings unless otherwise told to do so. >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8B5993B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F321F01E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A691DDB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP158BAF9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC78DA48
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D
< End of report >
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
11-Sep-2010, 12:30 AM #8
Here is the Extra.txt file.

OTL Extras logfile created on: 9/10/2010 10:57:58 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 71.00 Mb Available Physical Memory | 28.00% Memory free
625.00 Mb Paging File | 255.00 Mb Available in Paging File | 41.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 17.90 Gb Free Space | 48.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.84 Gb Total Space | 1.57 Gb Free Space | 85.60% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROB-JIDY
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master Pro 4.1
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{8386E3AD-7DEA-1D17-601E-644D9C84C19B}" = Chessmaster Challenge
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{E728216D-A1C4-487B-A4C5-AC0105DB74D6}" = FlexiSIGN-PRO 8.1v1
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Chessmaster Challenge" = Chessmaster Challenge (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy PDF Reader" = Easy PDF Reader 1.0
"FinalMediaPlayer_is1" = Final Media Player 2010
"FlexiSTARTER Desay Edition 7.6v2" = FlexiSTARTER Desay Edition 7.6v2
"Fonts" = Fonts
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OneTouch Version 3.0" = OneTouch Version 3.0
"PokerStars.net" = PokerStars.net
"QuickTime" = QuickTime
"Rainbow Sentinel Driver" = Sentinel System Driver
"SignCut" = SignCut (remove only)
"SpongeBob SquarePants" = SpongeBob SquarePants® Operation Krabby Patty
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"The Print Shop 6.0" = The Print Shop®
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2010 3:18:37 PM | Computer Name = ROB-JIDY | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 1.0.1963.0, faulting module
unknown, version 0.0.0.0, fault address 0x8004ff1f.

Error - 9/5/2010 5:23:42 PM | Computer Name = ROB-JIDY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 9/6/2010 9:01:01 AM | Computer Name = ROB-JIDY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 9/7/2010 7:53:04 AM | Computer Name = ROB-JIDY | Source = Avira AntiVir | ID = 4118
Description = EXCEPTION calling function <Scan> for the file C:\Documents and Settings\Rob\Local
Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00007b [ACCESS_VIOLATION
Exception!! EIP = 0x1d811cc] Please inform Avira and submit the appropriate file!

Error - 9/7/2010 9:01:52 AM | Computer Name = ROB-JIDY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 9/7/2010 10:21:20 AM | Computer Name = ROB-JIDY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2010 10:21:21 AM | Computer Name = ROB-JIDY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2010 12:38:45 PM | Computer Name = ROB-JIDY | Source = Application Error | ID = 1000
Description = Faulting application 8s0b3pqt.exe, version 1.0.15.15281, faulting
module 8s0b3pqt.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 9/7/2010 11:18:17 PM | Computer Name = ROB-JIDY | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2010 11:18:26 PM | Computer Name = ROB-JIDY | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

[ System Events ]
Error - 9/7/2010 12:44:09 PM | Computer Name = ROB-JIDY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 9/7/2010 12:44:44 PM | Computer Name = ROB-JIDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ElbyCDIO Fips mas P3 pavboot SASDIFSV SASKUTIL ssmdrv

Error - 9/7/2010 9:07:51 PM | Computer Name = ROB-JIDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/7/2010 9:10:20 PM | Computer Name = ROB-JIDY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 9/7/2010 9:13:59 PM | Computer Name = ROB-JIDY | Source = Service Control Manager | ID = 7000
Description = The Windows Network Service service failed to start due to the following
error: %%3

Error - 9/7/2010 9:17:01 PM | Computer Name = ROB-JIDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
mas

Error - 9/10/2010 10:11:52 PM | Computer Name = ROB-JIDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/10/2010 10:12:07 PM | Computer Name = ROB-JIDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ElbyCDIO Fips mas P3 pavboot SASDIFSV SASKUTIL ssmdrv

Error - 9/10/2010 10:38:15 PM | Computer Name = ROB-JIDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/10/2010 10:40:52 PM | Computer Name = ROB-JIDY | Source = Service Control Manager | ID = 7000
Description = The Windows Network Service service failed to start due to the following
error: %%3


< End of report >
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,305 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
11-Sep-2010, 01:26 AM #9
Hello the-drew,

Bit to do in this post.

Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
    [12 C:\Documents and Settings\Rob\My Documents\*.tmp files -> C:\Documents and Settings\Rob\My Documents\*.tmp -> ]
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8B5993B
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F321F01E
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A691DDB
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP158BAF9
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC78DA48
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
After that

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • OTL fix log
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
11-Sep-2010, 10:23 AM #10
So I passed out last night

Here is the OTL fix log

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
C:\Documents and Settings\Rob\My Documents\_fs108.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs17.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs1B.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs1C.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs20.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs37.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs4.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs5E.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs83.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fs9B.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fsAC.tmp deleted successfully.
C:\Documents and Settings\Rob\My Documents\_fsC2.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E8B5993B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F321F01E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A691DDB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84 deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP158BAF9 .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC78DA48 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 111826 bytes

User: NetworkService
->Temp folder emptied: 970 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 7880 bytes

User: Rob
->Temp folder emptied: 36864 bytes
->Temporary Internet Files folder emptied: 3480072 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 45438217 bytes
->Flash cache emptied: 45972 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 19068945 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 882 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 81576 bytes
RecycleBin emptied: 19094 bytes

Total Files Cleaned = 66.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09112010_063149
Files\Folders moved on Reboot...
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\WYCAP9VG\donate[1].html moved successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\WYCAP9VG\sh23[1].html moved successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\TBYDMEJ0\948569-really-need-some-help-having[1].html moved successfully.
Registry entries deleted on Reboot...
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
11-Sep-2010, 10:30 AM #11
Here is the mbam log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4594
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/11/2010 7:29:24 AM
mbam-log-2010-09-11 (07-29-24).txt
Scan type: Quick scan
Objects scanned: 141423
Time elapsed: 27 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


The kasperky scan is still running but things look much better already! I can't thank you enough!
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
11-Sep-2010, 10:47 AM #12
I wanted to ask you before I forget. What virus/anti malware do you use?
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,305 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
11-Sep-2010, 05:02 PM #13
Quote:
I wanted to ask you before I forget. What virus/anti malware do you use?
Three answers to that:

On my ME OS laptop I use Avast with Agnitum firewall. On my XP machine I use Avira with the Windows firewall and on my Windows 7 computer I have Microsoft Security Essentials working with Windows Firewall. Further, I have Malwarebytes on my XP and Windows 7 machine which I update and run once a week just to check. In addition I clean out my XP & W7 computers temp files (I use the Windows utility to do this on my ME machine) each week with TFC and carry out a defrag.

Look forward to hearing back from you with the Kaspersky results.
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
11-Sep-2010, 06:02 PM #14
sooo the Kaspersky scan is running again for the third time and the dog is locked in her cage ( she stepped on the keyboard once and her ball hit the mouse, both times canceling the scan ). Its awsome having a 60 pound puppy some times.
the-drew's Avatar
the-drew the-drew is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
11-Sep-2010, 06:12 PM #15
Thanks for the antivirus info. I use almost the same configuration on my machines except for cleaning the temp files ( which I will now be doing ). The computer we are working on is the father in laws. He got an fake facebook email and followed the link. weeee. Oh and its the machine he uses for his sign business.

Thanks again for all the help, I am truly gratefull. This is the first time I havent been able to clean a machine by myself. This thing was crazy. I couldnt even post to the hijack this forum or techguy. I had to use my laptop and transfer with a usb drive to get the first of the log files to post. I did run tskiller and that let me post off of his machine. I just havent seen anything so persistant and wide spread. Anyway, thanks again and I will post the log as soon as it is done.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
need some help Having some problems from few days with my computer (Malware) shakir1980 Virus & Other Malware Removal 10 23-Jan-2006 05:58 PM
I really need some help here guys Danowat32 Windows XP 4 18-Dec-2004 06:37 PM
Really need some help .... hijackthis included andrew81 Windows XP 1 23-Jun-2004 04:35 AM
Really need some help david82124 All Other Software 1 23-Aug-2003 01:09 AM
I really need some help!! dickster Hardware 10 10-Sep-2002 06:24 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑