Solved Cannot empty recycle bin

Hunter · 2011/05/31

[Resolved] Cannot empty recycle bin

I really didn't want to do this, but...my helpers requested that I rule out malware as the cause of my problem. It is described here:

http://www.windowsbbs.com/windows-xp/99119-cannot-empty-recycle-bin.html#post562524

And now for that stuff you asked for.

I. MALWAREBYTES

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6738

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/31/2011 6:03:45 PM
mbam-log-2011-05-31 (18-03-45).txt

Scan type: Quick scan
Objects scanned: 142903
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

II. GMER

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-05-31 18:09:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort3 INTEL_SSDSA2M080G2GC rev.2CV102HD
Running: x9nnlkmn.exe; Driver: C:\DOCUME~1\HUNTER~1\LOCALS~1\Temp\uftdipow.sys

---- System - GMER 1.0.15 ----

SSDT B8687A66 ZwCreateKey
SSDT B8687A5C ZwCreateThread
SSDT B8687A6B ZwDeleteKey
SSDT B8687A75 ZwDeleteValueKey
SSDT sple.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT sple.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT B8687A7A ZwLoadKey
SSDT sple.sys ZwOpenKey [0xB7EB50C0]
SSDT B8687A48 ZwOpenProcess
SSDT B8687A4D ZwOpenThread
SSDT sple.sys ZwQueryKey [0xB7ECE20A]
SSDT sple.sys ZwQueryValueKey [0xB7ECE08A]
SSDT B8687A84 ZwReplaceKey
SSDT B8687A7F ZwRestoreKey
SSDT B8687A70 ZwSetValueKey

INT 0x73 ? 8AF88BF8
INT 0x73 ? 8AF88BF8
INT 0x73 ? 8AF88BF8
INT 0x73 ? 8AF88BF8
INT 0x73 ? 8AF88BF8
INT 0x73 ? 8AF88BF8
INT 0x73 ? 8AF88BF8
INT 0x94 ? 8AE19F00

---- Kernel code sections - GMER 1.0.15 ----

? sple.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB732C3A0, 0x5FE082, 0xE8000020]
.text USBPORT.SYS!DllUnload B72E48AC 5 Bytes JMP 8AE194E0
.text a8x1u6xi.SYS B721C384 1 Byte [20]
.text a8x1u6xi.SYS B721C384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a8x1u6xi.SYS B721C3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a8x1u6xi.SYS B721C3C4 3 Bytes [00, 00, 00]
.text a8x1u6xi.SYS B721C3C9 1 Byte [00]
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB345A300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83E8300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3748] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] sple.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] sple.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] sple.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] sple.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] sple.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] sple.sys
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\a8x1u6xi.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\internet explorer\iexplore.exe[3748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AF871F8
Device \FileSystem\Fastfat \FatCdrom 896AE500
Device \Driver\usbehci \Device\USBPDO-0 8AEBA500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AFFD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AFFD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AFFD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AFFD1F8
Device \Driver\usbehci \Device\USBPDO-1 8AEBA500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF891F8
Device \Driver\Cdrom \Device\CdRom0 8AE16478
Device \Driver\sptd \Device\2721696148 sple.sys
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-9 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-16 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8AE16478
Device \Driver\NetBT \Device\NetBt_Wins_Export 8ABD41F8
Device \Driver\PCI_PNP4898 \Device\0000004a sple.sys
Device \Driver\NetBT \Device\NetbiosSmb 8ABD41F8
Device \Driver\USBSTOR \Device\00000086 8A8D41F8
Device \Driver\USBSTOR \Device\00000088 8A8D41F8
Device \Driver\USBSTOR \Device\00000089 8A8D41F8
Device \Driver\usbehci \Device\USBFDO-0 8AEBA500
Device \Driver\usbehci \Device\USBFDO-1 8AEBA500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A914500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A914500
Device \Driver\Ftdisk \Device\FtControl 8AF891F8
Device \Driver\USBSTOR \Device\0000008b 8A8D41F8
Device \Driver\a8x1u6xi \Device\Scsi\a8x1u6xi1Port6Path0Target0Lun0 8AED41F8
Device \Driver\a8x1u6xi \Device\Scsi\a8x1u6xi1 8AED41F8
Device \FileSystem\Fastfat \Fat 896AE500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 895D7500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x78 0x8C 0x8A 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1E 0x70 0xEF 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6A 0x29 0xB9 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0x2C 0xE8 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x78 0x8C 0x8A 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1E 0x70 0xEF 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x10 0xAB 0xD7 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0x2C 0xE8 0xD9 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

III. MBRcheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000ed

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EB4000 sple.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6E000 ACPI.sys
0xB7E5D000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7E3E000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E18000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7E00000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB7DE0000 fltmgr.sys
0xB7DCE000 sr.sys
0xB7DB7000 KSecDD.sys
0xB7D2A000 Ntfs.sys
0xB7CFD000 NDIS.sys
0xB7CE3000 Mup.sys
0xB8138000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB732C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7318000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB72F0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB72CC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8148000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB8158000 \SystemRoot\System32\DRIVERS\serial.sys
0xB855C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB83B8000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB8168000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xB83C8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB83D0000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB8178000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8188000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB8198000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB7281000 \SystemRoot\System32\DRIVERS\ks.sys
0xB721C000 \SystemRoot\System32\Drivers\a8x1u6xi.SYS
0xB7CBF000 \SystemRoot\System32\DRIVERS\wmiacpi.sys
0xB8793000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB81A8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB7CB7000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB7205000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB81B8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB81C8000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB8440000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB71F4000 \SystemRoot\System32\DRIVERS\psched.sys
0xB81D8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB8450000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB8460000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB71C4000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xB81E8000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB85BE000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB70C6000 \SystemRoot\System32\DRIVERS\update.sys
0xB8558000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB81F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4EC7000 \SystemRoot\system32\drivers\nvhda32.sys
0xB4E7B000 \SystemRoot\system32\drivers\portcls.sys
0xB8208000 \SystemRoot\system32\drivers\drmk.sys
0xB8218000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85C8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB486F000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB84A0000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB85CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87F9000 \SystemRoot\System32\Drivers\Null.SYS
0xB85D2000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8350000 \SystemRoot\System32\drivers\vga.sys
0xB85D6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8398000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB70AE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB47EC000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB4793000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB476D000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB4745000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB8238000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB4723000 \SystemRoot\System32\drivers\afd.sys
0xB8248000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB8258000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB46F8000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB4688000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB8278000 \SystemRoot\System32\Drivers\Fips.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB485F000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8410000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8740000 \SystemRoot\System32\drivers\dxgthk.sys
0xB8448000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB8468000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xB82B8000 \SystemRoot\system32\drivers\usbaudio.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD62C000 \SystemRoot\System32\ATMFD.DLL
0xB8498000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB3752000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB356A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB349D000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB345A000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xB338A000 \SystemRoot\System32\DRIVERS\srv.sys
0xB3235000 \SystemRoot\system32\drivers\wdmaud.sys
0xB34EA000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7164000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB2DBE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB05D5000 \SystemRoot\system32\drivers\kmixer.sys
0xB05AF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB85C2000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB059A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB0329000 \??\C:\DOCUME~1\HUNTER~1\LOCALS~1\Temp\uftdipow.sys
0xB0297000 \SystemRoot\system32\DRIVERS\RTL8192su.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
500 C:\WINDOWS\system32\smss.exe
552 csrss.exe
752 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
976 C:\WINDOWS\system32\nvsvc32.exe
1000 C:\WINDOWS\system32\svchost.exe
1048 svchost.exe
1088 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1216 svchost.exe
1416 C:\WINDOWS\system32\spoolsv.exe
1532 svchost.exe
1612 C:\WINDOWS\system32\PnkBstrA.exe
1632 C:\WINDOWS\system32\PnkBstrB.exe
1672 C:\WINDOWS\system32\svchost.exe
2004 C:\WINDOWS\explorer.exe
460 C:\WINDOWS\RTHDCPL.EXE
404 C:\WINDOWS\system32\rundll32.exe
540 C:\WINDOWS\system32\ctfmon.exe
596 C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe
936 alg.exe
1040 C:\Program Files\Internet Explorer\iexplore.exe
3748 C:\Program Files\Internet Explorer\iexplore.exe
708 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
4068 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1328 C:\Program Files\Avira\AntiVir Desktop\sched.exe
4056 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3224 C:\WINDOWS\system32\vssvc.exe
2432 C:\WINDOWS\system32\dllhost.exe
2400 C:\WINDOWS\system32\dllhost.exe
2776 msdtc.exe
2108 C:\Program Files\Internet Explorer\iexplore.exe
164 C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\9KA3ATQO\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: INTELSSDSA2M080G2GC, Rev: 2CV102HD

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

IV. DDS log 1

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hunter Hutchins at 18:14:29 on 2011-05-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2403 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Hunter Hutchins\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8075
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rnx-n1~1.lnk - c:\program files\rnx-n180ube 11n usb wireless lan utility\RtWLan.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291624091953
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-31 61960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-11-30 100456]
R3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-3-17 594048]
S0 qswogii;qswogii; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-30 1691480]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 jatmlano;jatmlano;c:\docume~1\hunter~1\locals~1\temp\jatmlano.sys [2010-9-20 31744]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-15 39984]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\msi\msiwdev\msibios32_100507.sys [2010-5-10 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-12-7 167808]
.
=============== Created Last 30 ================
.
2011-06-01 00:55:16 -------- d-----w- c:\documents and settings\hunter hutchins\application data\Avira
2011-06-01 00:51:11 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 00:51:11 -------- d-----w- c:\program files\Avira
2011-06-01 00:51:11 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-05-27 23:57:09 -------- d-----w- c:\program files\Atari
2011-05-26 18:04:44 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-26 18:04:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-26 18:04:43 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-26 18:04:43 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-05-26 16:54:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-26 16:54:30 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-26 00:51:00 -------- d-----w- c:\program files\Unlocker
2011-05-25 15:49:39 -------- d-----w- c:\program files\NirSoft
2011-05-25 15:43:55 -------- d-----w- c:\program files\nLite
2011-05-15 12:46:59 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2011-05-15 12:46:59 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2011-05-15 12:46:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-05-15 12:46:59 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2011-05-15 12:46:59 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2011-05-15 12:46:59 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2011-05-15 12:46:59 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2011-05-07 02:21:12 -------- d-----w- c:\documents and settings\hunter hutchins\application data\Mount&Blade
2011-05-07 02:20:47 -------- d-----w- c:\program files\Mount&Blade
.
==================== Find3M ====================
.
2011-05-30 20:43:42 202008 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-11 07:30:17 252320 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-11 07:30:17 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-11 07:30:10 252320 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-07 05:27:15 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-04 03:57:50 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-17 20:40:12 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-03-17 20:40:09 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:14:35.38 ===============

V. DDS log 2 (attach.txt)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2010 10:45:35 AM
System Uptime: 5/31/2011 11:21:52 AM (7 hours ago)
.
Motherboard: MSI | | P55M-GD45 (MS-7588)
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | CPU1 | 2673/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 12.361 GiB free.
D: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75881462&REV_03\4&19816FAC&0&00E5
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75881462&REV_03\4&19816FAC&0&00E5
Service: RTLE8023xp
.
==== System Restore Points ===================
.
RP176: 5/25/2011 7:49:12 PM - System Checkpoint
RP177: 5/26/2011 9:54:16 AM - Restore Operation
RP178: 5/27/2011 7:06:21 AM - Removed Dreamfall
RP179: 5/28/2011 8:34:59 PM - System Checkpoint
RP180: 5/29/2011 10:47:17 PM - System Checkpoint
RP181: 5/30/2011 10:57:07 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
CamStudio
CrystalDiskMark 3.0.0j
Fahrenheit version 1.1
Foxit Reader
Fraps (remove only)
Hidden & Dangerous 2
Hidden & Dangerous 2 Patch
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ImagXpress
Intel® Solid-State Drive Toolbox
Malwarebytes' Anti-Malware version 1.51.0.1200
Max Payne
Max Payne 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mount&Blade
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
neroxml
NETGEAR WG111v2 wireless USB 2.0 adapter
No One Lives Forever 2
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Psychonauts
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Return to Castle Wolfenstein - Platinum Edition
RNX-N180UBE 11n USB Wireless LAN Driver and Utility
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
System Requirements Lab
System Requirements Lab for Intel
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.9
WebFldrs XP
Windows Internet Explorer 8
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/31/2011 5:54:51 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library 1G USB2.0FlashDrive USB Device.
5/27/2011 4:29:58 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001AEF17CE08 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/26/2011 8:34:22 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

Help!

broni · 2011/05/31

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

Your computer IS infected.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

====================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

broni · 2011/06/06

Reopened.

Hunter · 2011/06/06

ASWMBR:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-06 12:10:56
-----------------------------
12:10:56.203 OS Version: Windows 5.1.2600 Service Pack 3
12:10:56.203 Number of processors: 4 586 0x1E05
12:10:56.203 ComputerName: HUNTER UserName:
12:10:56.625 Initialize success
12:11:21.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-9
12:11:21.015 Disk 0 Vendor: INTEL_SSDSA2M080G2GC 2CV102HD Size: 76319MB BusType: 3
12:11:21.015 Disk 0 MBR read error 0
12:11:21.015 Disk 0 MBR scan
12:11:21.015 Disk 0 unknown MBR code
12:11:21.015 MBR BIOS signature not found 0
12:11:21.015 Disk 0 scanning sectors +156280320
12:11:21.015 Disk 0 scanning C:\WINDOWS\system32\drivers
12:11:22.265 Service scanning
12:11:22.906 Disk 0 trace - called modules:
12:11:22.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsn.sys >>UNKNOWN [0x8afa8938]<<
12:11:22.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aec5ab8]
12:11:22.906 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8af329e8]
12:11:22.906 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-9[0x8af42d98]
12:11:22.906 Scan finished successfully
12:11:47.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hunter Hutchins\Desktop\MBR.dat "
12:11:47.125 The log file has been saved successfully to "C:\Documents and Settings\Hunter Hutchins\Desktop\aswMBR.txt "

UNHOOKER:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xB732C000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9891840 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6397952 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 266.58 )
0xB486F000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6340608 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7EB4000 PCI_PNP7020 995328 bytes
0xB7EB4000 spsn.sys 995328 bytes
0xB7EB4000 sptd 995328 bytes
0xB44DB000 C:\WINDOWS\system32\DRIVERS\RTL8192su.sys 598016 bytes (Realtek Semiconductor Corporation , Realtek RTL8192S USB NDIS Driver)
0xB7D2A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB4688000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB721C000 C:\WINDOWS\System32\Drivers\apb88der.SYS 413696 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB70C6000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB4793000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB30E4000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD62C000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB33BA000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xB2CE3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB71C4000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB343A000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7CFD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB040F000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB46F8000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB72F0000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB4745000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB4662000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xB7E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB476D000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB348F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB4E7B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB72CC000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB7281000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB4723000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7DE0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7CE3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7E00000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7DB7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7205000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB4EC7000 C:\WINDOWS\system32\drivers\nvhda32.sys 94208 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0xB3783000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB33FD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7318000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB47EC000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7DCE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7E5D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB71F4000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB458D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8188000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8148000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB8158000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB8248000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB8208000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8198000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB3543000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8218000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80B8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB8108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8168000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB81A8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB81C8000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB36BB000 C:\DOCUME~1\HUNTER~1\LOCALS~1\Temp\aswMBR.sys 45056 bytes
0xB8278000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8178000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB81B8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB81F8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB81E8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB1D46000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB8138000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB81D8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8258000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8238000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB83B0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB83A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB83B8000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB8328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8448000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB83C8000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB83D0000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB83E8000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xB8350000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8498000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xB84A0000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB8438000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xB8398000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8450000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8460000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB8440000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8410000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8558000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB37A4000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB855C000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB485F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7CB7000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB70AE000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB7CBF000 C:\WINDOWS\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB85E2000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xB85D2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB85CE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB85D6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB85DA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85BE000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85C8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB876F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8722000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB87D4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AFFB1F8 unknown_irp_handler 3592 bytes
0x8AE4B1F8 unknown_irp_handler 3592 bytes
0x8AF881F8 unknown_irp_handler 3592 bytes
0x8A8E11F8 unknown_irp_handler 3592 bytes
0x8AFFD1F8 unknown_irp_handler 3592 bytes
0x8ABB91F8 unknown_irp_handler 3592 bytes
0x8AE621F8 unknown_irp_handler 3592 bytes
0x8A90B1F8 unknown_irp_handler 3592 bytes
0x896A7500 unknown_irp_handler 2816 bytes
0x8AE43500 unknown_irp_handler 2816 bytes
0x896AF500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

broni · 2011/06/06

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Hunter · 2011/06/07

TDSSkiller:

2011/06/07 19:36:20.0853 1184 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/07 19:36:21.0541 1184 ================================================================================
2011/06/07 19:36:21.0541 1184 SystemInfo:
2011/06/07 19:36:21.0541 1184
2011/06/07 19:36:21.0541 1184 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/07 19:36:21.0541 1184 Product type: Workstation
2011/06/07 19:36:21.0541 1184 ComputerName: HUNTER
2011/06/07 19:36:21.0541 1184 UserName: Hunter Hutchins
2011/06/07 19:36:21.0541 1184 Windows directory: C:\WINDOWS
2011/06/07 19:36:21.0541 1184 System windows directory: C:\WINDOWS
2011/06/07 19:36:21.0541 1184 Processor architecture: Intel x86
2011/06/07 19:36:21.0541 1184 Number of processors: 4
2011/06/07 19:36:21.0541 1184 Page size: 0x1000
2011/06/07 19:36:21.0541 1184 Boot type: Normal boot
2011/06/07 19:36:21.0541 1184 ================================================================================
2011/06/07 19:36:21.0775 1184 Initialize success
2011/06/07 19:36:22.0541 0916 ================================================================================
2011/06/07 19:36:22.0541 0916 Scan started
2011/06/07 19:36:22.0541 0916 Mode: Manual;
2011/06/07 19:36:22.0541 0916 ================================================================================
2011/06/07 19:36:22.0900 0916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/07 19:36:22.0931 0916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/07 19:36:23.0025 0916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/07 19:36:23.0072 0916 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/07 19:36:23.0103 0916 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/07 19:36:23.0322 0916 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/06/07 19:36:23.0416 0916 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/07 19:36:23.0572 0916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/07 19:36:23.0619 0916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/07 19:36:23.0697 0916 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/06/07 19:36:23.0744 0916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/07 19:36:23.0775 0916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/07 19:36:23.0791 0916 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/07 19:36:23.0838 0916 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/07 19:36:23.0884 0916 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/07 19:36:23.0916 0916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/07 19:36:23.0963 0916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/07 19:36:24.0056 0916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/07 19:36:24.0088 0916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/07 19:36:24.0134 0916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/07 19:36:24.0275 0916 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/06/07 19:36:24.0400 0916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/07 19:36:24.0447 0916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/07 19:36:24.0494 0916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/07 19:36:24.0525 0916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/07 19:36:24.0572 0916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/07 19:36:24.0666 0916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/07 19:36:24.0713 0916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/07 19:36:24.0744 0916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/07 19:36:24.0791 0916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/07 19:36:24.0838 0916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/07 19:36:24.0884 0916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/07 19:36:24.0916 0916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/07 19:36:24.0947 0916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/07 19:36:24.0994 0916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/07 19:36:25.0041 0916 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/06/07 19:36:25.0088 0916 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/07 19:36:25.0213 0916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/07 19:36:25.0338 0916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/07 19:36:25.0369 0916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/07 19:36:25.0525 0916 IntcAzAudAddService (988a112c4061f309ce9c1abfc971d001) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/07 19:36:25.0619 0916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/07 19:36:25.0666 0916 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/07 19:36:25.0713 0916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/07 19:36:25.0744 0916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/07 19:36:25.0791 0916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/07 19:36:25.0838 0916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/07 19:36:25.0869 0916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/07 19:36:25.0916 0916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/07 19:36:25.0916 0916 jatmlano (03bff1de5b708e92a1926ba4a33595d0) C:\DOCUME~1\HUNTER~1\LOCALS~1\Temp\jatmlano.sys
2011/06/07 19:36:25.0963 0916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/07 19:36:26.0009 0916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/07 19:36:26.0056 0916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/07 19:36:26.0134 0916 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/06/07 19:36:26.0166 0916 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/07 19:36:26.0213 0916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/07 19:36:26.0259 0916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/07 19:36:26.0322 0916 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/06/07 19:36:26.0353 0916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/07 19:36:26.0400 0916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/07 19:36:26.0494 0916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/07 19:36:26.0525 0916 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/07 19:36:26.0572 0916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/07 19:36:26.0572 0916 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
2011/06/07 19:36:26.0588 0916 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
2011/06/07 19:36:26.0603 0916 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
2011/06/07 19:36:26.0650 0916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/07 19:36:26.0697 0916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/07 19:36:26.0759 0916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/07 19:36:26.0806 0916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/07 19:36:26.0853 0916 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/07 19:36:26.0884 0916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/07 19:36:26.0931 0916 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/07 19:36:26.0963 0916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/07 19:36:27.0009 0916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/07 19:36:27.0056 0916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/07 19:36:27.0103 0916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/07 19:36:27.0134 0916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/07 19:36:27.0197 0916 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/07 19:36:27.0244 0916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/07 19:36:27.0291 0916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/07 19:36:27.0322 0916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/07 19:36:27.0478 0916 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/07 19:36:27.0556 0916 NVHDA (50acb7253d1104e5917e15a0670d63d5) C:\WINDOWS\system32\drivers\nvhda32.sys
2011/06/07 19:36:27.0603 0916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/07 19:36:27.0634 0916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/07 19:36:27.0666 0916 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/07 19:36:27.0713 0916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/07 19:36:27.0759 0916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/07 19:36:27.0806 0916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/07 19:36:27.0838 0916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/07 19:36:27.0900 0916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/07 19:36:27.0947 0916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/07 19:36:28.0259 0916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/07 19:36:28.0291 0916 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/07 19:36:28.0338 0916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/07 19:36:28.0384 0916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/07 19:36:28.0650 0916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/07 19:36:28.0681 0916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/07 19:36:28.0728 0916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/07 19:36:28.0775 0916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/07 19:36:28.0822 0916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/07 19:36:28.0853 0916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/07 19:36:28.0900 0916 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/07 19:36:28.0947 0916 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/07 19:36:28.0994 0916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/07 19:36:29.0041 0916 RTL8192su (b29eeb1ea7971bd83069eb2e2258d224) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
2011/06/07 19:36:29.0088 0916 RTLE8023xp (e511d68f1ba6170a7178b7c4267c26cb) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/07 19:36:29.0119 0916 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
2011/06/07 19:36:29.0181 0916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/07 19:36:29.0228 0916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/07 19:36:29.0259 0916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/07 19:36:29.0306 0916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/07 19:36:29.0431 0916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/07 19:36:29.0478 0916 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/07 19:36:29.0478 0916 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/07 19:36:29.0478 0916 sptd - detected LockedFile.Multi.Generic (1)
2011/06/07 19:36:29.0525 0916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/07 19:36:29.0572 0916 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/07 19:36:29.0619 0916 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/07 19:36:29.0650 0916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/07 19:36:29.0681 0916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/07 19:36:29.0884 0916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/07 19:36:29.0947 0916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/07 19:36:29.0994 0916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/07 19:36:30.0025 0916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/07 19:36:30.0072 0916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/07 19:36:30.0166 0916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/07 19:36:30.0213 0916 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/06/07 19:36:30.0244 0916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/07 19:36:30.0291 0916 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/07 19:36:30.0338 0916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/07 19:36:30.0384 0916 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/07 19:36:30.0431 0916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/07 19:36:30.0463 0916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/07 19:36:30.0494 0916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/07 19:36:30.0541 0916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/07 19:36:30.0619 0916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/07 19:36:30.0666 0916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/07 19:36:30.0744 0916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/07 19:36:30.0822 0916 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/07 19:36:30.0853 0916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/07 19:36:30.0916 0916 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR12
2011/06/07 19:36:30.0916 0916 ================================================================================
2011/06/07 19:36:30.0916 0916 Scan finished
2011/06/07 19:36:30.0916 0916 ================================================================================
2011/06/07 19:36:30.0931 3816 Detected object count: 1
2011/06/07 19:36:30.0931 3816 Actual detected object count: 1
2011/06/07 19:36:32.0338 3816 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/07 19:36:34.0775 2716 Deinitialize success

broni · 2011/06/07

Looks good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Hunter · 2011/06/07

COMBOFIX:

ComboFix 11-06-06.07 - Hunter Hutchins 06/07/2011 20:07:50.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2368 [GMT -7:00]
Running from: c:\documents and settings\Hunter Hutchins\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Hunter Hutchins\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2011-06-06 16:46 . 2011-06-06 16:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 23:26 . 2011-06-02 23:26 -------- d-----w- c:\program files\LucasArts
2011-06-02 23:25 . 1997-01-18 17:40 299520 ----a-w- c:\windows\uninst.exe
2011-06-02 03:03 . 2011-06-02 03:03 -------- d-----w- c:\documents and settings\Hunter Hutchins\Application Data\ScummVM
2011-06-02 03:03 . 2011-06-02 10:13 -------- d-----w- c:\program files\ScummVM
2011-06-01 00:55 . 2011-06-01 00:55 -------- d-----w- c:\documents and settings\Hunter Hutchins\Application Data\Avira
2011-06-01 00:51 . 2011-06-01 00:51 -------- d-----w- c:\program files\Avira
2011-06-01 00:51 . 2011-06-01 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-01 00:51 . 2011-04-02 00:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 00:51 . 2011-04-02 00:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-01 00:51 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-01 00:51 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-27 23:57 . 2011-05-27 23:57 -------- d-----w- c:\program files\Atari
2011-05-26 18:04 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-26 18:04 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-26 18:04 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-26 18:04 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-05-26 16:54 . 2011-05-26 16:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-26 00:51 . 2011-05-26 00:51 -------- d-----w- c:\program files\Unlocker
2011-05-25 15:49 . 2011-05-26 00:14 -------- d-----w- c:\program files\NirSoft
2011-05-25 15:43 . 2011-05-26 00:14 -------- d-----w- c:\program files\nLite
2011-05-15 12:46 . 2011-05-15 12:46 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-05-15 12:46 . 2011-05-15 12:46 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-05-15 12:46 . 2004-10-22 09:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-05-15 12:46 . 2004-10-22 09:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-05-15 12:46 . 2004-10-22 09:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-05-15 12:46 . 2004-10-22 09:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-05-15 12:46 . 2004-10-22 09:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 20:43 . 2011-01-24 07:46 202008 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-29 16:11 . 2011-01-15 07:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2011-01-15 07:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 05:27 . 2010-12-09 06:03 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-04 03:57 . 2011-01-24 07:47 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-17 20:40 . 2010-12-01 09:34 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-03-17 20:40 . 2011-03-17 20:38 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount "= "c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-12-08 4608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL "= "RTHDCPL.EXE" [2010-07-07 19556968]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RNX-N180UBE 11n USB Wireless LAN Utility.lnk - c:\program files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe [2011-3-17 966656]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 14:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 14:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-08 03:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-08 03:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe "=
"c:\\Program Files\\Return to Castle Wolfenstein - Platinum Edition\\WolfMP.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe "=
"c:\\Program Files\\RNX-N180UBE 11n USB Wireless LAN Utility\\RtWLan.exe "=
"c:\\WINDOWS\\system32\\dpnsvr.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP "= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP "= 1542:UDP:Realtek WPS UDP Prot
"53:UDP "= 53:UDP:Realtek AP UDP Prot
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/8/2010 2:11 AM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/31/2011 5:51 PM 136360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/30/2010 2:14 AM 100456]
R3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [3/17/2011 1:37 PM 594048]
S0 qswogii;qswogii; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/30/2010 3:52 AM 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336]
S3 jatmlano;jatmlano;\??\c:\docume~1\HUNTER~1\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\HUNTER~1\LOCALS~1\Temp\jatmlano.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/15/2011 12:10 AM 39984]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [5/10/2010 11:44 AM 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 11:44 AM 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [5/10/2010 11:44 AM 16696]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/7/2010 5:20 AM 167808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 35124319
*NewlyCreated* - 82334295
*NewlyCreated* - ASWMBR
*NewlyCreated* - BLACKBOX
*Deregistered* - 35124319
*Deregistered* - 82334295
*Deregistered* - aswMBR
*Deregistered* - BlackBox
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8075
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,f9,f4,80,4e,3b,87,4a,b5,bc,08,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,f9,f4,80,4e,3b,87,4a,b5,bc,08,\
.
Completion time: 2011-06-07 20:10:21
ComboFix-quarantined-files.txt 2011-06-08 03:10
.
Pre-Run: 8,383,836,160 bytes free
Post-Run: 8,891,379,712 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /bootlog
.
.
- - End Of File - - 047FC6E3E3CCC86AF377CC6192D4339C

broni · 2011/06/08

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\docume~1\HUNTER~1\LOCALS~1\Temp\jatmlano.sys


DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8075
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi


Driver::
qswogii
jatmlano


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=dword:00000000
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Hunter · 2011/06/08

COMBOFIX:

ComboFix 11-06-08.03 - Hunter Hutchins 06/08/2011 20:01:23.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2482 [GMT -7:00]
Running from: c:\documents and settings\Hunter Hutchins\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hunter Hutchins\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\docume~1\HUNTER~1\LOCALS~1\Temp\jatmlano.sys "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JATMLANO
-------\Legacy_QSWOGII
-------\Service_jatmlano
-------\Service_qswogii
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-06 16:46 . 2011-06-06 16:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 23:26 . 2011-06-02 23:26 -------- d-----w- c:\program files\LucasArts
2011-06-02 23:25 . 1997-01-18 17:40 299520 ----a-w- c:\windows\uninst.exe
2011-06-02 03:03 . 2011-06-02 03:03 -------- d-----w- c:\documents and settings\Hunter Hutchins\Application Data\ScummVM
2011-06-02 03:03 . 2011-06-02 10:13 -------- d-----w- c:\program files\ScummVM
2011-06-01 00:55 . 2011-06-01 00:55 -------- d-----w- c:\documents and settings\Hunter Hutchins\Application Data\Avira
2011-06-01 00:51 . 2011-06-01 00:51 -------- d-----w- c:\program files\Avira
2011-06-01 00:51 . 2011-06-01 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-01 00:51 . 2011-04-02 00:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 00:51 . 2011-04-02 00:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-01 00:51 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-01 00:51 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-27 23:57 . 2011-05-27 23:57 -------- d-----w- c:\program files\Atari
2011-05-26 18:04 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-26 18:04 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-26 18:04 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-26 18:04 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-05-26 16:54 . 2011-05-26 16:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-26 00:51 . 2011-05-26 00:51 -------- d-----w- c:\program files\Unlocker
2011-05-25 15:49 . 2011-05-26 00:14 -------- d-----w- c:\program files\NirSoft
2011-05-25 15:43 . 2011-05-26 00:14 -------- d-----w- c:\program files\nLite
2011-05-15 12:46 . 2011-05-15 12:46 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-05-15 12:46 . 2011-05-15 12:46 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-05-15 12:46 . 2004-10-22 09:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-05-15 12:46 . 2004-10-22 09:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-05-15 12:46 . 2004-10-22 09:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-05-15 12:46 . 2004-10-22 09:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-05-15 12:46 . 2004-10-22 09:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 20:43 . 2011-01-24 07:46 202008 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-29 16:11 . 2011-01-15 07:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2011-01-15 07:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 05:27 . 2010-12-09 06:03 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-04 03:57 . 2011-01-24 07:47 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-17 20:40 . 2010-12-01 09:34 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-03-17 20:40 . 2011-03-17 20:38 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-08_03.09.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2011-06-06 16:48 66700 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-06-08 21:27 66700 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-06-08 21:27 430896 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-06-06 16:48 430896 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount "= "c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-12-08 4608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL "= "RTHDCPL.EXE" [2010-07-07 19556968]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RNX-N180UBE 11n USB Wireless LAN Utility.lnk - c:\program files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe [2011-3-17 966656]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 14:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 14:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-08 03:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-08 03:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe "=
"c:\\Program Files\\Return to Castle Wolfenstein - Platinum Edition\\WolfMP.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe "=
"c:\\Program Files\\RNX-N180UBE 11n USB Wireless LAN Utility\\RtWLan.exe "=
"c:\\WINDOWS\\system32\\dpnsvr.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP "= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP "= 1542:UDP:Realtek WPS UDP Prot
"53:UDP "= 53:UDP:Realtek AP UDP Prot
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/8/2010 2:11 AM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/31/2011 5:51 PM 136360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/30/2010 2:14 AM 100456]
R3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [3/17/2011 1:37 PM 594048]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/30/2010 3:52 AM 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/15/2011 12:10 AM 39984]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [5/10/2010 11:44 AM 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 11:44 AM 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [5/10/2010 11:44 AM 16696]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/7/2010 5:20 AM 167808]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,f9,f4,80,4e,3b,87,4a,b5,bc,08,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,f9,f4,80,4e,3b,87,4a,b5,bc,08,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2244)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2011-06-08 20:04:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-09 03:04
.
Pre-Run: 8,077,103,104 bytes free
Post-Run: 8,079,667,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B1B364A435F27AE4D211EB289BD5D0F1

broni · 2011/06/08

Looks good now

I want you to try to empty your Recycle Bin now and let me know what happens.

Then...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Hunter · 2011/06/08

Emptying recycle bin:

http://pictureposter.allbrand.nu/pictures/hwh/dc55.JPG

OTL:

OTL logfile created on: 6/8/2011 9:01:54 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Hunter Hutchins\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 81.78% Memory free
2.83 Gb Paging File | 2.45 Gb Available in Paging File | 86.53% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.75 Gb Free Space | 11.75% Space Free | Partition Type: NTFS
Drive D: | 632.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HUNTER | User Name: Hunter Hutchins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/08 21:01:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hunter Hutchins\Desktop\OTL.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/12/09 22:11:00 | 000,966,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/06/08 21:01:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hunter Hutchins\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/01/04 19:41:13 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/01/04 19:41:13 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/09 04:48:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/30 01:12:11 | 000,167,808 | R--- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2010/11/12 14:40:00 | 000,273,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/11/11 16:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/07/06 19:26:54 | 006,088,296 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 11:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010/05/10 11:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010/05/10 11:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/13 00:05:04 | 000,594,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2005/01/07 18:07:00 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-790525478-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?complete=0&hl=en
IE - HKU\S-1-5-21-790525478-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-790525478-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 2C EF 00 76 90 CB 01 [binary data]
IE - HKU\S-1-5-21-790525478-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/webhp?complete=0&hl=en
IE - HKU\S-1-5-21-790525478-651377827-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/06/08 20:04:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-790525478-651377827-839522115-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RNX-N180UBE 11n USB Wireless LAN Utility.lnk = C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-651377827-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-651377827-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-790525478-651377827-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-790525478-651377827-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-651377827-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-651377827-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1291624091953 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hunter Hutchins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hunter Hutchins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/30 11:40:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/10/14 02:26:56 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1998/10/14 02:26:56 | 000,083,968 | R--- | M] () - D:\AUTOSTUB.EXE -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 21:01:04 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hunter Hutchins\Desktop\OTL.exe
[2011/06/08 20:04:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/08 20:01:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/08 20:00:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/07 20:06:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/07 20:05:19 | 004,116,281 | R--- | C] (Swearware) -- C:\Documents and Settings\Hunter Hutchins\Desktop\ComboFix.exe
[2011/06/07 19:34:18 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hunter Hutchins\Desktop\TDSSKiller.exe
[2011/06/06 12:10:42 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Hunter Hutchins\Desktop\aswMBR.exe
[2011/06/05 20:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Desktop\Armed.And.Dangerous.PC.Game(djDEVASTATEâ„¢)
[2011/06/02 16:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LucasArts
[2011/06/02 16:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2011/06/02 16:25:42 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/06/02 16:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Desktop\Grim Fandango
[2011/06/01 20:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Application Data\ScummVM
[2011/06/01 20:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScummVM
[2011/06/01 20:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2011/06/01 19:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Desktop\Full Throttle
[2011/06/01 19:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Desktop\Video processing
[2011/06/01 18:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Desktop\Video archive
[2011/05/31 18:11:47 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Hunter Hutchins\Desktop\dds.scr
[2011/05/31 17:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Application Data\Avira
[2011/05/31 17:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/31 17:51:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/31 17:51:11 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/31 17:51:11 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/31 17:51:11 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/31 17:51:11 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/31 17:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/31 17:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/27 17:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\My Documents\atari
[2011/05/27 16:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fahrenheit
[2011/05/27 16:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[2011/05/27 16:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Desktop\FAHRENHEIT.v1.1.Repack-TURION
[2011/05/25 17:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/05/25 17:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hunter Hutchins\Start Menu\Programs\Unlocker
[2011/05/25 08:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/05/25 08:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/05/15 05:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Double Fine Productions
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/08 21:01:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hunter Hutchins\Desktop\OTL.exe
[2011/06/08 20:08:15 | 000,430,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/08 20:08:15 | 000,066,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/08 20:04:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 20:04:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 20:01:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/08 19:59:54 | 004,116,281 | R--- | M] (Swearware) -- C:\Documents and Settings\Hunter Hutchins\Desktop\ComboFix.exe
[2011/06/08 02:22:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 23:00:57 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/06/07 18:10:28 | 000,252,320 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/07 18:10:28 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/07 18:10:24 | 000,252,320 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hunter Hutchins\Desktop\TDSSKiller.exe
[2011/06/07 14:04:30 | 271,806,974 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\[AHQ] Fullmetal Alchemist - 42 - His Name is Unknown.mkv
[2011/06/06 12:12:20 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\RKUnhookerLE.EXE
[2011/06/06 12:11:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\MBR.dat
[2011/06/06 12:10:49 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Hunter Hutchins\Desktop\aswMBR.exe
[2011/06/05 20:22:24 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/04 22:00:57 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Run Hidden & Dangerous 2.lnk
[2011/05/31 20:07:49 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intel SSD Toolbox.lnk
[2011/05/31 18:11:50 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Hunter Hutchins\Desktop\dds.scr
[2011/05/31 18:05:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\x9nnlkmn.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 21:45:46 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Application Data\Microsoft\Internet Explorer\Quick Launch\BLACK USB (E).lnk
[2011/05/15 05:51:44 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Psychonauts.lnk
[2011/05/12 01:07:09 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\M&B Battle Sizer.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/08 18:05:18 | 271,806,974 | ---- | C] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\[AHQ] Fullmetal Alchemist - 42 - His Name is Unknown.mkv
[2011/06/07 20:07:28 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/06/06 12:12:19 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\RKUnhookerLE.EXE
[2011/06/06 12:11:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\MBR.dat
[2011/05/31 18:05:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\x9nnlkmn.exe
[2011/05/26 10:17:11 | 211,402,752 | ---- | C] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\Sprechen Wir Deutsch.iso
[2011/05/15 05:47:13 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Psychonauts.lnk
[2011/05/12 01:07:09 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\M&B Battle Sizer.lnk
[2011/03/17 13:38:33 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/03/17 13:37:48 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/01/28 14:34:16 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/01/27 21:12:55 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2011/01/27 21:12:55 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2011/01/24 00:47:00 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/01/24 00:46:48 | 000,202,008 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/01/24 00:46:41 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/01/23 23:46:10 | 000,000,848 | ---- | C] () -- C:\WINDOWS\Rtcwplat.INI
[2011/01/15 18:01:11 | 000,252,320 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/15 18:01:10 | 000,252,320 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/15 18:01:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/15 18:01:01 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/15 00:21:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/15 00:21:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/15 00:21:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/15 00:21:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/15 00:21:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/15 00:02:38 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tgolitamewiga.dat
[2011/01/15 00:02:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kfojucenafi.bin
[2011/01/15 00:02:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/04 19:41:13 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/01/04 19:41:13 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/09 05:09:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/12/02 03:28:59 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Hunter Hutchins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/30 11:58:54 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/11/30 11:45:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 11:39:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/30 03:34:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/30 03:34:19 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,430,896 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,066,700 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/22 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/22 21:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/12/09 04:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/11/30 12:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/01/14 13:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/09 04:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hunter Hutchins\Application Data\DAEMON Tools Lite
[2010/12/01 06:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hunter Hutchins\Application Data\ElevatedDiagnostics
[2011/04/16 16:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hunter Hutchins\Application Data\Foxit Software
[2011/05/12 01:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hunter Hutchins\Application Data\Mount&Blade
[2011/06/01 20:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hunter Hutchins\Application Data\ScummVM

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/30 11:40:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/26 09:51:36 | 000,000,360 | ---- | M] () -- C:\blitzblank.log
[2011/06/07 23:00:57 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/06/08 20:01:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/08 20:04:52 | 000,011,605 | ---- | M] () -- C:\ComboFix.txt
[2010/11/30 11:40:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/30 11:40:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/30 11:40:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/30 13:26:05 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/12/06 12:27:22 | 000,250,048 | RHS- | M] () -- C:\ntldr

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/11/30 11:40:37 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/11/30 03:33:25 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/11/30 03:33:25 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/11/30 03:33:25 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/12/06 12:28:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/30 13:29:44 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Hunter Hutchins\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/11/30 11:48:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/06/06 12:10:49 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Hunter Hutchins\Desktop\aswMBR.exe
[2011/01/16 15:11:20 | 002,228,534 | ---- | M] ( ) -- C:\Documents and Settings\Hunter Hutchins\Desktop\audacity-win-1.2.6.exe
[2011/06/08 19:59:54 | 004,116,281 | R--- | M] (Swearware) -- C:\Documents and Settings\Hunter Hutchins\Desktop\ComboFix.exe
[2011/06/08 21:01:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hunter Hutchins\Desktop\OTL.exe
[2005/08/04 21:59:00 | 009,482,069 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Hunter Hutchins\Desktop\Psychonauts-v103-english-comprehensive.exe
[2005/09/28 18:03:00 | 010,754,246 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Hunter Hutchins\Desktop\Psychonauts-v104-comprehensive.exe
[2011/06/06 12:12:20 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\RKUnhookerLE.EXE
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hunter Hutchins\Desktop\TDSSKiller.exe
[2011/05/31 18:05:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Desktop\x9nnlkmn.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/30 13:29:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Hunter Hutchins\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/06/08 21:01:01 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\Hunter Hutchins\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 17:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 16:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/17 12:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 07:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 14:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 07:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 22:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004/07/17 12:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 12:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 12:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 14:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 12:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

EXTRAS:

OTL Extras logfile created on: 6/8/2011 9:01:54 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Hunter Hutchins\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 81.78% Memory free
2.83 Gb Paging File | 2.45 Gb Available in Paging File | 86.53% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.75 Gb Free Space | 11.75% Space Free | Partition Type: NTFS
Drive D: | 632.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HUNTER | User Name: Hunter Hutchins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Return to Castle Wolfenstein - Platinum Edition\WolfMP.exe" = C:\Program Files\Return to Castle Wolfenstein - Platinum Edition\WolfMP.exe:*:Enabled:WolfMP -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe" = C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2 -- ()
"C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{401AB74C-74DA-463B-B67A-01F972DD0BBA}" = Intel® Solid-State Drive Toolbox
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{823D38F0-0885-484C-9D11-318D8FF0209F}_is1" = Fahrenheit version 1.1
"{83437081-8186-4F63-BD39-4BE8A691E055}" = Hidden & Dangerous 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = RNX-N180UBE 11n USB Wireless LAN Driver and Utility
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.0j
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Hidden & Dangerous 2 Patch" = Hidden & Dangerous 2 Patch
"ie8" = Windows Internet Explorer 8
"InstallShield_{83437081-8186-4F63-BD39-4BE8A691E055}" = Hidden & Dangerous 2
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PowerShell" = Windows PowerShell(TM) 1.0
"Return to Castle Wolfenstein - Platinum Edition" = Return to Castle Wolfenstein - Platinum Edition
"ScummVM_is1" = ScummVM Git
"SystemRequirementsLab" = System Requirements Lab
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/25/2011 4:15:16 AM | Computer Name = HUNTER | Source = Application Error | ID = 1000
Description = Faulting application hd2.exe, version 0.0.0.0, faulting module hd2.exe,
version 0.0.0.0, fault address 0x00264078.

Error - 4/25/2011 4:15:19 AM | Computer Name = HUNTER | Source = Application Error | ID = 1001
Description = Fault bucket 146088986.

Error - 4/25/2011 5:32:02 AM | Computer Name = HUNTER | Source = Application Error | ID = 1000
Description = Faulting application hd2.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x312adfc2.

Error - 4/25/2011 5:32:05 AM | Computer Name = HUNTER | Source = Application Error | ID = 1001
Description = Fault bucket -1879918413.

Error - 4/27/2011 4:15:48 AM | Computer Name = HUNTER | Source = Application Error | ID = 1000
Description = Faulting application hd2.exe, version 0.0.0.0, faulting module hd2.exe,
version 0.0.0.0, fault address 0x002640d9.

Error - 4/27/2011 4:15:50 AM | Computer Name = HUNTER | Source = Application Error | ID = 1001
Description = Fault bucket 155504485.

Error - 4/28/2011 6:22:32 PM | Computer Name = HUNTER | Source = Application Error | ID = 1000
Description = Faulting application hd2.exe, version 0.0.0.0, faulting module hd2.exe,
version 0.0.0.0, fault address 0x0038a79d.

Error - 4/28/2011 6:22:34 PM | Computer Name = HUNTER | Source = Application Error | ID = 1001
Description = Fault bucket 155088369.

Error - 4/29/2011 8:00:59 AM | Computer Name = HUNTER | Source = Application Hang | ID = 1002
Description = Hanging application hd2.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2011 8:01:01 AM | Computer Name = HUNTER | Source = Application Hang | ID = 1001
Description = Fault bucket 67793525.

[ System Events ]
Error - 6/2/2011 2:08:16 PM | Computer Name = HUNTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/2/2011 5:34:16 PM | Computer Name = HUNTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001AEF17CE08 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/3/2011 1:02:58 PM | Computer Name = HUNTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/5/2011 2:29:38 PM | Computer Name = HUNTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/6/2011 12:44:23 PM | Computer Name = HUNTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/7/2011 11:09:51 PM | Computer Name = HUNTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
without first being prepared for removal.

Error - 6/8/2011 5:22:26 AM | Computer Name = HUNTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/8/2011 5:23:33 PM | Computer Name = HUNTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 6/8/2011 11:02:44 PM | Computer Name = HUNTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_QSWOGII\0000 disappeared from the system without
first being prepared for removal.

Error - 6/8/2011 11:04:14 PM | Computer Name = HUNTER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

< End of report >

broni · 2011/06/08

In the following OTL fix I'm including Recycle Bin removal.
It should be recreated on reboot.
Let me know, if it's empty after reboot.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF


:Files
%SystemDrive%\RECYCLER 

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
======================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Hunter · 2011/06/10

It's fixed it's fixed it's fixed
That recycle bin was giving me OCD!

OTL 2:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\002232_.tmp deleted successfully.
C:\WINDOWS\003241_.tmp deleted successfully.
C:\WINDOWS\005340_.tmp deleted successfully.
C:\WINDOWS\DEA314C409294250BC9298E4C105F28D.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\DEA314C409294250BC9298E4C105F28D.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
Folder move failed. C:\RECYCLER\S-1-5-21-790525478-651377827-839522115-1003\Dc55 scheduled to be moved on reboot.
C:\RECYCLER\S-1-5-21-790525478-651377827-839522115-1003 folder moved successfully.
C:\RECYCLER folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Hunter Hutchins
->Temp folder emptied: 1214014 bytes
->Temporary Internet Files folder emptied: 185986298 bytes
->Flash cache emptied: 59237 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 699 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1067 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 179.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Hunter Hutchins
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06092011_223421

Files\Folders moved on Reboot...
File\Folder C:\RECYCLER\S-1-5-21-790525478-651377827-839522115-1003\Dc55 not found!
File\Folder C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\YXPS54VN\99186-active-cannot-empty-recycle-bin[1].html not found!
File\Folder C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\YXPS54VN\audmeasure[1].gif not found!
File\Folder C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\YXPS54VN\iframescript[1].htm not found!
File\Folder C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\YXPS54VN\p-01-0VIaSjnOLg[1].gif not found!
File\Folder C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\S7TAPIUP\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm not found!
File\Folder C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\S7TAPIUP\ads[1].htm not found!
File\Folder C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\S7TAPIUP\p-01-0VIaSjnOLg[1].gif not found!

Registry entries deleted on Reboot...

SECURITY CHECK:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

broni · 2011/06/10

Good news

...and Eset...

Hunter · 2011/06/10

No log from Eset.

broni · 2011/06/10

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Hunter · 2011/06/10

OTL3:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hunter Hutchins
->Temp folder emptied: 712792 bytes
->Temporary Internet Files folder emptied: 40623120 bytes
->Flash cache emptied: 1068 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Hunter Hutchins
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06102011_173951

Files\Folders moved on Reboot...
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\NSEJFCX9\99186-active-cannot-empty-recycle-bin-2[1].html moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\NSEJFCX9\ads[5].htm moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\NSEJFCX9\audmeasure[1].gif moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\NSEJFCX9\drts[1].htm moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\NSEJFCX9\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\KSJHJHVO\drts[1].htm moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\KSJHJHVO\iframescript[2].htm moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\KSJHJHVO\L[6].htm moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\AEQWE7UZ\andes_c[3].html moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\7WJERAKW\audmeasure[1].gif moved successfully.
C:\Documents and Settings\Hunter Hutchins\Local Settings\Temporary Internet Files\Content.IE5\7WJERAKW\pixel[1].gif moved successfully.

Registry entries deleted on Reboot...

broni · 2011/06/10

12. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready...

Hunter · 2011/06/10

This problem is done. Thanks broni!

What does it mean when GMER says
"---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 "

Log in or Sign up

Solved Cannot empty recycle bin

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Cannot empty recycle bin

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

broni Moderator Malware Analyst

Hunter Inactive Thread Starter

Share This Page

Useful Searches