Solved Browsers crashing - suspect virus

ewanko08 · 2011/12/14

[Resolved] Browsers crashing - suspect virus

I am experiencing problems like this thread: http://www.windowsbbs.com/malware-virus-removal/93942-resolved-cannot-find-http-random-letters.html

Whenever I open Internet Explorer I keep getting a pop-up that says Cannot find Http://>> and then a really really long random letters address please make sure the address is valid text box. When I exit out of this text box it opens up IE and sends me to my homepage.

Also, firefox used to open 4 tabs which seemed to have weird characters in the url and then crashes. After I run my avira antivirus, it was able to remove a lot of viruses but now, firefox won't even start. It only works on safe-mode, but still crashes.

Here are the logs that I have:
MBAM:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8370

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/14/2011 12:21:00 PM
mbam-log-2011-12-14 (12-21-00).txt

Scan type: Quick scan
Objects scanned: 185465
Time elapsed: 12 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 19
Files Infected: 58

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\yr87fk3d2dnszapq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\JIN\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\application data\funwebproducts\Data\JIN (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funshion online (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashstamp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\historytorrent (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\media (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\JIN\application data\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\application data\dwm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\application data\microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\program files\internet explorer\lvvm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\csrss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\8D.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\91.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\92.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\93.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\dwm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\dxfh.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\8B.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\8C.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\606.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\578.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\583.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\588.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\590.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\59A.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5A2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5A5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5AD.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\67D.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\69E.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5B4.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5C6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5CE.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5D1.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5DD.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5F8.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\616.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\64A.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\local settings\Temp\5D7.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshiongame2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\funshionservice.diagnose (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files\funshion online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\cacheflash\donghuanew_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\02ee38ff_c003_4481_c897_9e9a246fbbd7.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\038e3428_2643_212c_66d0_5c2c43030fa2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\31180903_0a7f_871e_76fd_571dcb44bebd.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\b4abe339_4184_0e61_8dfb_323fae05cd5f.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\bb4d3c89_ffb6_4fe2_c82f_fa03182d9d90.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\c73a4819_f1db_881e_c684_d4b9082477e3.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\db6e42f4_c885_a461_06b6_ca7c5ed6d9a7.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\e1e11714_f4bf_7642_cb06_6efb34609194.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\cache\flashNew\e674cd9e_b587_752d_8dcc_daa318904465.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\media\install latest funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\media\start funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\documents and settings\JIN\funshion\update\flashparam.txt (Adware.Funshion) -> Quarantined and deleted successfully.

GMER.txt:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-14 13:03:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 A-DATA_SSD_16GB rev.081210
Running: 7d85cl1d.exe; Driver: C:\DOCUME~1\MELY\LOCALS~1\Temp\awtyapog.sys

---- System - GMER 1.0.15 ----

SSDT A5B6C4BC ZwClose
SSDT A5B6C476 ZwCreateKey
SSDT A5B6C4C6 ZwCreateSection
SSDT A5B6C46C ZwCreateThread
SSDT A5B6C47B ZwDeleteKey
SSDT A5B6C485 ZwDeleteValueKey
SSDT A5B6C4B7 ZwDuplicateObject
SSDT A5B6C48A ZwLoadKey
SSDT A5B6C458 ZwOpenProcess
SSDT A5B6C45D ZwOpenThread
SSDT A5B6C4DF ZwQueryValueKey
SSDT A5B6C494 ZwReplaceKey
SSDT A5B6C4D0 ZwRequestWaitReplyPort
SSDT A5B6C48F ZwRestoreKey
SSDT A5B6C4CB ZwSetContextThread
SSDT A5B6C4D5 ZwSetSecurityObject
SSDT A5B6C480 ZwSetValueKey
SSDT A5B6C4DA ZwSystemDebugControl
SSDT A5B6C467 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? qbkysykd.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AF000C
.text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0069000A
.text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 006A000A
.text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\svchost.exe[1184] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00EA000A
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8653D39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8653D39B
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskA-DATA_SSD_16GB_________________________081210__#3030313033323534374338322020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

MberCheck:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-14 13:05:06
-----------------------------
13:05:06.750 OS Version: Windows 5.1.2600 Service Pack 3
13:05:06.750 Number of processors: 2 586 0x1C02
13:05:06.765 ComputerName: MINIMELLY UserName: MELY
13:05:07.031 Initialize success
13:06:38.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
13:06:38.187 Disk 0 Vendor: A-DATA_SSD_16GB 081210 Size: 15392MB BusType: 3
13:06:38.203 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskA-DATA_SSD_16GB_________________________081210__#3030313033323534374338322020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
13:06:38.218 Device \Driver\atapi -> DriverStartIo 8653d39b
13:06:40.234 Disk 0 MBR read successfully
13:06:40.250 Disk 0 MBR scan
13:06:40.265 Disk 0 TDL4@MBR code has been found
13:06:40.281 Disk 0 MBR hidden
13:06:40.296 Disk 0 MBR [TDL4] **ROOTKIT**
13:06:40.328 Disk 0 trace - called modules:
13:06:40.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8653d555]<<
13:06:40.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8657dab8]
13:06:40.390 3 CLASSPNP.SYS[f75f8fd7] -> nt!IofCallDriver -> [0x86393030]
13:06:40.421 \Driver\atapi[0x86559320] -> IRP_MJ_CREATE -> 0x8653d555
13:06:40.437 Scan finished successfully
13:07:00.171 Disk 0 MBR has been saved successfully to "D:\MBR.dat "
13:07:00.234 The log file has been saved successfully to "D:\aswMBR.txt "

DDS:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by MELY at 13:07:17 on 2011-12-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.481 [GMT -8:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mely\application data\mozilla\firefox\profiles\6ejxj533.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63717
FF - prefs.js: network.proxy.type - 1
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-13 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-13 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-13 110032]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-14 366152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-14 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-6-14 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2011-12-14 20:02:06 -------- d-----w- c:\documents and settings\mely\application data\Malwarebytes
2011-12-14 20:01:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-14 20:01:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-14 20:01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-14 18:44:44 -------- d-sha-r- C:\cmdcons
2011-12-14 18:31:38 256000 ----a-w- c:\windows\PEV.exe
2011-12-14 18:31:38 208896 ----a-w- c:\windows\MBR.exe
2011-12-14 18:31:36 98816 ----a-w- c:\windows\sed.exe
2011-12-14 18:31:36 518144 ----a-w- c:\windows\SWREG.exe
2011-12-14 07:14:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-12-14 07:14:11 713600 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-12-14 06:57:56 -------- d-----w- c:\documents and settings\mely\application data\Avira
2011-12-14 06:53:26 35136 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-12-14 06:46:16 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-12-14 06:46:14 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-12-14 06:46:00 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-12-14 06:45:59 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-12-14 06:45:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-12-14 06:45:57 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-12-14 06:45:57 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-12-14 06:20:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-14 06:20:15 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-14 06:20:07 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-12-09 21:34:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: A-DATA_SSD_16GB rev.081210 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8653D555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x865437b0]; MOV EAX, [0x8654382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8657DAB8]
3 CLASSPNP[0xF75F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86393030]
\Driver\atapi[0x86559320] -> IRP_MJ_CREATE -> 0x8653D555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskA-DATA_SSD_16GB_________________________081210__#3030313033323534374338322020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8653D39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:09:01.39 ===============

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/17/2009 12:29:03 AM
System Uptime: 12/14/2011 12:34:37 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 308F
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 15 GiB total, 0.944 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP309: 11/24/2011 5:51:26 PM - System Checkpoint
RP310: 11/27/2011 1:27:35 PM - System Checkpoint
RP311: 11/30/2011 8:24:07 PM - System Checkpoint
RP312: 12/3/2011 8:51:51 PM - System Checkpoint
RP313: 12/5/2011 9:10:59 PM - System Checkpoint
RP314: 12/6/2011 9:15:55 PM - System Checkpoint
RP315: 12/10/2011 7:54:34 PM - System Checkpoint
RP316: 12/11/2011 8:11:11 PM - System Checkpoint
RP317: 12/13/2011 9:31:52 PM - System Checkpoint
RP318: 12/14/2011 9:32:23 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Chikka Messenger V4
Compatibility Pack for the 2007 Office system
DivX Setup
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 2.10 A2
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Doc Viewer
HP Help and Support
HP Mobile Broadband Setup Utility
HP User Guides 0139
HP Wireless Assistant
HpSdpAppCoreApp
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 11
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 6.0 Parser
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 3.8
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Backup Utility
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/14/2011 9:35:14 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
12/14/2011 12:38:09 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000008, parameter2 00000002, parameter3 00000000, parameter4 804fc652.
12/14/2011 12:37:47 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 a34797fc, parameter3 a2b21bb0, parameter4 00000000.
12/14/2011 12:36:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde
12/14/2011 11:20:40 AM, error: PlugPlayManager [11] - The device Root\LEGACY_KFAHIQ\0000 disappeared from the system without first being prepared for removal.
12/13/2011 6:55:36 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
12/13/2011 10:53:07 PM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Admin. · 2011/12/14

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

ewanko08 · 2011/12/14

I do have uTorrent but has not used that for a few years already. My problem started just yesterday. I'm thinking maybe I got the virus from a USB flash drive that I also use in school.

broni · 2011/12/14

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

ewanko08 · 2011/12/14

TDSSKiller log:

15:25:07.0765 3304 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
15:25:08.0218 3304 ============================================================
15:25:08.0218 3304 Current date / time: 2011/12/14 15:25:08.0218
15:25:08.0218 3304 SystemInfo:
15:25:08.0218 3304
15:25:08.0218 3304 OS Version: 5.1.2600 ServicePack: 3.0
15:25:08.0218 3304 Product type: Workstation
15:25:08.0234 3304 ComputerName: MINIMELLY
15:25:08.0234 3304 UserName: MELY
15:25:08.0234 3304 Windows directory: C:\WINDOWS
15:25:08.0234 3304 System windows directory: C:\WINDOWS
15:25:08.0234 3304 Processor architecture: Intel x86
15:25:08.0234 3304 Number of processors: 2
15:25:08.0234 3304 Page size: 0x1000
15:25:08.0234 3304 Boot type: Normal boot
15:25:08.0234 3304 ============================================================
15:25:08.0656 3304 Initialize success
15:25:16.0078 0976 ============================================================
15:25:16.0078 0976 Scan started
15:25:16.0078 0976 Mode: Manual;
15:25:16.0078 0976 ============================================================
15:25:16.0437 0976 Abiosdsk - ok
15:25:16.0468 0976 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:25:16.0484 0976 abp480n5 - ok
15:25:16.0500 0976 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:25:16.0500 0976 ACPI - ok
15:25:16.0515 0976 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:25:16.0515 0976 ACPIEC - ok
15:25:16.0546 0976 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:25:16.0578 0976 adpu160m - ok
15:25:16.0593 0976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:25:16.0593 0976 aec - ok
15:25:16.0609 0976 AESTAud (f0f8212d86ef2bfdd5ad01f6ab7b017c) C:\WINDOWS\system32\drivers\AESTAud.sys
15:25:16.0609 0976 AESTAud - ok
15:25:16.0640 0976 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:25:16.0640 0976 AFD - ok
15:25:16.0656 0976 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:25:16.0671 0976 agp440 - ok
15:25:16.0687 0976 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:25:16.0703 0976 agpCPQ - ok
15:25:16.0718 0976 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:25:16.0734 0976 Aha154x - ok
15:25:16.0750 0976 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:25:16.0765 0976 aic78u2 - ok
15:25:16.0781 0976 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:25:16.0796 0976 aic78xx - ok
15:25:16.0828 0976 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:25:16.0828 0976 AliIde - ok
15:25:16.0843 0976 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:25:16.0859 0976 alim1541 - ok
15:25:16.0875 0976 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:25:16.0890 0976 amdagp - ok
15:25:16.0906 0976 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:25:16.0921 0976 amsint - ok
15:25:16.0968 0976 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:25:16.0968 0976 Arp1394 - ok
15:25:16.0984 0976 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:25:17.0000 0976 asc - ok
15:25:17.0015 0976 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:25:17.0031 0976 asc3350p - ok
15:25:17.0046 0976 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:25:17.0062 0976 asc3550 - ok
15:25:17.0109 0976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:25:17.0125 0976 AsyncMac - ok
15:25:17.0140 0976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:25:17.0140 0976 atapi - ok
15:25:17.0156 0976 Atdisk - ok
15:25:17.0171 0976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:25:17.0187 0976 Atmarpc - ok
15:25:17.0218 0976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:25:17.0218 0976 audstub - ok
15:25:17.0234 0976 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:25:17.0234 0976 avgntflt - ok
15:25:17.0265 0976 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:25:17.0265 0976 avipbb - ok
15:25:17.0281 0976 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:25:17.0281 0976 avkmgr - ok
15:25:17.0359 0976 BCM43XX (10cf810cbc0b7090c436bb15496b3328) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:25:17.0390 0976 BCM43XX - ok
15:25:17.0406 0976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:25:17.0406 0976 Beep - ok
15:25:17.0453 0976 btaudio - ok
15:25:17.0468 0976 BTDriver - ok
15:25:17.0484 0976 BTWDNDIS - ok
15:25:17.0515 0976 btwhid - ok
15:25:17.0515 0976 catchme - ok
15:25:17.0546 0976 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:25:17.0546 0976 cbidf - ok
15:25:17.0578 0976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:25:17.0578 0976 cbidf2k - ok
15:25:17.0593 0976 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:25:17.0609 0976 CCDECODE - ok
15:25:17.0625 0976 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:25:17.0625 0976 cd20xrnt - ok
15:25:17.0640 0976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:25:17.0656 0976 Cdaudio - ok
15:25:17.0671 0976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:25:17.0687 0976 Cdfs - ok
15:25:17.0703 0976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:25:17.0703 0976 Cdrom - ok
15:25:17.0718 0976 Changer - ok
15:25:17.0765 0976 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:25:17.0765 0976 CmBatt - ok
15:25:17.0781 0976 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:25:17.0796 0976 CmdIde - ok
15:25:17.0812 0976 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:25:17.0812 0976 Compbatt - ok
15:25:17.0859 0976 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:25:17.0859 0976 Cpqarray - ok
15:25:17.0890 0976 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:25:17.0906 0976 dac2w2k - ok
15:25:17.0921 0976 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:25:17.0937 0976 dac960nt - ok
15:25:17.0968 0976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:25:17.0968 0976 Disk - ok
15:25:18.0015 0976 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:25:18.0046 0976 dmboot - ok
15:25:18.0078 0976 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:25:18.0093 0976 dmio - ok
15:25:18.0109 0976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:25:18.0125 0976 dmload - ok
15:25:18.0140 0976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:25:18.0140 0976 DMusic - ok
15:25:18.0171 0976 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:25:18.0187 0976 dpti2o - ok
15:25:18.0203 0976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:25:18.0203 0976 drmkaud - ok
15:25:18.0250 0976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:25:18.0250 0976 Fastfat - ok
15:25:18.0281 0976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:25:18.0281 0976 Fdc - ok
15:25:18.0296 0976 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:25:18.0296 0976 Fips - ok
15:25:18.0328 0976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:25:18.0328 0976 Flpydisk - ok
15:25:18.0343 0976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:25:18.0343 0976 FltMgr - ok
15:25:18.0375 0976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:25:18.0375 0976 Fs_Rec - ok
15:25:18.0390 0976 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:25:18.0406 0976 Ftdisk - ok
15:25:18.0421 0976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:25:18.0421 0976 GEARAspiWDM - ok
15:25:18.0453 0976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:25:18.0453 0976 Gpc - ok
15:25:18.0468 0976 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:25:18.0468 0976 HDAudBus - ok
15:25:18.0515 0976 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:25:18.0515 0976 hpn - ok
15:25:18.0546 0976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:25:18.0562 0976 HTTP - ok
15:25:18.0578 0976 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:25:18.0593 0976 i2omgmt - ok
15:25:18.0609 0976 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:25:18.0625 0976 i2omp - ok
15:25:18.0640 0976 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:25:18.0640 0976 i8042prt - ok
15:25:18.0796 0976 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:25:18.0953 0976 ialm - ok
15:25:18.0984 0976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:25:18.0984 0976 Imapi - ok
15:25:19.0015 0976 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:25:19.0031 0976 ini910u - ok
15:25:19.0062 0976 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:25:19.0078 0976 IntelIde - ok
15:25:19.0093 0976 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:25:19.0093 0976 intelppm - ok
15:25:19.0125 0976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:25:19.0140 0976 Ip6Fw - ok
15:25:19.0156 0976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:25:19.0156 0976 IpFilterDriver - ok
15:25:19.0171 0976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:25:19.0187 0976 IpInIp - ok
15:25:19.0203 0976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:25:19.0203 0976 IpNat - ok
15:25:19.0234 0976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:25:19.0234 0976 IPSec - ok
15:25:19.0250 0976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:25:19.0265 0976 IRENUM - ok
15:25:19.0281 0976 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:25:19.0281 0976 isapnp - ok
15:25:19.0312 0976 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:25:19.0312 0976 Kbdclass - ok
15:25:19.0343 0976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:25:19.0343 0976 kmixer - ok
15:25:19.0359 0976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:25:19.0359 0976 KSecDD - ok
15:25:19.0375 0976 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
15:25:19.0390 0976 L1c - ok
15:25:19.0421 0976 lbrtfdc - ok
15:25:19.0468 0976 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:25:19.0468 0976 MBAMProtector - ok
15:25:19.0484 0976 MBAMSwissArmy - ok
15:25:19.0515 0976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:25:19.0515 0976 mnmdd - ok
15:25:19.0546 0976 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:25:19.0562 0976 Modem - ok
15:25:19.0578 0976 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:25:19.0578 0976 Mouclass - ok
15:25:19.0609 0976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:25:19.0609 0976 MountMgr - ok
15:25:19.0625 0976 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:25:19.0640 0976 mraid35x - ok
15:25:19.0656 0976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:25:19.0656 0976 MRxDAV - ok
15:25:19.0687 0976 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:25:19.0703 0976 MRxSmb - ok
15:25:19.0718 0976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:25:19.0734 0976 Msfs - ok
15:25:19.0750 0976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:25:19.0765 0976 MSKSSRV - ok
15:25:19.0781 0976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:25:19.0781 0976 MSPCLOCK - ok
15:25:19.0796 0976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:25:19.0812 0976 MSPQM - ok
15:25:19.0828 0976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:25:19.0828 0976 mssmbios - ok
15:25:19.0859 0976 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:25:19.0859 0976 MSTEE - ok
15:25:19.0875 0976 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:25:19.0875 0976 Mup - ok
15:25:19.0906 0976 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:25:19.0921 0976 NABTSFEC - ok
15:25:19.0937 0976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:25:19.0953 0976 NDIS - ok
15:25:19.0968 0976 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:25:19.0968 0976 NdisIP - ok
15:25:19.0984 0976 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:25:20.0000 0976 NdisTapi - ok
15:25:20.0015 0976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:25:20.0015 0976 Ndisuio - ok
15:25:20.0031 0976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:25:20.0046 0976 NdisWan - ok
15:25:20.0062 0976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:25:20.0062 0976 NDProxy - ok
15:25:20.0093 0976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:25:20.0093 0976 NetBIOS - ok
15:25:20.0109 0976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:25:20.0125 0976 NetBT - ok
15:25:20.0171 0976 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:25:20.0187 0976 NIC1394 - ok
15:25:20.0203 0976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:25:20.0203 0976 Npfs - ok
15:25:20.0234 0976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:25:20.0250 0976 Ntfs - ok
15:25:20.0281 0976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:25:20.0281 0976 Null - ok
15:25:20.0296 0976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:25:20.0312 0976 NwlnkFlt - ok
15:25:20.0343 0976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:25:20.0343 0976 NwlnkFwd - ok
15:25:20.0375 0976 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:25:20.0390 0976 ohci1394 - ok
15:25:20.0421 0976 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:25:20.0437 0976 Parport - ok
15:25:20.0453 0976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:25:20.0453 0976 PartMgr - ok
15:25:20.0468 0976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:25:20.0484 0976 ParVdm - ok
15:25:20.0500 0976 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:25:20.0500 0976 PCI - ok
15:25:20.0515 0976 PCIDump - ok
15:25:20.0531 0976 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:25:20.0546 0976 PCIIde - ok
15:25:20.0562 0976 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:25:20.0593 0976 Pcmcia - ok
15:25:20.0593 0976 PDCOMP - ok
15:25:20.0625 0976 PDFRAME - ok
15:25:20.0640 0976 PDRELI - ok
15:25:20.0656 0976 PDRFRAME - ok
15:25:20.0671 0976 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:25:20.0687 0976 perc2 - ok
15:25:20.0703 0976 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:25:20.0718 0976 perc2hib - ok
15:25:20.0765 0976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:25:20.0765 0976 PptpMiniport - ok
15:25:20.0796 0976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:25:20.0796 0976 PSched - ok
15:25:20.0828 0976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:25:20.0828 0976 Ptilink - ok
15:25:20.0843 0976 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:25:20.0859 0976 ql1080 - ok
15:25:20.0875 0976 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:25:20.0890 0976 Ql10wnt - ok
15:25:20.0906 0976 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:25:20.0921 0976 ql12160 - ok
15:25:20.0937 0976 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:25:20.0953 0976 ql1240 - ok
15:25:20.0968 0976 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:25:20.0984 0976 ql1280 - ok
15:25:21.0000 0976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:25:21.0000 0976 RasAcd - ok
15:25:21.0031 0976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:25:21.0031 0976 Rasl2tp - ok
15:25:21.0062 0976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:25:21.0062 0976 RasPppoe - ok
15:25:21.0078 0976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:25:21.0078 0976 Raspti - ok
15:25:21.0109 0976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:25:21.0109 0976 Rdbss - ok
15:25:21.0125 0976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:25:21.0125 0976 RDPCDD - ok
15:25:21.0156 0976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:25:21.0187 0976 rdpdr - ok
15:25:21.0218 0976 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:25:21.0234 0976 RDPWD - ok
15:25:21.0250 0976 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:25:21.0265 0976 redbook - ok
15:25:21.0312 0976 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
15:25:21.0328 0976 RSUSBSTOR - ok
15:25:21.0343 0976 Rts516xIR - ok
15:25:21.0406 0976 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:25:21.0421 0976 sdbus - ok
15:25:21.0437 0976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:25:21.0437 0976 Secdrv - ok
15:25:21.0484 0976 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:25:21.0484 0976 Serial - ok
15:25:21.0515 0976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:25:21.0515 0976 Sfloppy - ok
15:25:21.0546 0976 Simbad - ok
15:25:21.0578 0976 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:25:21.0593 0976 sisagp - ok
15:25:21.0609 0976 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:25:21.0609 0976 SLIP - ok
15:25:21.0656 0976 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:25:21.0656 0976 SONYPVU1 - ok
15:25:21.0671 0976 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:25:21.0687 0976 Sparrow - ok
15:25:21.0703 0976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:25:21.0703 0976 splitter - ok
15:25:21.0734 0976 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:25:21.0734 0976 sr - ok
15:25:21.0765 0976 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
15:25:21.0781 0976 Srv - ok
15:25:21.0796 0976 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:25:21.0796 0976 ssmdrv - ok
15:25:21.0859 0976 STHDA (dc3489f1ef71ad75b34740d0e6979187) C:\WINDOWS\system32\drivers\sthda.sys
15:25:21.0890 0976 STHDA - ok
15:25:21.0921 0976 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:25:21.0921 0976 streamip - ok
15:25:21.0937 0976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:25:21.0953 0976 swenum - ok
15:25:21.0968 0976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:25:21.0968 0976 swmidi - ok
15:25:22.0000 0976 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:25:22.0000 0976 symc810 - ok
15:25:22.0015 0976 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:25:22.0031 0976 symc8xx - ok
15:25:22.0046 0976 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:25:22.0062 0976 sym_hi - ok
15:25:22.0093 0976 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:25:22.0093 0976 sym_u3 - ok
15:25:22.0125 0976 SynTP (8da49473f997d4c5d821f1e358f94f2d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:25:22.0125 0976 SynTP - ok
15:25:22.0140 0976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:25:22.0140 0976 sysaudio - ok
15:25:22.0187 0976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:25:22.0203 0976 Tcpip - ok
15:25:22.0218 0976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:25:22.0218 0976 TDPIPE - ok
15:25:22.0234 0976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:25:22.0250 0976 TDTCP - ok
15:25:22.0265 0976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:25:22.0265 0976 TermDD - ok
15:25:22.0312 0976 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:25:22.0328 0976 TosIde - ok
15:25:22.0359 0976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:25:22.0359 0976 Udfs - ok
15:25:22.0390 0976 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:25:22.0390 0976 ultra - ok
15:25:22.0421 0976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:25:22.0437 0976 Update - ok
15:25:22.0468 0976 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:25:22.0484 0976 USBAAPL - ok
15:25:22.0500 0976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:25:22.0500 0976 usbccgp - ok
15:25:22.0515 0976 USBCCID - ok
15:25:22.0531 0976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:25:22.0531 0976 usbehci - ok
15:25:22.0562 0976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:25:22.0562 0976 usbhub - ok
15:25:22.0593 0976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:25:22.0593 0976 usbprint - ok
15:25:22.0609 0976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:25:22.0625 0976 usbscan - ok
15:25:22.0640 0976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:25:22.0640 0976 USBSTOR - ok
15:25:22.0656 0976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:25:22.0656 0976 usbuhci - ok
15:25:22.0687 0976 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:25:22.0687 0976 usbvideo - ok
15:25:22.0703 0976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:25:22.0703 0976 VgaSave - ok
15:25:22.0734 0976 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:25:22.0734 0976 viaagp - ok
15:25:22.0765 0976 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:25:22.0765 0976 ViaIde - ok
15:25:22.0781 0976 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:25:22.0781 0976 VolSnap - ok
15:25:22.0828 0976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:25:22.0828 0976 Wanarp - ok
15:25:22.0859 0976 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:25:22.0875 0976 Wdf01000 - ok
15:25:22.0890 0976 WDICA - ok
15:25:22.0906 0976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:25:22.0906 0976 wdmaud - ok
15:25:22.0984 0976 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:25:22.0984 0976 WmiAcpi - ok
15:25:23.0015 0976 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:25:23.0031 0976 WpdUsb - ok
15:25:23.0078 0976 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:25:23.0078 0976 WSTCODEC - ok
15:25:23.0109 0976 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:25:23.0109 0976 WudfPf - ok
15:25:23.0125 0976 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:25:23.0140 0976 WudfRd - ok
15:25:23.0203 0976 MBR (0x1B8) (e2623ec53824142420ae2f36878e5488) \Device\Harddisk0\DR0
15:25:23.0203 0976 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
15:25:23.0203 0976 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
15:25:23.0203 0976 Boot (0x1200) (bbaa225d03e8f9a49786541e63484e7d) \Device\Harddisk0\DR0\Partition0
15:25:23.0218 0976 \Device\Harddisk0\DR0\Partition0 - ok
15:25:23.0218 0976 ============================================================
15:25:23.0218 0976 Scan finished
15:25:23.0218 0976 ============================================================
15:25:23.0234 1944 Detected object count: 1
15:25:23.0234 1944 Actual detected object count: 1
15:25:47.0328 1944 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
15:25:47.0328 1944 \Device\Harddisk0\DR0 - ok
15:25:47.0328 1944 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
15:25:53.0328 1792 Deinitialize success

broni · 2011/12/14

Good

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

==========================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ewanko08 · 2011/12/14

I did quick check, and both browsers now seem to be working fine. Just let me know if there are any other steps I should do. THanks!!

Here are the logs:

RootKit Unhooker:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6D03000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6B1F000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1736704 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xAA5B4000 C:\WINDOWS\system32\drivers\sthda.sys 1490944 bytes (IDT, Inc., IDT PC Audio)
0xF7328000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6A4E000 C:\WINDOWS\System32\Drivers\wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA8BE0000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF69A5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8CC5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA84FF000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7F22000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6ACA000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 200704 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF7459000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA866F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72FB000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA769B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8C50000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6CC7000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA8C9D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA8BBA000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8B6D000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 151552 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xA7A9E000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA590000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6AFB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6A03000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8C7B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73F1000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7429000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA8B4F000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xAA574000 C:\WINDOWS\system32\drivers\AESTAud.sys 114688 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xF72E1000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA841E000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 102400 bytes (Avira GmbH, Avira Minifilter Driver)
0xF7411000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8B37000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73C8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6A37000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA87B2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6CEF000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8D1E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF73B5000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF73DF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7448000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6A26000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7598000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF77B8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA8ACF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77A8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75A8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7708000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 57344 bytes (Atheros Communications, Inc., Atheros AR8131/AR8132 PCI-E Ethernet Controller ndis miniport driver)
0xF75E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7718000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7738000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7728000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF7658000 C:\WINDOWS\system32\DRIVERS\avkmgr.sys 49152 bytes (Avira GmbH, Avira Manager Driver)
0xF7758000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7648000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF75B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7748000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7588000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7788000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7778000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA78C1000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF75D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA884F000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF7768000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF77F8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7628000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7930000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7940000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78D8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7808000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78E0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78E8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7938000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF78D0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7920000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7928000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7810000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7900000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF78F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7978000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79A0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7A54000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA8A5F000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF7A68000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA89F3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF79A4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7998000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF799C000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA8D6D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF72A5000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7A5C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7299000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A58000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7A8C000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7AB2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AC6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AB0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A90000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A88000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AB4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AB8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AAC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AAA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A8E000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A8A000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C4E000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CCD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C68000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B51000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B50000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

ComboFix:

ComboFix 11-12-13.03 - MELY 12/14/2011 16:29:31.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.549 [GMT -8:00]
Running from: c:\documents and settings\MELY\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-14 20:02 . 2011-12-14 20:02 -------- d-----w- c:\documents and settings\MELY\Application Data\Malwarebytes
2011-12-14 20:01 . 2011-12-14 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-14 20:01 . 2011-12-14 20:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-14 20:01 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-14 07:14 . 2011-11-21 04:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-14 07:14 . 2011-11-21 04:04 713600 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-12-14 06:57 . 2011-12-14 06:57 -------- d-----w- c:\documents and settings\MELY\Application Data\Avira
2011-12-14 06:53 . 2010-09-01 22:52 35136 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll
2011-12-14 06:53 . 2011-12-14 06:53 -------- d-----w- c:\program files\NOS
2011-12-14 06:53 . 2011-12-14 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2011-12-14 06:46 . 2011-11-21 01:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-12-14 06:46 . 2011-11-21 01:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-12-14 06:46 . 2011-11-21 04:04 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-12-14 06:45 . 2011-11-21 04:04 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-12-14 06:45 . 2011-11-21 04:04 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-12-14 06:45 . 2011-11-21 04:04 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-12-14 06:45 . 2011-11-21 04:04 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-12-14 06:20 . 2011-10-11 23:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-14 06:20 . 2011-12-14 19:43 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-14 06:20 . 2011-10-11 23:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-14 06:20 . 2011-12-14 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-12-09 21:34 . 2011-12-09 21:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:04 . 2011-12-14 07:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_19.31.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 23:27 . 2011-12-14 23:27 16384 c:\windows\temp\Perflib_Perfdata_c4.dat
+ 2011-12-14 23:27 . 2011-12-14 23:27 16384 c:\windows\temp\Perflib_Perfdata_77c.dat
+ 2010-09-23 12:47 . 2010-09-23 12:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 11:03 . 2010-09-23 11:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-21 07:07 . 2010-09-21 07:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2010-09-23 10:52 . 2010-09-23 10:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-23 02:12 . 2010-09-23 02:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2010-09-21 07:07 . 2010-09-21 07:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-11 02:17 . 2010-09-11 02:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-23 04:41 . 2010-09-23 04:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-21 07:07 . 2010-09-21 07:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-23 12:47 . 2010-09-23 12:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-23 02:04 . 2010-09-23 02:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-23 03:39 . 2010-09-23 03:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-21 07:07 . 2010-09-21 07:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2010-09-23 02:50 . 2010-09-23 02:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\7e536.msp
+ 2010-09-23 02:05 . 2010-09-23 02:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-06-20 01:51 . 2010-06-20 01:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\7e538.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\7e537.msp
+ 2010-09-23 11:03 . 2010-09-23 11:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"AESTFltr "= "c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 136600]
"HP Mobile Broadband "= "c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/13/2011 10:20 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/13/2011 10:20 PM 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/14/2011 12:01 PM 366152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/14/2009 11:28 AM 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 1:03 PM 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/14/2011 12:01 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [6/14/2009 11:29 AM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - avgntflt
*Deregistered* - BlackBox
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
FF - ProfilePath - c:\documents and settings\MELY\Application Data\Mozilla\Firefox\Profiles\6ejxj533.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63717
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 16:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-14 16:44:07
ComboFix-quarantined-files.txt 2011-12-15 00:44
ComboFix2.txt 2011-12-14 19:39
.
Pre-Run: 803,430,400 bytes free
Post-Run: 798,351,360 bytes free
.
- - End Of File - - F8EFD70E9CF7BB680056869B766ED99B

broni · 2011/12/14

Good news

Both logs look good.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

ewanko08 · 2011/12/15

OTL.txt:

OTL logfile created on: 12/14/2011 11:16:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JIN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 606.39 Mb Available Physical Memory | 59.73% Memory free
2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.02 Gb Total Space | 0.85 Gb Free Space | 5.65% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 3.38 Gb Free Space | 45.41% Space Free | Partition Type: FAT32

Computer Name: MINIMELLY | User Name: JIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/12/14 23:09:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JIN\Desktop\OTL.exe
PRC - [2011/12/13 20:08:25 | 000,193,536 | ---- | M] () -- C:\Program Files\9E243\lvvm.exe
PRC - [2011/10/11 15:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/12 14:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/30 12:47:00 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/30 12:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/02/18 13:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/15 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/13 20:08:25 | 000,193,536 | ---- | M] () -- C:\Program Files\9E243\lvvm.exe
MOD - [2011/10/11 15:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/04/29 15:59:12 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/04/12 14:46:46 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/04/12 14:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/03/30 12:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/14 11:43:41 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/16 23:32:53 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/03/30 12:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/19 10:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/02 13:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/21 17:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8893

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8893

IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57980

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.2000
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {3D5C612D-5AB5-43B0-869A-3691C18FADE3}:1.9.1
FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11511&client_id=92a6bf3cb4f878cce86dd54c&camp_id=-10&install_time=2010-06-19T15:19:11Z&tb_version=2.4.15000%28F%29&pr=auto&q= "
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.http_port: 57980
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\JIN\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3D5C612D-5AB5-43B0-869A-3691C18FADE3}: C:\Documents and Settings\JIN\Local Settings\Application Data\{3D5C612D-5AB5-43B0-869A-3691C18FADE3} [2011/01/01 12:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/13 23:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/14 15:51:46 | 000,000,000 | ---D | M]

[2010/05/10 00:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JIN\Application Data\Mozilla\Extensions
[2011/12/13 22:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\extensions
[2010/05/10 01:51:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\extensions\nostmp
[2011/12/13 22:54:02 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\extensions\toolbar@alot.com
[2010/06/19 07:20:58 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\searchplugins\alot-search.xml
[2011/01/01 12:23:35 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\searchplugins\bing-zugo.xml
[2011/12/13 23:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/06 22:10:28 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

O1 HOSTS File: ([2011/12/14 16:37:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [655.exe] C:\Program Files\LP\5516\655.exe ()
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...000&si=&a=ehZjz9RMFXeCXLKrVsfHpQ&n=2010102023 File not found
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65752872-B130-41BF-A503-7E7A0A200C5A}: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007 Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fe6eb8ca-d1ba-11e0-8312-002655b09551}\Shell\AutoRun\command - " " = RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 23:18:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/14 23:15:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JIN\Desktop\OTL.exe
[2011/12/14 22:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/12/14 16:52:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/14 12:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/14 12:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/14 12:01:30 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/14 12:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/14 10:44:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/14 10:31:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/14 10:31:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/14 10:31:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/14 10:31:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/14 10:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/14 10:27:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/13 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/12/13 22:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/12/13 22:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JIN\Application Data\Avira
[2011/12/13 22:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/12/13 22:20:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/12/13 22:20:18 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/12/13 22:20:17 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/13 22:20:15 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/12/13 22:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/12/04 18:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JIN\Desktop\WebSite1
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\JIN\My Documents\*.tmp files -> C:\Documents and Settings\JIN\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 23:09:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JIN\Desktop\OTL.exe
[2011/12/14 22:56:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/14 22:56:52 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/14 16:37:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/14 15:51:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/14 12:01:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 11:43:41 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/14 10:46:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/13 23:15:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/13 22:23:05 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/12/10 16:09:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 22:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/05 20:14:25 | 001,116,181 | ---- | M] () -- C:\Documents and Settings\JIN\Desktop\IMG-20111122-00126.jpg
[2011/12/05 20:04:40 | 000,787,299 | ---- | M] () -- C:\Documents and Settings\JIN\Desktop\IMG-20111122-00125.jpg
[2011/11/29 20:09:34 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/29 20:09:34 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/23 16:55:38 | 000,069,284 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\JIN\My Documents\*.tmp files -> C:\Documents and Settings\JIN\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 12:01:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 10:46:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/14 10:45:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/14 10:31:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/14 10:31:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/14 10:31:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/14 10:31:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/14 10:31:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/13 22:46:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/13 22:23:05 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/12/05 19:59:27 | 001,116,181 | ---- | C] () -- C:\Documents and Settings\JIN\Desktop\IMG-20111122-00126.jpg
[2011/12/05 19:59:27 | 000,787,299 | ---- | C] () -- C:\Documents and Settings\JIN\Desktop\IMG-20111122-00125.jpg
[2011/11/23 16:55:38 | 000,069,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/16 17:19:37 | 000,167,853 | ---- | C] () -- C:\Documents and Settings\JIN\Application Data\157A.68E
[2011/01/01 12:24:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hvowefayoq.dat
[2011/01/01 12:24:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fdonaxubexuyir.bin
[2010/10/17 16:53:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/26 08:44:40 | 003,909,743 | ---- | C] () -- C:\Documents and Settings\JIN\Application Data\Bruno Mars - Just the Way You Are 2010.zip
[2010/05/21 19:32:29 | 000,000,253 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/19 19:31:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/19 13:08:46 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\JIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/10 09:32:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/10 00:45:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/14 11:47:27 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/14 11:28:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/24 17:48:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/24 17:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/24 17:26:44 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/24 17:26:44 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/24 17:16:28 | 000,331,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 17:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/24 17:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/15 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/15 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/15 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/15 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/15 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/15 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/15 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/15 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 21:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 21:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/10/17 16:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/06/14 11:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/14 11:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/12/25 16:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/14 21:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JIN\Application Data\068E1
[2011/12/14 23:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JIN\Application Data\6439E
[2011/08/26 08:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JIN\Application Data\uTorrent
[2010/06/18 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JIN\Application Data\WeatherBug
[2011/01/06 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/10/16 23:28:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/14 10:46:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/14 16:44:09 | 000,011,403 | ---- | M] () -- C:\ComboFix.txt
[2011/12/14 22:56:52 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/08 19:11:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/14 11:42:37 | 000,000,444 | -H-- | M] () -- C:\IPH.PH
[2011/02/08 19:11:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/15 04:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/04/15 04:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/14 22:56:51 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/06/18 21:00:01 | 000,042,259 | ---- | M] () -- C:\scramble.log
[2011/12/14 15:25:53 | 000,059,038 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_14.12.2011_15.25.07_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/06/24 17:12:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/03/28 15:08:21 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_122000.bat
[2011/04/29 06:06:28 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_125078.bat
[2011/04/11 19:54:08 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_127734.bat
[2011/03/30 19:31:05 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_129328.bat
[2011/04/09 06:36:11 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_134265.bat
[2011/04/24 06:08:18 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_139468.bat
[2011/04/20 11:27:08 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_14563218.bat
[2011/04/03 11:43:52 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_159265.bat
[2011/04/09 11:04:03 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16206281.bat
[2011/04/08 18:54:48 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16329593.bat
[2011/04/08 11:14:18 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16673265.bat
[2011/04/20 07:57:03 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_1958500.bat
[2011/04/06 18:05:41 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_1989765.bat
[2011/04/09 13:17:30 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_24213187.bat
[2011/05/02 17:30:46 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_264906.bat
[2011/04/20 14:59:57 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_27332265.bat
[2011/02/16 20:23:53 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_318156.bat
[2011/05/06 17:42:25 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_44921.bat
[2011/04/16 10:27:56 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_472015.bat
[2011/04/08 14:30:31 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_472406.bat
[2011/08/06 16:55:19 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_55093.bat
[2011/04/25 17:42:29 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_55968.bat
[2011/04/30 06:20:18 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_61156.bat
[2011/04/20 09:15:14 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_6649671.bat
[2011/08/27 08:39:41 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_76406.bat
[2011/09/27 17:51:45 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_79906.bat
[2011/04/12 18:24:19 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8106968.bat
[2011/04/09 08:51:17 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8239781.bat
[2011/04/08 16:41:33 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8333734.bat
[2011/04/08 08:57:12 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8446890.bat
[2011/08/23 17:52:59 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_85234.bat
[2011/10/02 17:14:08 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_91828.bat
[2011/04/06 20:16:24 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_9834109.bat
[2010/12/22 05:53:24 | 000,001,666 | -H-- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/06/24 10:05:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/06/24 10:05:34 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/06/24 10:05:32 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/06/24 17:12:32 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/18 21:02:17 | 000,000,205 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\Internet Explorer\Quick Launch\1000 Free Songs!.url
[2010/05/10 00:22:26 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/06/18 21:02:16 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\Internet Explorer\Quick Launch\FREE GAMES!.url
[2008/06/24 17:17:08 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/14 23:09:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JIN\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/06/04 16:48:11 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\JIN\My Documents\AdbeRdr930_en_US.exe
[1 C:\Documents and Settings\JIN\My Documents\*.tmp files -> C:\Documents and Settings\JIN\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/10 00:22:26 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\JIN\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/14 23:00:12 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\JIN\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/15 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 14:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 14:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 14:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 20:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 14:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 14:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 14:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 14:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 14:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

ewanko08 · 2011/12/15

Extras.txt

OTL Extras logfile created on: 12/14/2011 11:16:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JIN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 606.39 Mb Available Physical Memory | 59.73% Memory free
2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.02 Gb Total Space | 0.85 Gb Free Space | 5.65% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 3.38 Gb Free Space | 45.41% Space Free | Partition Type: FAT32

Computer Name: MINIMELLY | User Name: JIN| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2735177599-1521103678-2417746798-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1 "
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{6FABA483-0BAD-4EFA-9B1C-599CC4F6677D}" = HP User Guides 0139
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Chikka Messenger V4" = Chikka Messenger V4
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2011 1:47:46 PM | Computer Name = MINIMELLY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17093, faulting
module unknown, version 0.0.0.0, fault address 0x0026516c.

Error - 12/14/2011 1:53:00 PM | Computer Name = MINIMELLY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17093, faulting
module unknown, version 0.0.0.0, fault address 0x0026516c.

Error - 12/14/2011 1:53:50 PM | Computer Name = MINIMELLY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17093, faulting
module unknown, version 0.0.0.0, fault address 0x0026516c.

Error - 12/14/2011 1:58:30 PM | Computer Name = MINIMELLY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17093, faulting
module unknown, version 0.0.0.0, fault address 0x0026516c.

Error - 12/14/2011 3:30:31 PM | Computer Name = MINIMELLY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/14/2011 3:30:31 PM | Computer Name = MINIMELLY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/14/2011 3:30:33 PM | Computer Name = MINIMELLY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/14/2011 3:47:09 PM | Computer Name = MINIMELLY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/14/2011 3:47:09 PM | Computer Name = MINIMELLY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/14/2011 3:47:10 PM | Computer Name = MINIMELLY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 12/14/2011 2:53:07 AM | Computer Name = MINIMELLY | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%2

Error - 12/14/2011 3:04:12 AM | Computer Name = MINIMELLY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2011 3:04:12 AM | Computer Name = MINIMELLY | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%2

Error - 12/14/2011 1:31:00 PM | Computer Name = MINIMELLY | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2011 1:31:00 PM | Computer Name = MINIMELLY | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%2

Error - 12/14/2011 1:35:14 PM | Computer Name = MINIMELLY | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 12/14/2011 3:20:40 PM | Computer Name = MINIMELLY | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_KFAHIQ\0000 disappeared from the system without
first being prepared for removal.

Error - 12/14/2011 4:36:40 PM | Computer Name = MINIMELLY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde ViaIde

Error - 12/14/2011 4:37:47 PM | Computer Name = MINIMELLY | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 a34797fc, parameter3
a2b21bb0, parameter4 00000000.

Error - 12/14/2011 4:38:09 PM | Computer Name = MINIMELLY | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000008, parameter2 00000002, parameter3
00000000, parameter4 804fc652.

< End of report >

broni · 2011/12/15

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
PRC - [2011/12/13 20:08:25 | 000,193,536 | ---- | M] () -- C:\Program Files\9E243\lvvm.exe
MOD - [2011/12/13 20:08:25 | 000,193,536 | ---- | M] () -- C:\Program Files\9E243\lvvm.exe
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:8893
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:8893
IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:57980
FF - prefs.js..keyword.URL:  "http://search.alot.com/web?&src_id=11511&client_id=92a6bf3cb4f878cce86dd54c&camp_id=-10&install_time=2010-06-19T15:19:11Z&tb_version=2.4.15000%28F%29&pr=auto&q= "
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.2000
FF - prefs.js..network.proxy.http_port: 57980
[2011/12/13 22:54:02 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\extensions\toolbar@alot.com
[2010/06/19 07:20:58 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\searchplugins\alot-search.xml
[2011/01/01 12:23:35 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\searchplugins\bing-zugo.xml
[2011/01/06 22:10:28 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [655.exe] C:\Program Files\LP\5516\655.exe ()
O4 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007..\Run: [msnmsgr]  "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2735177599-1521103678-2417746798-1007..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...Q&n=2010102023 File not found
O33 - MountPoints2\{fe6eb8ca-d1ba-11e0-8312-002655b09551}\Shell\AutoRun\command - " " = RunClubSanDisk.exe
[2011/01/01 12:24:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hvowefayoq.dat
[2011/01/01 12:24:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fdonaxubexuyir.bin
[2011/11/14 21:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JIN\Application Data\068E1
[2011/12/14 23:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JIN\Application Data\6439E
[2011/01/06 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/03/28 15:08:21 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_122000.bat
[2011/04/29 06:06:28 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_125078.bat
[2011/04/11 19:54:08 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_127734.bat
[2011/03/30 19:31:05 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_129328.bat
[2011/04/09 06:36:11 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_134265.bat
[2011/04/24 06:08:18 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_139468.bat
[2011/04/20 11:27:08 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_14563218.bat
[2011/04/03 11:43:52 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_159265.bat
[2011/04/09 11:04:03 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16206281.bat
[2011/04/08 18:54:48 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16329593.bat
[2011/04/08 11:14:18 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16673265.bat
[2011/04/20 07:57:03 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_1958500.bat
[2011/04/06 18:05:41 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_1989765.bat
[2011/04/09 13:17:30 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_24213187.bat
[2011/05/02 17:30:46 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_264906.bat
[2011/04/20 14:59:57 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_27332265.bat
[2011/02/16 20:23:53 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_318156.bat
[2011/05/06 17:42:25 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_44921.bat
[2011/04/16 10:27:56 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_472015.bat
[2011/04/08 14:30:31 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_472406.bat
[2011/08/06 16:55:19 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_55093.bat
[2011/04/25 17:42:29 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_55968.bat
[2011/04/30 06:20:18 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_61156.bat
[2011/04/20 09:15:14 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_6649671.bat
[2011/08/27 08:39:41 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_76406.bat
[2011/09/27 17:51:45 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_79906.bat
[2011/04/12 18:24:19 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8106968.bat
[2011/04/09 08:51:17 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8239781.bat
[2011/04/08 16:41:33 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8333734.bat
[2011/04/08 08:57:12 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8446890.bat
[2011/08/23 17:52:59 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_85234.bat
[2011/10/02 17:14:08 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_91828.bat
[2011/04/06 20:16:24 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\JIN\Application Data\Microsoft\gb_9834109.bat


:Services

:Reg

:Files
C:\Program Files\9E243

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

ewanko08 · 2011/12/15

OTL Fix:

All processes killed
========== OTL ==========
Process lvvm.exe killed successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E!
Unable to set value : HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E!
Unable to set value : HKU\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Prefs.js: "http://search.alot.com/web?&src_id=11511&client_id=92a6bf3cb4f878cce86dd54c&camp_id=-10&install_time=2010-06-19T15:19:11Z&tb_version=2.4.15000%28F%29&pr=auto&q=" removed from keyword.URL
Prefs.js: toolbar@alot.com:2.4.2000 removed from extensions.enabledItems
Prefs.js: 57980 removed from network.proxy.http_port
Folder C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\extensions\toolbar@alot.com\ not found.
File C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\searchplugins\alot-search.xml not found.
File C:\Documents and Settings\JIN\Application Data\Mozilla\Firefox\Profiles\1gt4kvi3.default\searchplugins\bing-zugo.xml not found.
C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_USERS\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\655.exe deleted successfully.
C:\Program Files\LP\5516\655.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-2735177599-1521103678-2417746798-1007\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6eb8ca-d1ba-11e0-8312-002655b09551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe6eb8ca-d1ba-11e0-8312-002655b09551}\ not found.
File RunClubSanDisk.exe not found.
C:\WINDOWS\Hvowefayoq.dat moved successfully.
C:\WINDOWS\Fdonaxubexuyir.bin moved successfully.
Folder C:\Documents and Settings\JIN\Application Data\068E1\ not found.
Folder C:\Documents and Settings\JIN\Application Data\6439E\ not found.
C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar folder moved successfully.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_122000.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_125078.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_127734.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_129328.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_134265.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_139468.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_14563218.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_159265.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16206281.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16329593.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_16673265.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_1958500.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_1989765.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_24213187.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_264906.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_27332265.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_318156.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_44921.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_472015.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_472406.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_55093.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_55968.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_61156.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_6649671.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_76406.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_79906.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8106968.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8239781.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8333734.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_8446890.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_85234.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_91828.bat not found.
File C:\Documents and Settings\JIN\Application Data\Microsoft\gb_9834109.bat not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\9E243 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 321 bytes

User: JIN

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1015942 bytes
->Java cache emptied: 10814 bytes
->Flash cache emptied: 43666 bytes

User: MELY
->Temp folder emptied: 1406680 bytes
->Temporary Internet Files folder emptied: 3547661 bytes
->Java cache emptied: 188842 bytes
->FireFox cache emptied: 29688099 bytes
->Flash cache emptied: 25754 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 461 bytes
->Flash cache emptied: 14106 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3773672 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 30639640 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 18734146 bytes

Total Files Cleaned = 85.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: JIN

User: LocalService
->Flash cache emptied: 0 bytes

User: MELY
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12152011_103118

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_260.dat moved successfully.

Registry entries deleted on Reboot...

OTL.txt:

OTL logfile created on: 12/15/2011 10:34:55 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\MELY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 380.93 Mb Available Physical Memory | 37.52% Memory free
2.39 Gb Paging File | 1.85 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.02 Gb Total Space | 0.29 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
Drive D: | 7.44 Gb Total Space | 3.38 Gb Free Space | 45.39% Space Free | Partition Type: FAT32

Computer Name: MINIMELLY | User Name: MELY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 10:34:19 | 000,194,048 | ---- | M] () -- C:\Program Files\9E243\lvvm.exe
PRC - [2011/12/15 10:33:22 | 000,294,400 | ---- | M] () -- C:\Program Files\LP\5516\655.exe
PRC - [2011/12/15 10:23:23 | 000,176,640 | ---- | M] () -- C:\Documents and Settings\MELY\Application Data\6439E\B0955.exe
PRC - [2011/12/14 23:09:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MELY\Desktop\OTL.exe
PRC - [2011/10/11 15:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/12 14:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/30 12:47:00 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/30 12:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/02/18 13:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/15 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/15 10:34:19 | 000,194,048 | ---- | M] () -- C:\Program Files\9E243\lvvm.exe
MOD - [2011/12/15 10:33:22 | 000,294,400 | ---- | M] () -- C:\Program Files\LP\5516\655.exe
MOD - [2011/12/15 10:23:23 | 000,176,640 | ---- | M] () -- C:\Documents and Settings\MELY\Application Data\6439E\B0955.exe
MOD - [2011/10/11 15:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/04/12 14:46:46 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/04/12 14:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/03/30 12:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/14 11:43:41 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/16 23:32:53 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/03/30 12:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/19 10:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/02 13:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/21 17:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58970

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.http_port: 58970
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3D5C612D-5AB5-43B0-869A-3691C18FADE3}: C:\Documents and Settings\JIN\Local Settings\Application Data\{3D5C612D-5AB5-43B0-869A-3691C18FADE3}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/13 23:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/14 15:51:46 | 000,000,000 | ---D | M]

[2010/05/16 11:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MELY\Application Data\Mozilla\Extensions
[2011/09/14 14:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MELY\Application Data\Mozilla\Firefox\Profiles\6ejxj533.default\extensions
[2010/05/16 11:42:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MELY\Application Data\Mozilla\Firefox\Profiles\6ejxj533.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 23:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/14 16:37:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [655.exe] C:\Program Files\LP\5516\655.exe ()
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65752872-B130-41BF-A503-7E7A0A200C5A}: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\MELY\Application Data\6439E\B0955.exe) -C:\Documents and Settings\MELY\Application Data\6439E\B0955.exe ()
O24 - Desktop WallPaper: C:\WINDOWS\Firestorm.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 10:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\9E243
[2011/12/15 10:31:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/15 10:30:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MELY\Desktop\OTL.exe
[2011/12/15 10:30:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MELY\Desktop\TFC.exe
[2011/12/15 10:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MELY\Local Settings\Application Data\PCHealth
[2011/12/15 10:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MELY\Application Data\6439E
[2011/12/15 01:57:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/14 22:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/12/14 16:52:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/14 12:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MELY\Application Data\Malwarebytes
[2011/12/14 12:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/14 12:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/14 12:01:30 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/14 12:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/14 10:44:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/14 10:31:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/14 10:31:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/14 10:31:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/14 10:31:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/14 10:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/14 10:27:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/14 10:26:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MELY\Start Menu\Programs\Administrative Tools
[2011/12/13 22:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MELY\Application Data\Avira
[2011/12/13 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/12/13 22:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/12/13 22:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/12/13 22:20:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/12/13 22:20:18 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/12/13 22:20:17 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/13 22:20:15 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/12/13 22:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

========== Files - Modified Within 30 Days ==========

[2011/12/15 10:32:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/15 10:32:25 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 10:27:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MELY\Desktop\TFC.exe
[2011/12/15 10:26:46 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\MELY\Desktop\SecurityCheck.exe
[2011/12/15 10:26:26 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\MELY\Desktop\JavaRa.zip
[2011/12/15 10:17:58 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 02:09:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 23:09:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MELY\Desktop\OTL.exe
[2011/12/14 16:37:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/14 15:51:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/14 12:01:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 11:43:41 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/14 10:46:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/13 23:15:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\MELY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/13 23:15:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/13 22:23:05 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/12/10 16:09:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 22:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/29 20:09:34 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/29 20:09:34 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/23 16:55:38 | 000,069,284 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2011/12/15 10:30:06 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\MELY\Desktop\SecurityCheck.exe
[2011/12/15 10:30:04 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\MELY\Desktop\JavaRa.zip
[2011/12/14 12:01:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 10:46:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/14 10:45:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/14 10:31:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/14 10:31:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/14 10:31:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/14 10:31:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/14 10:31:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/13 23:15:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\MELY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/13 22:46:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/13 22:23:05 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/23 16:55:38 | 000,069,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/17 16:53:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/05/21 19:32:29 | 000,000,253 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/19 19:31:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/10 09:32:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/10 00:45:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/14 11:47:27 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/14 11:28:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/24 17:48:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/24 17:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/24 17:26:44 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/24 17:26:44 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/24 17:16:28 | 000,331,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 17:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/24 17:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/15 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/15 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/15 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/15 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/15 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/15 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/15 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/15 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 21:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 21:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/10/17 16:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/06/14 11:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/14 11:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/12/25 16:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/15 10:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MELY\Application Data\6439E

========== Purity Check ==========

< End of report >

Security Check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Adobe Flash Player ( 10.3.183.11) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

ESET:

C:\Documents and Settings\MELY\Application Data\6439E\B0955.exe a variant of Win32/Kryptik.XJB trojan cleaned by deleting - quarantined
C:\Program Files\9E243\lvvm.exe a variant of Win32/Kryptik.XJB trojan cleaned by deleting - quarantined
C:\Program Files\LP\5516\655.exe a variant of Win32/Kryptik.XJB trojan cleaned by deleting - quarantined
C:\Program Files\LP\5516\7.tmp a variant of Win32/Kryptik.XJB trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LP\5516\3A1.exe.vir a variant of Win32/Kryptik.XEN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LP\5516\3A3.exe.vir a variant of Win32/Kryptik.XGT trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP318\A0065787.exe a variant of Win32/Kryptik.XEN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP318\A0065789.exe a variant of Win32/Kryptik.XGT trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\Improve Your PC.lnk LNK/URL.B trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12152011_103118\C_Program Files\9E243\lvvm.exe a variant of Win32/Kryptik.XGT trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12152011_103118\C_Program Files\LP\5516\655.exe a variant of Win32/Kryptik.XJB trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Cycbot.AK trojan

broni · 2011/12/15

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

ewanko08 · 2011/12/15

Everytime I run OTL.exe, Avira AntiVirus keeps alerting that it found some malware. Is it normal or does it mean that I might still have some malware in my pc?

Here's the latest OTL Log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JIN

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MELY
->Temp folder emptied: 196142 bytes
->Temporary Internet Files folder emptied: 3779457 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29072126 bytes
->Flash cache emptied: 566 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19814 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: JIN

User: LocalService
->Flash cache emptied: 0 bytes

User: MELY
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12152011_124941

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_2c4.dat moved successfully.

Registry entries deleted on Reboot...

broni · 2011/12/15

Avira may be "allergic" to OTL.

13. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready....

ewanko08 · 2011/12/15

My browsers are back to normal.. Everything seems fine now. Except Avira still displays alerts on finding virus or unwanted programs. Even without OTL. I'll try to run a system scan.

Thanks for the help. I'll keep you posted.

ewanko08 · 2011/12/15

And also,

I run a quick scan in malwarebytes now and it is still seeing infected objects. Should I just go and cure all these?

broni · 2011/12/15

Absolutely and post MBAM's log.

Also let me know what exactly Avira is discovering.

ewanko08 · 2011/12/15

Avira has not reported any detections since I scanned with MalwareBytes. I'll continue to monitor and tell you if ever Avira reports any more detections.

Here's the MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8377

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/15/2011 2:31:38 PM
mbam-log-2011-12-15 (14-31-38).txt

Scan type: Quick scan
Objects scanned: 185498
Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\documents and settings\MELY\application data\6439E\B0955.exe (Trojan.Dropper.PE4) -> 2452 -> Unloaded process successfully.
c:\program files\LP\5516\655.exe (Trojan.Dropper.PE4) -> 3048 -> Unloaded process successfully.
c:\program files\9E243\lvvm.exe (Trojan.Dropper.PE4) -> 2152 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\655.exe (Trojan.Dropper.PE4) -> Value: 655.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\MELY\application data\6439E\B0955.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
c:\program files\LP\5516\655.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
c:\program files\9E243\lvvm.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

broni · 2011/12/15

It's little bit worrying how fast you got reinfected.

Re-run MBAM one more time please.

Log in or Sign up

Solved Browsers crashing - suspect virus

ewanko08 Inactive Thread Starter

Admin. Administrator Administrator Staff

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Browsers crashing - suspect virus

ewanko08 Inactive Thread Starter

Admin. Administrator Administrator Staff

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

ewanko08 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches