Solved Experiencing problems after virus

Supermaine · 2011/04/28

ComboFix 11-04-28.01 - Owner 04/28/2011 22:11:20.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.691 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-28 22:27 . 2011-04-28 22:27 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-04-28 22:27 . 2011-04-28 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-28 22:27 . 2011-04-28 22:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-28 20:52 . 2011-04-28 20:52 -------- d-----w- C:\_OTL
2011-04-27 21:19 . 2011-04-27 21:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-27 20:28 . 2011-04-27 20:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-30 21:36 . 2005-11-03 21:14 45056 ----a-w- c:\windows\system32\Synsopos.exe
2011-03-30 21:36 . 2005-11-08 15:20 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-26 16:12 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-26 16:12 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51 . 2004-08-26 16:12 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51 . 2004-08-26 16:12 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 13:51 . 2004-08-26 16:11 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:18 . 2004-08-26 16:12 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-26 16:12 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:37 . 2004-08-26 16:11 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32 . 2009-06-16 16:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-26 16:11 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-26 16:12 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-26 16:11 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-26 16:11 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-08-26 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-28_18.40.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-29 01:13 . 2011-04-29 01:13 16384 c:\windows\temp\Perflib_Perfdata_514.dat
+ 2010-06-09 16:35 . 2010-12-20 22:09 38224 c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-06-09 16:35 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-06-09 16:35 . 2010-12-20 22:08 20952 c:\windows\system32\drivers\mbam.sys
- 2010-06-09 16:35 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2010-06-30 04:11 349624 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2010-10-06 328056]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Aim "= "c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM "= "c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SiteRanker "= "c:\program files\SiteRanker\SiteRankTray.exe" [2010-06-30 319488]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz "= "nwiz.exe" [2008-09-18 1657376]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"Monitor "= "c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"H2O "= "c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"Freecorder FLV Service "= "c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OMNI Time.lnk - c:\documents and settings\Owner\My Documents\Stardock\OMNItime.exe [2005-5-6 346624]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-18 3450608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/6/2010 5:41 PM 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/16/2009 2:10 AM 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/16/2009 2:10 AM 17744]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [10/8/2010 7:49 PM 33792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/3/2009 7:39 PM 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 23:39]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 23:39]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705464508-3563758628-1241951192-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-26 09:04]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-705464508-3563758628-1241951192-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-26 09:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: ActiveGS: activegs@freetoolsassociation.com - %profile%\extensions\activegs@freetoolsassociation.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: SiteRanker: siteranker@siteranker.com - c:\program files\SiteRanker\firefox

.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 22:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
- - - - - - - > 'explorer.exe'(2248)
c:\documents and settings\Owner\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-28 22:16:34
ComboFix-quarantined-files.txt 2011-04-29 02:16
ComboFix2.txt 2011-04-28 18:41
ComboFix3.txt 2010-06-11 20:50
.
Pre-Run: 132,585,684,992 bytes free
Post-Run: 132,567,896,064 bytes free
.
- - End Of File - - 199DB5A22F15AFEA9D239A25C9C38700

broni · 2011/04/28

Looks good

Any current issues?

Re-run OTL "Quick scan" (no custom script needed) and post fresh log.
Only one log will be produced.

Supermaine · 2011/04/28

Nope. No issues thus far.

OTL logfile created on: 4/28/2011 11:06:02 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 394.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.46 Gb Total Space | 123.41 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
Drive D: | 3.58 Gb Total Space | 1.56 Gb Free Space | 43.64% Space Free | Partition Type: FAT32

Computer Name: YOUR-E1FA6C6467 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 16:25:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/04/20 11:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/24 23:40:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 04:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/10/21 05:04:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/06/30 00:10:58 | 000,319,488 | ---- | M] (Crawler, LLC) -- C:\Program Files\SiteRanker\SiteRankTray.exe
PRC - [2010/06/26 14:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/06/11 00:35:40 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/29 18:57:58 | 000,593,688 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\DesktopX\DXWidget.exe
PRC - [2005/12/18 14:18:56 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2005/05/10 18:31:22 | 000,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\Stardock\SDMCP.exe
PRC - [2004/10/18 17:05:12 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe

========== Modules (SafeList) ==========

MOD - [2011/04/28 21:13:48 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2011/04/28 16:25:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/01/13 04:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/06/11 00:35:40 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/01/13 04:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 04:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 04:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 04:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 04:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 04:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/06 17:41:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2005/11/23 16:51:38 | 000,245,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/10/27 10:57:38 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/10/20 14:39:32 | 000,040,724 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/10/18 17:05:12 | 000,042,968 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/05/25 15:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search "
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} "
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-type: "${8} "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.3.101
FF - prefs.js..extensions.enabledItems: siteranker@siteranker.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= "

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 00:55:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2010/07/03 02:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\program files\Mozilla Firefox\components [2011/04/27 17:19:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2011/03/24 23:40:49 | 000,000,000 | ---D | M]

[2009/06/17 07:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/28 16:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\extensions
[2011/03/26 13:54:27 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/03/26 13:54:28 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/10 02:06:02 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\extensions\activegs@freetoolsassociation.com
[2011/03/26 13:54:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\extensions\engine@conduit.com
[2009/10/23 22:34:15 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\searchplugins\aim-search.xml
[2010/10/20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\searchplugins\conduit.xml
[2010/07/03 02:41:56 | 000,002,168 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9t9ikza3.default\searchplugins\inbox-search.xml
[2011/04/28 13:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 21:33:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 05:07:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 12:58:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/08 01:17:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/03/05 00:55:34 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/07/26 18:15:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/03 02:40:02 | 000,000,000 | ---D | M] (SiteRanker) -- C:\PROGRAM FILES\SITERANKER\FIREFOX
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/04/28 14:40:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OMNI Time.lnk = C:\Documents and Settings\Owner\My Documents\Stardock\OMNItime.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 18:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/04/28 18:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/28 18:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/28 18:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/28 16:52:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/28 16:25:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/28 16:00:02 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/04/28 14:41:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/28 14:36:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/28 14:36:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/28 14:36:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/28 14:36:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/28 14:34:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/30 17:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\SyncroSoft Emu
[2011/03/30 17:36:55 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\Synsopos.exe
[2011/03/30 17:36:53 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SynsoLChk.dll
[2011/03/30 17:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Syncrosoft
[2011/03/30 17:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steinberg
[2011/03/30 17:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder

========== Files - Modified Within 30 Days ==========

[2011/04/28 22:39:25 | 000,003,286 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My.jpg
[2011/04/28 22:28:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-705464508-3563758628-1241951192-1003UA.job
[2011/04/28 22:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 22:08:07 | 004,332,535 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/28 21:13:44 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/28 21:13:42 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 21:13:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 21:13:15 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 18:27:10 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/28 18:17:39 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/04/28 17:43:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/04/28 17:00:37 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/28 16:25:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/28 14:44:03 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/04/28 14:40:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/28 11:37:42 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/28 11:36:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/04/28 11:36:41 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\t13hvw7w.exe
[2011/04/27 17:17:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/27 17:17:10 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/27 00:28:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-705464508-3563758628-1241951192-1003Core.job
[2011/04/26 22:06:56 | 000,148,659 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ghey.wma
[2011/04/26 21:43:54 | 000,090,289 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\watev.wma
[2011/04/26 21:31:29 | 000,130,699 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\still sounds crappy i can bet.wma
[2011/04/26 21:31:06 | 000,054,369 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\yeah hope i did that right.wma
[2011/04/22 12:41:03 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/20 15:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/16 03:19:46 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 03:03:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/12 00:40:15 | 005,175,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rockstar.mp3
[2011/04/11 23:57:58 | 004,558,307 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\it's over.mp3
[2011/04/11 23:54:48 | 005,901,210 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\misunderstood.mp3
[2011/04/11 23:50:43 | 005,686,797 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woman.mp3
[2011/04/11 23:46:46 | 003,365,034 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lights out.mp3
[2011/04/11 23:39:41 | 005,101,236 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\im gone.mp3
[2011/04/08 01:02:07 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2011/04/08 01:02:07 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2011/04/08 01:02:07 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2011/04/08 01:02:07 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2011/04/08 01:02:07 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2011/04/08 01:02:07 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2011/04/08 01:02:07 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2011/04/08 01:02:07 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2011/04/08 01:02:07 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2011/04/08 01:02:07 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2011/04/08 01:02:07 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2011/04/08 00:49:56 | 000,772,224 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tue Mar 22 22;55;55 2011.mp3
[2011/04/03 01:05:10 | 000,259,926 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\oh me oh my.flp
[2011/04/03 00:34:59 | 000,179,460 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\starter.flp
[2011/04/03 00:33:34 | 000,253,537 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\starting off ill son son.flp
[2011/03/31 15:53:05 | 000,180,821 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\r&b.flp
[2011/03/30 17:26:21 | 005,753,252 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\spotless mind .mp3
[2011/03/30 16:46:28 | 1656,404,118 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hypersonic2.7z
[2011/03/30 15:18:13 | 000,317,693 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lil groove.mp3

========== Files Created - No Company Name ==========

[2011/04/28 22:39:25 | 000,003,286 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\My.jpg
[2011/04/28 22:07:42 | 004,332,535 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/28 21:13:15 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/28 18:27:10 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/28 18:17:47 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/04/28 17:43:00 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2011/04/28 17:43:00 | 000,000,557 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OMNI Time.lnk
[2011/04/28 14:44:02 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/04/28 14:36:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/28 14:36:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/28 14:36:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/28 14:36:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/28 14:36:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/28 11:37:42 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/28 11:36:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/04/28 11:36:48 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\t13hvw7w.exe
[2011/04/27 17:17:10 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/26 22:09:10 | 000,148,659 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ghey.wma
[2011/04/26 21:44:53 | 000,090,289 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\watev.wma
[2011/04/26 21:32:28 | 000,130,699 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\still sounds crappy i can bet.wma
[2011/04/26 21:29:38 | 000,054,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\yeah hope i did that right.wma
[2011/04/03 00:57:37 | 000,259,926 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\oh me oh my.flp
[2011/04/03 00:24:58 | 000,253,537 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\starting off ill son son.flp
[2011/03/30 17:37:13 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2011/03/30 17:37:13 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2011/03/30 17:37:13 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2011/03/30 15:18:26 | 1656,404,118 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hypersonic2.7z
[2011/03/08 11:18:24 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2010/10/06 18:11:43 | 000,695,578 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/10/06 18:11:42 | 000,001,079 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/05/20 21:05:45 | 000,253,580 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/16 02:34:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/05 00:26:05 | 000,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/08 10:29:19 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2009/08/18 18:07:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/08/10 22:39:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2009/06/16 03:50:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/06/11 13:08:25 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 12:08:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/06/11 01:34:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/06/11 00:52:29 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/06/11 00:35:40 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2009/06/11 00:33:49 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/06/11 00:33:49 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/06/11 00:33:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2009/06/11 00:28:29 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/11 00:13:57 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2008/09/17 23:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 23:55:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/09/17 23:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 23:55:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/09/17 23:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 23:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 23:55:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/09/17 23:55:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/09/17 23:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 12:12:43 | 000,001,444 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 12:12:10 | 000,380,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 12:12:10 | 000,052,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 06:54:01 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2009/08/13 03:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2009/06/16 01:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/08/14 03:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/08/14 03:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/07/12 03:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/06 17:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/10 22:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/10/06 17:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Note
[2009/06/24 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/10/06 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spectrasonics
[2009/07/09 09:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/16 01:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2011/03/12 01:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/06/07 22:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/12/11 04:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ManyCam
[2009/06/16 03:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/06/24 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2010/07/03 02:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SiteRanker
[2010/10/08 19:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2009/06/16 03:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/04/11 17:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2011/04/28 21:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

========== Purity Check ==========

< End of report >

broni · 2011/04/28

Looks good

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Supermaine · 2011/04/28

here's the first one:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 6.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

broni · 2011/04/28

Update Internet Explorer to version 8.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

Supermaine · 2011/04/29

C:\Qoobox\Quarantine\C\WINDOWS\edofihutafuz.dll.vir a variant of Win32/Kryptik.NCA trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0003044.dll a variant of Win32/Kryptik.NCA trojan

broni · 2011/04/29

Both entries will be removed by performing our next, last steps.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

.....Bed time here ......

Supermaine · 2011/04/29

Thank you so much! This is the second time you've helped me. You're a life saver.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 896243832 bytes
->Temporary Internet Files folder emptied: 517676 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 96208392 bytes
->Flash cache emptied: 2658 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 26077633 bytes

Total Files Cleaned = 972.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 04292011_011711

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2011/04/29

You're very welcome

Good luck and stay safe

Supermaine · 2011/04/30

Broni, it appears I spoke too soon. Today is the first day I've booted the computer back up, and once again the system utility message popped up telling me that it was a selective startup instead of a normal one. Then it began to lag again, and I couldn't open up my browser without it freezing and me having to restart. I'm booted back into Safe Mode with networking. Do you have any idea what this could be?

broni · 2011/04/30

As for the message, see here: http://support.microsoft.com/kb/310567

As for the other issue.....hmmmmm....unless you got reinfected, you may have some other issues.

Update MBAM, run "Quick scan" and post fresh log.

Also, see if Firefox gives you same issues.

Supermaine · 2011/04/30

Are there certain programs or files that start ONLY when you boot into normal mode?
Because everything seems to hang and lag. The welcome screen stays on for about a minute or two, then the desktop finally comes up but hardly anything loads. Meanwhile, I boot into safe mode with networking, all my files and folders work. I'm able to access firefox, AOL Instant messenger, etc etc. without a problem.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6481

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

4/30/2011 9:17:12 PM
mbam-log-2011-04-30 (21-17-12).txt

Scan type: Quick scan
Objects scanned: 145027
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2011/04/30

We'll see....

Download, and install Quick Startup: http://www.glarysoft.com/qs.html
Go File>Export, save report, and paste it into your next post.

Supermaine · 2011/04/30

Startup List report created on 4/30/2011 by Startup Manager

Name: SunKistEM
Path: C:\Program Files\Digital Media Reader\shwiconem.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: SiteRanker
Path: "C:\Program Files\SiteRanker\SiteRankTray.exe "
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: RemoteControl
Path: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Recguard
Path: C:\WINDOWS\SMINST\RECGUARD.EXE
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: QuickTime Task
Path: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: PHIME2002ASync
Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: PHIME2002A
Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: nwiz
Path: nwiz.exe /install
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvMediaCenter
Path: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvCplDaemon
Path: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: MSPY2002
Path: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Monitor
Path: C:\WINDOWS\PixArt\PAC207\Monitor.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: IMJPMIG8.1
Path: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: H2O
Path: C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Freecorder FLV Service
Path: "C:\Program Files\Freecorder\FLVSrvc.exe" /run
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: SunJavaUpdateSched
Path: "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: DAEMON Tools Lite
Path: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Aim
Path: "C:\Program Files\AIM\aim.exe" /d locale=en-US
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: OMNI Time
Path: C:\DOCUME~1\Owner\MYDOCU~1\Stardock\OMNItime.exe
Location: C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: Stardock ObjectDock
Path: C:\PROGRA~1\Stardock\OBJECT~1\OBJECT~1.EXE
Location: C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------
Total 20 Items

broni · 2011/04/30

Re-run Quick Startup and UN-check following items:

SiteRanker
PHIME2002ASync
PHIME2002A
nwiz
NvCplDaemon
MSPY2002
IMJPMIG8.1
Freecorder FLV Service
SunJavaUpdateSched
Aim
OMNI Time
Stardock ObjectDock

Restart in normal mode and see how it goes.

Supermaine · 2011/04/30

It still lagged on the welcome screen, and as the desktop came up... the programs on it didn't have their regular icons. They all had the same one.

broni · 2011/04/30

Disable this one too:
DAEMON Tools Lite
Restart computer.

Supermaine · 2011/04/30

Same response.

broni · 2011/04/30

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

Log in or Sign up

Solved Experiencing problems after virus

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Experiencing problems after virus

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches