Jump to content

oakr8r2

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have finished removing everything. Thank you so much. I appreciate all the time and effort you put into helping me thanks again!
  2. ComboFix 09-11-29.01 - Jesse 11/29/2009 11:00.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.472 [GMT -8:00] Running from: c:\documents and settings\Jesse\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Jesse\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 ))))))))))))))))))))))))))))))) . 2009-11-29 16:51 . 2009-11-29 16:51 -------- d-----w- c:\program files\ERUNT 2009-11-29 16:23 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-29 16:23 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-29 16:23 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-29 16:23 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-29 16:23 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-29 16:23 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-29 16:23 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-29 16:23 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-29 16:23 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-29 16:23 . 2009-11-29 16:23 -------- d-----w- c:\program files\Alwil Software 2009-11-29 05:13 . 2009-11-29 05:13 -------- d-sh--w- c:\documents and settings\Jesse\IECompatCache 2009-11-29 02:32 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-29 02:32 . 2009-11-29 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-29 02:32 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-29 01:52 . 2009-11-29 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-29 01:52 . 2009-11-29 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-28 15:46 . 2008-12-04 09:25 120832 ----a-w- c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-11-28 06:29 . 2009-11-28 06:30 -------- dc-h--w- c:\windows\ie8 2009-11-28 05:22 . 2009-11-28 05:22 0 ----a-w- c:\windows\nsreg.dat 2009-11-28 05:22 . 2009-11-28 05:22 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\Mozilla 2009-11-28 01:20 . 2009-11-28 01:20 -------- d-----w- c:\documents and settings\Jesse\Application Data\Malwarebytes 2009-11-28 01:19 . 2009-11-28 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-26 05:45 . 2009-11-28 16:05 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\edbmnv 2009-11-17 21:35 . 2009-11-17 21:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-17 21:33 . 2009-11-17 21:33 -------- d-sh--w- c:\documents and settings\Jesse\PrivacIE 2009-11-17 21:30 . 2009-11-17 21:30 -------- d-sh--w- c:\documents and settings\Jesse\IETldCache 2009-11-17 21:26 . 2009-11-28 05:31 -------- d-----w- c:\windows\ie8updates 2009-11-17 21:19 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-11-17 21:19 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-11-17 21:19 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-11-17 21:19 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-11-17 21:19 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-11-17 21:19 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-11-17 21:19 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\windows\system32\XPSViewer 2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\program files\MSBuild 2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\program files\Reference Assemblies 2009-11-14 00:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-11-14 00:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-11-14 00:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-11-14 00:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-11-14 00:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-11-14 00:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-11-14 00:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-11-14 00:39 . 2009-11-14 00:40 -------- d-----w- C:\d22a9cc1ee80b925221080 2009-11-14 00:34 . 2009-11-14 00:34 -------- d-----w- c:\program files\MSXML 6.0 2009-11-10 03:54 . 2009-11-11 01:44 -------- d-----w- c:\program files\Microsoft Silverlight 2009-11-10 03:54 . 2009-11-10 03:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-11-10 03:47 . 2009-11-10 03:47 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-11-10 03:46 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-11-10 03:46 . 2009-11-10 03:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-11-10 03:42 . 2009-11-10 03:54 -------- d-----w- c:\program files\Microsoft 2009-11-08 03:32 . 2009-11-08 03:52 -------- d-----w- c:\documents and settings\Jesse\Application Data\Gradekeeper 2009-11-08 03:30 . 2009-11-08 03:30 -------- d-----w- c:\windows\Gradekeeper 2009-11-08 03:30 . 2009-11-08 03:30 -------- d-----w- c:\program files\Gradekeeper 2009-10-31 02:52 . 2009-10-31 02:52 -------- d-----w- c:\documents and settings\Jesse\Application Data\DriverCure 2009-10-31 02:52 . 2009-10-31 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure 2009-10-31 02:52 . 2009-10-31 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-14 01:04 . 2007-02-05 16:28 20688 ----a-w- c:\documents and settings\Jesse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-10 03:53 . 2009-08-05 16:25 -------- d-----w- c:\program files\Windows Live 2009-10-06 16:05 . 2007-05-23 18:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-28 22:23 . 2009-09-28 22:23 20200 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-22 00:09 . 2009-09-22 00:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-09-11 14:33 . 2001-08-18 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-29_18.23.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-29 18:56 . 2009-11-29 18:56 16384 c:\windows\Temp\Perflib_Perfdata_50c.dat + 2009-11-29 19:07 . 2009-11-29 19:07 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] c:\documents and settings\Jesse\Start Menu\Programs\Startup\ Imation_Flash_Detect.lnk - c:\program files\Imation\USB_ImationFlashDetect.exe [2009-3-21 655360] PowerReg Scheduler V3.exe [2009-3-14 225280] PowerReg Scheduler.exe [2009-3-23 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/29/2009 8:23 AM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/29/2009 8:23 AM 20560] R3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [5/16/2009 8:12 AM 16640] . Contents of the 'Scheduled Tasks' folder 2009-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\ FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-29 11:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3684) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\devldr32.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-11-29 11:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-29 19:16 ComboFix2.txt 2009-11-29 18:27 Pre-Run: 21,284,085,760 bytes free Post-Run: 21,243,666,432 bytes free - - End Of File - - B9C732F0F9624E82C5BDDB64846028AF Malwarebytes' Anti-Malware 1.41 Database version: 3258 Windows 5.1.2600 Service Pack 2 11/29/2009 11:31:11 AM mbam-log-2009-11-29 (11-31-11).txt Scan type: Quick Scan Objects scanned: 104067 Time elapsed: 10 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. ComboFix 09-11-28.04 - Jesse 11/29/2009 10:15.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.477 [GMT -8:00] Running from: c:\documents and settings\Jesse\Desktop\Combo-Fix.exe AV: avast! antivirus 4.8.1368 [VPS 091129-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Shared c:\windows\system32\tdlcmd.dll Infected copy of c:\windows\System32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 ))))))))))))))))))))))))))))))) . 2009-11-29 16:51 . 2009-11-29 16:51 -------- d-----w- c:\program files\ERUNT 2009-11-29 16:23 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-29 16:23 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-29 16:23 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-29 16:23 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-29 16:23 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-29 16:23 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-29 16:23 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-29 16:23 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-29 16:23 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-29 16:23 . 2009-11-29 16:23 -------- d-----w- c:\program files\Alwil Software 2009-11-29 05:13 . 2009-11-29 05:13 -------- d-sh--w- c:\documents and settings\Jesse\IECompatCache 2009-11-29 02:32 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-29 02:32 . 2009-11-29 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-29 02:32 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-29 01:52 . 2009-11-29 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-29 01:52 . 2009-11-29 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-28 15:46 . 2008-12-04 09:25 120832 ----a-w- c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-11-28 06:29 . 2009-11-28 06:30 -------- dc-h--w- c:\windows\ie8 2009-11-28 05:22 . 2009-11-28 05:22 0 ----a-w- c:\windows\nsreg.dat 2009-11-28 05:22 . 2009-11-28 05:22 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\Mozilla 2009-11-28 01:20 . 2009-11-28 01:20 -------- d-----w- c:\documents and settings\Jesse\Application Data\Malwarebytes 2009-11-28 01:19 . 2009-11-28 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-26 05:45 . 2009-11-28 16:05 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\edbmnv 2009-11-17 21:35 . 2009-11-17 21:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-17 21:33 . 2009-11-17 21:33 -------- d-sh--w- c:\documents and settings\Jesse\PrivacIE 2009-11-17 21:30 . 2009-11-17 21:30 -------- d-sh--w- c:\documents and settings\Jesse\IETldCache 2009-11-17 21:26 . 2009-11-28 05:31 -------- d-----w- c:\windows\ie8updates 2009-11-17 21:19 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-11-17 21:19 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-11-17 21:19 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-11-17 21:19 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-11-17 21:19 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-11-17 21:19 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-11-17 21:19 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\windows\system32\XPSViewer 2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\program files\MSBuild 2009-11-14 00:40 . 2009-11-14 00:40 -------- d-----w- c:\program files\Reference Assemblies 2009-11-14 00:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-11-14 00:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-11-14 00:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-11-14 00:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-11-14 00:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-11-14 00:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-11-14 00:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-11-14 00:39 . 2009-11-14 00:40 -------- d-----w- C:\d22a9cc1ee80b925221080 2009-11-14 00:34 . 2009-11-14 00:34 -------- d-----w- c:\program files\MSXML 6.0 2009-11-10 03:54 . 2009-11-11 01:44 -------- d-----w- c:\program files\Microsoft Silverlight 2009-11-10 03:54 . 2009-11-10 03:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-11-10 03:47 . 2009-11-10 03:47 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-11-10 03:46 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-11-10 03:46 . 2009-11-10 03:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-11-10 03:42 . 2009-11-10 03:54 -------- d-----w- c:\program files\Microsoft 2009-11-08 03:32 . 2009-11-08 03:52 -------- d-----w- c:\documents and settings\Jesse\Application Data\Gradekeeper 2009-11-08 03:30 . 2009-11-08 03:30 -------- d-----w- c:\windows\Gradekeeper 2009-11-08 03:30 . 2009-11-08 03:30 -------- d-----w- c:\program files\Gradekeeper 2009-10-31 02:52 . 2009-10-31 02:52 -------- d-----w- c:\documents and settings\Jesse\Application Data\DriverCure 2009-10-31 02:52 . 2009-10-31 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure 2009-10-31 02:52 . 2009-10-31 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-14 01:04 . 2007-02-05 16:28 20688 ----a-w- c:\documents and settings\Jesse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-10 03:53 . 2009-08-05 16:25 -------- d-----w- c:\program files\Windows Live 2009-10-06 16:05 . 2007-05-23 18:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-28 22:23 . 2009-09-28 22:23 20200 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-22 00:09 . 2009-09-22 00:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-09-11 14:33 . 2001-08-18 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] c:\documents and settings\Jesse\Start Menu\Programs\Startup\ Imation_Flash_Detect.lnk - c:\program files\Imation\USB_ImationFlashDetect.exe [2009-3-21 655360] PowerReg Scheduler V3.exe [2009-3-14 225280] PowerReg Scheduler.exe [2009-3-23 256000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/29/2009 8:23 AM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/29/2009 8:23 AM 20560] R3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [5/16/2009 8:12 AM 16640] . Contents of the 'Scheduled Tasks' folder 2009-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\ FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-ares - c:\program files\Ares\Ares.exe HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe HKLM-Run-DXDllRegExe - dxdllreg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-29 10:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-11-29 10:27 ComboFix-quarantined-files.txt 2009-11-29 18:26 Pre-Run: 21,211,828,224 bytes free Post-Run: 21,293,326,336 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - BA7DDBAB76B1F23F20FD778BDE377B98
  4. OTL logfile created on: 11/29/2009 9:20:11 AM - Run 1 OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Jesse\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.01 Mb Total Physical Memory | 272.16 Mb Available Physical Memory | 35.48% Memory free 1.46 Gb Paging File | 0.97 Gb Available in Paging File | 66.68% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 19.56 Gb Free Space | 52.51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1.86 Gb Total Space | 0.69 Gb Free Space | 37.31% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MANRIQUEZ Current User Name: Jesse Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/29 09:19:04 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe PRC - [2009/11/24 15:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/08/28 13:38:10 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/08/28 13:37:56 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/08/28 13:37:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/03/21 12:34:47 | 00,655,360 | ---- | M] () -- C:\Program Files\Imation\USB_ImationFlashDetect.exe PRC - [2009/01/30 13:52:48 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/07/07 09:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe PRC - [2003/09/16 05:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2003/08/04 17:28:18 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe PRC - [2001/08/17 14:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe ========== Modules (SafeList) ========== MOD - [2009/11/29 09:19:04 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/08/28 13:37:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/01/30 13:52:48 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2004/01/04 23:27:32 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12) SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2009/11/24 15:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/11/24 15:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/24 15:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/24 15:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 15:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/11/24 15:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009/08/28 13:38:10 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/08/28 13:38:09 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/08/25 13:09:02 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/01/08 17:00:54 | 00,016,640 | ---- | M] (Wondershare) -- C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys -- (DsAudioDevice_282) DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2004/10/07 17:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/03 22:08:21 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004/08/03 21:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2004/01/04 23:27:34 | 00,021,488 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2004/01/04 23:27:34 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2004/01/04 23:27:32 | 00,051,056 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412) DRV - [2001/08/18 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001/08/17 05:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT) DRV - [2001/08/17 04:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4) DRV - [2001/08/17 04:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM) DRV - [2001/08/17 04:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM) DRV - [2001/08/17 04:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001/08/17 04:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) DRV - [2001/08/17 04:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/27 21:22:38 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/27 21:22:19 | 00,000,000 | ---D | M] [2009/11/27 21:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Extensions [2009/11/29 08:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\pkg28de4.default\extensions [2009/11/27 21:22:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (250319 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 208.43.47.212 a1.review.zdnet.com O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com O1 - Hosts: 208.43.47.212 reviews.download.com O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk O1 - Hosts: 208.43.47.212 reviews.pcmag.com O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk O1 - Hosts: 208.43.47.212 reviews.techradar.com O1 - Hosts: 208.43.47.212 toptenreviews.com O1 - Hosts: 208.43.47.212 www.reevoo.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 8722 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. ) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. ) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. ) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DXDllRegExe] File not found O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found O4 - HKCU..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe File not found O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\Imation_Flash_Detect.lnk = C:\Program Files\Imation\USB_ImationFlashDetect.exe () O4 - Startup: C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies) O4 - Startup: C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\PowerReg Scheduler.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...20Installer.cab (Support.com Configuration Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1170687395223 (WUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/02/04 11:05:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/29 09:19:04 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe [2009/11/29 08:59:07 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Jesse\Desktop\RootRepeal.exe [2009/11/29 08:53:29 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Jesse\Desktop\ATF-Cleaner.exe [2009/11/29 08:51:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/29 08:51:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/11/29 08:50:34 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jesse\Desktop\erunt-setup.exe [2009/11/29 08:23:50 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/11/29 08:23:49 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/11/29 08:23:48 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/11/29 08:23:42 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/11/29 08:23:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/11/29 08:23:41 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/11/29 08:23:41 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/11/29 08:23:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/11/29 08:23:12 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/11/29 08:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009/11/28 21:13:23 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jesse\IECompatCache [2009/11/28 20:36:55 | 01,839,984 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Jesse\Desktop\HousecallLauncher(2).exe [2009/11/28 18:32:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/28 18:32:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/28 18:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/28 17:52:21 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009/11/28 17:52:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/11/27 22:29:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/11/27 21:22:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Local Settings\Application Data\Mozilla [2009/11/27 21:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\Mozilla [2009/11/27 21:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2009/11/27 17:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\Malwarebytes [2009/11/27 17:19:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/25 21:45:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Local Settings\Application Data\edbmnv [2009/11/17 13:33:13 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jesse\PrivacIE [2009/11/17 13:30:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jesse\IETldCache [2009/11/17 13:26:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/11/17 13:25:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2009/11/17 13:19:30 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2009/11/17 13:19:30 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2009/11/17 13:19:28 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2009/11/17 13:19:23 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2009/11/13 16:40:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2009/11/13 16:40:44 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild [2009/11/13 16:40:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2009/11/13 16:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2009/11/13 16:39:44 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2009/11/13 16:39:44 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2009/11/13 16:39:43 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2009/11/13 16:39:43 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2009/11/13 16:39:43 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2009/11/13 16:39:43 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2009/11/13 16:39:42 | 00,000,000 | ---D | C] -- C:\d22a9cc1ee80b925221080 [2009/11/13 16:34:59 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2009/11/09 19:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2009/11/09 19:54:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector [2009/11/09 19:47:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2009/11/09 19:46:35 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll [2009/11/09 19:46:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2009/11/09 19:42:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft [2009/11/07 19:32:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\Gradekeeper [2009/11/07 19:30:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Gradekeeper [2009/11/07 19:30:19 | 00,000,000 | ---D | C] -- C:\Program Files\Gradekeeper [2009/10/30 18:52:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\DriverCure [2009/10/30 18:52:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/10/30 18:52:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/29 09:19:21 | 00,843,187 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\SecurityCheck.exe [2009/11/29 09:19:04 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe [2009/11/29 08:59:32 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Jesse\Desktop\RootRepeal.exe [2009/11/29 08:58:26 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\RootRepeal.zip [2009/11/29 08:55:27 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Win32kDiag.exe [2009/11/29 08:53:29 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Jesse\Desktop\ATF-Cleaner.exe [2009/11/29 08:51:29 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\NTREGOPT.lnk [2009/11/29 08:51:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\ERUNT.lnk [2009/11/29 08:50:35 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jesse\Desktop\erunt-setup.exe [2009/11/29 08:47:50 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Jesse\NTUSER.DAT [2009/11/29 08:30:34 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\tdlcmd.dll [2009/11/29 08:28:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/29 08:25:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/29 08:25:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/29 08:25:23 | 80,433,9712 | -HS- | M] () -- C:\hiberfil.sys [2009/11/29 08:24:28 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Jesse\ntuser.ini [2009/11/29 08:23:51 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/11/29 08:23:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/11/29 08:22:42 | 45,898,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/11/29 08:22:42 | 00,106,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/11/28 22:38:38 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jesse\defogger_reenable [2009/11/28 22:26:00 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\23hvrpq3.exe [2009/11/28 22:25:46 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\dds.scr [2009/11/28 22:25:24 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Defogger.exe [2009/11/28 20:36:50 | 01,839,984 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Jesse\Desktop\HousecallLauncher(2).exe [2009/11/28 19:57:34 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Internet Explorer.lnk [2009/11/28 18:32:31 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/28 18:00:14 | 00,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2009/11/28 17:59:57 | 00,250,319 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/28 17:52:37 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Spybot - Search & Destroy.lnk [2009/11/28 17:47:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\settings.dat [2009/11/28 08:01:28 | 00,000,737 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/28 08:01:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/28 08:01:28 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2009/11/28 08:00:19 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\housecall.guid.cache [2009/11/27 22:39:25 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/11/27 21:22:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2009/11/27 21:22:23 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/11/27 15:04:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/25 13:58:40 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/11/24 15:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/11/24 15:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/11/24 15:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/11/24 15:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/11/24 15:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/11/24 15:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/11/24 15:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/11/24 15:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/11/24 15:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/11/18 12:37:18 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/18 12:37:18 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/18 12:37:17 | 00,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/15 20:00:47 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/13 17:04:23 | 00,020,688 | ---- | M] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/11/13 17:00:46 | 00,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/07 19:30:23 | 00,001,596 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Gradekeeper.lnk [2009/11/06 22:16:28 | 06,921,474 | -H-- | M] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\IconCache.db [2009/11/02 19:38:28 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Jesse\My Documents\Jesus Manrique1.doc(rhet. precis).doc [2009/10/30 18:52:26 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/29 09:19:21 | 00,843,187 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\SecurityCheck.exe [2009/11/29 08:58:29 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\RootRepeal.zip [2009/11/29 08:55:31 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Win32kDiag.exe [2009/11/29 08:51:29 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\NTREGOPT.lnk [2009/11/29 08:51:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\ERUNT.lnk [2009/11/29 08:23:51 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/11/29 08:23:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/11/29 08:22:16 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\tdlcmd.dll [2009/11/28 22:39:37 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\23hvrpq3.exe [2009/11/28 22:39:29 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\dds.scr [2009/11/28 22:38:38 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jesse\defogger_reenable [2009/11/28 22:38:11 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Defogger.exe [2009/11/28 19:57:34 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Internet Explorer.lnk [2009/11/28 18:32:31 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/28 17:52:37 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Spybot - Search & Destroy.lnk [2009/11/28 17:47:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\settings.dat [2009/11/28 08:00:19 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\housecall.guid.cache [2009/11/27 21:22:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/11/27 21:22:23 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/11/27 17:38:47 | 80,433,9712 | -HS- | C] () -- C:\hiberfil.sys [2009/11/07 19:30:23 | 00,001,596 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Gradekeeper.lnk [2009/11/01 22:39:11 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Jesse\My Documents\Jesus Manrique1.doc(rhet. precis).doc [2009/10/30 18:52:34 | 00,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2009/10/30 18:52:25 | 00,000,416 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [2009/08/29 18:41:12 | 00,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI [2009/02/21 12:01:27 | 00,000,147 | ---- | C] () -- C:\WINDOWS\Disney's Magic Artist.INI [2009/01/24 10:59:00 | 00,000,088 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI [2009/01/17 16:37:15 | 00,000,217 | ---- | C] () -- C:\WINDOWS\QTW.INI [2009/01/17 16:36:35 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll [2009/01/17 15:58:52 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\fusioncache.dat [2009/01/17 15:50:03 | 00,001,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/01/15 19:30:36 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/02/05 09:38:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/01/04 23:27:36 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009/11/17 13:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/10/30 19:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure [2009/10/30 18:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/09/23 13:51:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/16 01:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/10/30 18:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\DriverCure [2009/11/07 19:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Gradekeeper [2009/03/14 07:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Leadertech [2009/11/28 18:00:14 | 00,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job [2009/10/30 18:52:26 | 00,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 11/29/2009 9:20:11 AM - Run 1 OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Jesse\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.01 Mb Total Physical Memory | 272.16 Mb Available Physical Memory | 35.48% Memory free 1.46 Gb Paging File | 0.97 Gb Available in Paging File | 66.68% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 19.56 Gb Free Space | 52.51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1.86 Gb Total Space | 0.69 Gb Free Space | 37.31% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MANRIQUEZ Current User Name: Jesse Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5 "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1 "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0 "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal "{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon "{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe
  5. win32kdiag log Running from: C:\Documents and Settings\Jesse\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Jesse\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished! ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/29 09:05 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Here are the 2 logs requested thanks for taking the time to help me Maurice
  6. Hi I am having a problem with BKDR_TDSS.SM I run scans and I find it each and every time and Trendmicro "fixes" it but it always comesback. Malwarebytes scan found 26 items and it got rid of them and those are gone. The only problem is the BKDR one I don't know what to try next. I have already deleted the restore points. I dont know if this is related to the virus but this comp is running windows xp sp2 and when I try to update to sp3 it always fails and says that atapi.sys is running and it cannont proceed. any help would be so great. thanks in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.