Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #91  
Old November 15th, 2011, 09:56 PM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
Just ran TDSSkiller a second time as you suggested. Report:

15:56:19.0921 1444 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
15:56:20.0468 1444 ================================================== ==========
15:56:20.0468 1444 Current date / time: 2011/11/15 15:56:20.0468
15:56:20.0468 1444 SystemInfo:
15:56:20.0468 1444
15:56:20.0468 1444 OS Version: 5.1.2600 ServicePack: 3.0
15:56:20.0468 1444 Product type: Workstation
15:56:20.0468 1444 ComputerName: YOUR-6DD291YKRY
15:56:20.0468 1444 UserName: Administrator
15:56:20.0468 1444 Windows directory: C:\WINDOWS.1
15:56:20.0468 1444 System windows directory: C:\WINDOWS.1
15:56:20.0468 1444 Processor architecture: Intel x86
15:56:20.0468 1444 Number of processors: 2
15:56:20.0468 1444 Page size: 0x1000
15:56:20.0468 1444 Boot type: Safe boot with network
15:56:20.0468 1444 ================================================== ==========
15:56:22.0437 1444 Initialize success
15:56:30.0593 1536 ================================================== ==========
15:56:30.0593 1536 Scan started
15:56:30.0593 1536 Mode: Manual;
15:56:30.0593 1536 ================================================== ==========
15:56:31.0421 1536 Abiosdsk - ok
15:56:31.0468 1536 abp480n5 - ok
15:56:31.0546 1536 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS.1\system32\DRIVERS\ACPI.sys
15:56:31.0562 1536 ACPI - ok
15:56:31.0625 1536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS.1\system32\drivers\ACPIEC.sys
15:56:31.0625 1536 ACPIEC - ok
15:56:31.0671 1536 adpu160m - ok
15:56:31.0765 1536 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS.1\system32\drivers\aec.sys
15:56:31.0765 1536 aec - ok
15:56:31.0843 1536 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS.1\System32\drivers\afd.sys
15:56:31.0843 1536 AFD - ok
15:56:31.0875 1536 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS.1\system32\DRIVERS\agp440.sys
15:56:31.0875 1536 agp440 - ok
15:56:31.0906 1536 Aha154x - ok
15:56:31.0953 1536 aic78u2 - ok
15:56:31.0984 1536 aic78xx - ok
15:56:32.0062 1536 AliIde - ok
15:56:32.0109 1536 amsint - ok
15:56:32.0171 1536 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS.1\system32\DRIVERS\arp1394.sys
15:56:32.0171 1536 Arp1394 - ok
15:56:32.0203 1536 asc - ok
15:56:32.0234 1536 asc3350p - ok
15:56:32.0281 1536 asc3550 - ok
15:56:32.0359 1536 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS.1\system32\DRIVERS\asyncmac.sys
15:56:32.0359 1536 AsyncMac - ok
15:56:32.0390 1536 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS.1\system32\DRIVERS\atapi.sys
15:56:32.0406 1536 atapi - ok
15:56:32.0437 1536 Atdisk - ok
15:56:32.0500 1536 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS.1\system32\DRIVERS\atmarpc.sys
15:56:32.0500 1536 Atmarpc - ok
15:56:32.0593 1536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS.1\system32\DRIVERS\audstub.sys
15:56:32.0593 1536 audstub - ok
15:56:32.0656 1536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS.1\system32\drivers\Beep.sys
15:56:32.0671 1536 Beep - ok
15:56:32.0750 1536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS.1\system32\drivers\cbidf2k.sys
15:56:32.0750 1536 cbidf2k - ok
15:56:32.0796 1536 cd20xrnt - ok
15:56:32.0843 1536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS.1\system32\drivers\Cdaudio.sys
15:56:32.0843 1536 Cdaudio - ok
15:56:32.0921 1536 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS.1\system32\drivers\Cdfs.sys
15:56:32.0921 1536 Cdfs - ok
15:56:32.0953 1536 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS.1\system32\DRIVERS\cdrom.sys
15:56:32.0968 1536 Cdrom - ok
15:56:32.0984 1536 Changer - ok
15:56:33.0062 1536 CmdIde - ok
15:56:33.0140 1536 Cpqarray - ok
15:56:33.0250 1536 ctac32k (96018877b005220f5778e5d03b40fd0e) C:\WINDOWS.1\system32\drivers\ctac32k.sys
15:56:33.0250 1536 ctac32k - ok
15:56:33.0296 1536 ctaud2k (77065de7508e6565bd650e9005e6dd2a) C:\WINDOWS.1\system32\drivers\ctaud2k.sys
15:56:33.0328 1536 ctaud2k - ok
15:56:33.0343 1536 ctdvda2k - ok
15:56:33.0390 1536 ctprxy2k (80094bf478c6c314c14187e3ef4d61e6) C:\WINDOWS.1\system32\drivers\ctprxy2k.sys
15:56:33.0390 1536 ctprxy2k - ok
15:56:33.0437 1536 ctsfm2k (5a2a2c6a2676db21ab12146928dc2415) C:\WINDOWS.1\system32\drivers\ctsfm2k.sys
15:56:33.0453 1536 ctsfm2k - ok
15:56:33.0531 1536 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS.1\system32\DRIVERS\ctxusbm.sys
15:56:33.0531 1536 ctxusbm - ok
15:56:33.0562 1536 dac2w2k - ok
15:56:33.0609 1536 dac960nt - ok
15:56:33.0703 1536 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS.1\system32\DRIVERS\disk.sys
15:56:33.0703 1536 Disk - ok
15:56:33.0781 1536 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS.1\system32\drivers\dmboot.sys
15:56:33.0812 1536 dmboot - ok
15:56:33.0890 1536 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS.1\system32\drivers\dmio.sys
15:56:33.0890 1536 dmio - ok
15:56:33.0953 1536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS.1\system32\drivers\dmload.sys
15:56:33.0953 1536 dmload - ok
15:56:34.0015 1536 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS.1\system32\drivers\DMusic.sys
15:56:34.0015 1536 DMusic - ok
15:56:34.0125 1536 dpti2o - ok
15:56:34.0187 1536 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS.1\system32\drivers\drmkaud.sys
15:56:34.0187 1536 drmkaud - ok
15:56:34.0296 1536 E1000 (2476936f4994e9084ccfe75ed4f6226a) C:\WINDOWS.1\system32\DRIVERS\e1000325.sys
15:56:34.0296 1536 E1000 - ok
15:56:34.0375 1536 emupia (63bc4e9f583439d81b33604f76385902) C:\WINDOWS.1\system32\drivers\emupia2k.sys
15:56:34.0375 1536 emupia - ok
15:56:34.0484 1536 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS.1\system32\drivers\Fastfat.sys
15:56:34.0484 1536 Fastfat - ok
15:56:34.0531 1536 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS.1\system32\DRIVERS\fdc.sys
15:56:34.0531 1536 Fdc - ok
15:56:34.0578 1536 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS.1\system32\drivers\Fips.sys
15:56:34.0578 1536 Fips - ok
15:56:34.0640 1536 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS.1\system32\DRIVERS\flpydisk.sys
15:56:34.0640 1536 Flpydisk - ok
15:56:34.0687 1536 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS.1\system32\drivers\fltmgr.sys
15:56:34.0687 1536 FltMgr - ok
15:56:34.0718 1536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS.1\system32\drivers\Fs_Rec.sys
15:56:34.0718 1536 Fs_Rec - ok
15:56:34.0765 1536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS.1\system32\DRIVERS\ftdisk.sys
15:56:34.0765 1536 Ftdisk - ok
15:56:34.0796 1536 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS.1\system32\DRIVERS\gameenum.sys
15:56:34.0812 1536 gameenum - ok
15:56:34.0875 1536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS.1\system32\DRIVERS\GEARAspiWDM.sys
15:56:34.0875 1536 GEARAspiWDM - ok
15:56:34.0906 1536 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS.1\system32\DRIVERS\msgpc.sys
15:56:34.0906 1536 Gpc - ok
15:56:35.0015 1536 ha10kx2k (b79f128a51d00eb111ff690830786b38) C:\WINDOWS.1\system32\drivers\ha10kx2k.sys
15:56:35.0078 1536 ha10kx2k - ok
15:56:35.0171 1536 hap16v2k (23f66d96371e17145116227bab799d8b) C:\WINDOWS.1\system32\drivers\hap16v2k.sys
15:56:35.0171 1536 hap16v2k - ok
15:56:35.0265 1536 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS.1\system32\DRIVERS\hidusb.sys
15:56:35.0265 1536 hidusb - ok
15:56:35.0343 1536 hpn - ok
15:56:35.0468 1536 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS.1\system32\Drivers\HTTP.sys
15:56:35.0468 1536 HTTP - ok
15:56:35.0531 1536 i2omgmt - ok
15:56:35.0593 1536 i2omp - ok
15:56:35.0656 1536 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS.1\system32\DRIVERS\i8042prt.sys
15:56:35.0656 1536 i8042prt - ok
15:56:35.0734 1536 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS.1\system32\DRIVERS\imapi.sys
15:56:35.0734 1536 Imapi - ok
15:56:35.0796 1536 ini910u - ok
15:56:35.0843 1536 IntelIde - ok
15:56:35.0937 1536 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS.1\system32\DRIVERS\intelppm.sys
15:56:35.0937 1536 intelppm - ok
15:56:36.0000 1536 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS.1\system32\drivers\ip6fw.sys
15:56:36.0000 1536 ip6fw - ok
15:56:36.0078 1536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS.1\system32\DRIVERS\ipfltdrv.sys
15:56:36.0078 1536 IpFilterDriver - ok
15:56:36.0140 1536 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS.1\system32\DRIVERS\ipinip.sys
15:56:36.0140 1536 IpInIp - ok
15:56:36.0234 1536 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS.1\system32\DRIVERS\ipnat.sys
15:56:36.0234 1536 IpNat - ok
15:56:36.0296 1536 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS.1\system32\DRIVERS\ipsec.sys
15:56:36.0296 1536 IPSec - ok
15:56:36.0343 1536 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS.1\system32\DRIVERS\irenum.sys
15:56:36.0343 1536 IRENUM - ok
15:56:36.0406 1536 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS.1\system32\DRIVERS\isapnp.sys
15:56:36.0406 1536 isapnp - ok
15:56:36.0484 1536 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS.1\system32\DRIVERS\kbdclass.sys
15:56:36.0484 1536 Kbdclass - ok
15:56:36.0531 1536 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS.1\system32\drivers\kmixer.sys
15:56:36.0531 1536 kmixer - ok
15:56:36.0593 1536 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS.1\system32\drivers\KSecDD.sys
15:56:36.0593 1536 KSecDD - ok
15:56:36.0656 1536 lbrtfdc - ok
15:56:36.0765 1536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS.1\system32\drivers\mnmdd.sys
15:56:36.0765 1536 mnmdd - ok
15:56:36.0843 1536 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS.1\system32\drivers\Modem.sys
15:56:36.0843 1536 Modem - ok
15:56:36.0906 1536 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS.1\system32\DRIVERS\mouclass.sys
15:56:36.0906 1536 Mouclass - ok
15:56:36.0968 1536 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS.1\system32\DRIVERS\mouhid.sys
15:56:36.0968 1536 mouhid - ok
15:56:37.0000 1536 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS.1\system32\drivers\MountMgr.sys
15:56:37.0000 1536 MountMgr - ok
15:56:37.0125 1536 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS.1\system32\DRIVERS\MpFilter.sys
15:56:37.0125 1536 MpFilter - ok
15:56:37.0140 1536 MpKsl1fee50b2 - ok
15:56:37.0187 1536 MpKsl41f76aae - ok
15:56:37.0218 1536 MpKsl812b047e - ok
15:56:37.0234 1536 MpKslffbc0031 - ok
15:56:37.0281 1536 mraid35x - ok
15:56:37.0343 1536 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS.1\system32\DRIVERS\mrxdav.sys
15:56:37.0343 1536 MRxDAV - ok
15:56:37.0437 1536 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS.1\system32\DRIVERS\mrxsmb.sys
15:56:37.0468 1536 MRxSmb - ok
15:56:37.0515 1536 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS.1\system32\drivers\Msfs.sys
15:56:37.0515 1536 Msfs - ok
15:56:37.0593 1536 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS.1\system32\drivers\MSKSSRV.sys
15:56:37.0593 1536 MSKSSRV - ok
15:56:37.0656 1536 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS.1\system32\drivers\MSPCLOCK.sys
15:56:37.0656 1536 MSPCLOCK - ok
15:56:37.0718 1536 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS.1\system32\drivers\MSPQM.sys
15:56:37.0718 1536 MSPQM - ok
15:56:37.0765 1536 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS.1\system32\DRIVERS\mssmbios.sys
15:56:37.0765 1536 mssmbios - ok
15:56:37.0828 1536 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS.1\system32\drivers\Mup.sys
15:56:37.0828 1536 Mup - ok
15:56:37.0921 1536 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS.1\system32\drivers\NDIS.sys
15:56:37.0937 1536 NDIS - ok
15:56:38.0000 1536 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS.1\system32\DRIVERS\ndistapi.sys
15:56:38.0000 1536 NdisTapi - ok
15:56:38.0046 1536 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS.1\system32\DRIVERS\ndisuio.sys
15:56:38.0046 1536 Ndisuio - ok
15:56:38.0078 1536 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS.1\system32\DRIVERS\ndiswan.sys
15:56:38.0078 1536 NdisWan - ok
15:56:38.0156 1536 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS.1\system32\drivers\NDProxy.sys
15:56:38.0156 1536 NDProxy - ok
15:56:38.0203 1536 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS.1\system32\DRIVERS\netbios.sys
15:56:38.0203 1536 NetBIOS - ok
15:56:38.0250 1536 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS.1\system32\DRIVERS\netbt.sys
15:56:38.0250 1536 NetBT - ok
15:56:38.0343 1536 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS.1\system32\DRIVERS\nic1394.sys
15:56:38.0343 1536 NIC1394 - ok
15:56:38.0390 1536 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS.1\system32\drivers\Npfs.sys
15:56:38.0390 1536 Npfs - ok
15:56:38.0453 1536 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS.1\system32\drivers\Ntfs.sys
15:56:38.0484 1536 Ntfs - ok
15:56:38.0578 1536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS.1\system32\drivers\Null.sys
15:56:38.0578 1536 Null - ok
15:56:38.0687 1536 nv (bb36699f465955a33c313fe64f3651b0) C:\WINDOWS.1\system32\DRIVERS\nv4_mini.sys
15:56:38.0734 1536 nv - ok
15:56:38.0796 1536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS.1\system32\DRIVERS\nwlnkflt.sys
15:56:38.0812 1536 NwlnkFlt - ok
15:56:38.0859 1536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS.1\system32\DRIVERS\nwlnkfwd.sys
15:56:38.0859 1536 NwlnkFwd - ok
15:56:38.0906 1536 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS.1\system32\DRIVERS\ohci1394.sys
15:56:38.0906 1536 ohci1394 - ok
15:56:38.0984 1536 ossrv (0304878cc20c34734c40092b277c6679) C:\WINDOWS.1\system32\drivers\ctoss2k.sys
15:56:38.0984 1536 ossrv - ok
15:56:39.0046 1536 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS.1\system32\DRIVERS\parport.sys
15:56:39.0046 1536 Parport - ok
15:56:39.0093 1536 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS.1\system32\drivers\PartMgr.sys
15:56:39.0093 1536 PartMgr - ok
15:56:39.0187 1536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS.1\system32\drivers\ParVdm.sys
15:56:39.0187 1536 ParVdm - ok
15:56:39.0218 1536 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS.1\system32\DRIVERS\pci.sys
15:56:39.0218 1536 PCI - ok
15:56:39.0281 1536 PCIDump - ok
15:56:39.0343 1536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS.1\system32\DRIVERS\pciide.sys
15:56:39.0359 1536 PCIIde - ok
15:56:39.0421 1536 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS.1\system32\drivers\Pcmcia.sys
15:56:39.0421 1536 Pcmcia - ok
15:56:39.0468 1536 PDCOMP - ok
15:56:39.0500 1536 PDFRAME - ok
15:56:39.0531 1536 PDRELI - ok
15:56:39.0562 1536 PDRFRAME - ok
15:56:39.0609 1536 perc2 - ok
15:56:39.0640 1536 perc2hib - ok
15:56:39.0718 1536 PfModNT - ok
15:56:39.0796 1536 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS.1\system32\DRIVERS\raspptp.sys
15:56:39.0796 1536 PptpMiniport - ok
15:56:39.0828 1536 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS.1\system32\DRIVERS\processr.sys
15:56:39.0828 1536 Processor - ok
15:56:39.0875 1536 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS.1\system32\DRIVERS\psched.sys
15:56:39.0875 1536 PSched - ok
15:56:39.0921 1536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS.1\system32\DRIVERS\ptilink.sys
15:56:39.0921 1536 Ptilink - ok
15:56:39.0953 1536 ql1080 - ok
15:56:39.0984 1536 Ql10wnt - ok
15:56:40.0046 1536 ql12160 - ok
15:56:40.0078 1536 ql1240 - ok
15:56:40.0109 1536 ql1280 - ok
15:56:40.0156 1536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS.1\system32\DRIVERS\rasacd.sys
15:56:40.0156 1536 RasAcd - ok
15:56:40.0203 1536 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS.1\system32\DRIVERS\rasl2tp.sys
15:56:40.0203 1536 Rasl2tp - ok
15:56:40.0250 1536 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS.1\system32\DRIVERS\raspppoe.sys
15:56:40.0250 1536 RasPppoe - ok
15:56:40.0296 1536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS.1\system32\DRIVERS\raspti.sys
15:56:40.0296 1536 Raspti - ok
15:56:40.0343 1536 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS.1\system32\DRIVERS\rdbss.sys
15:56:40.0343 1536 Rdbss - ok
15:56:40.0375 1536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS.1\system32\DRIVERS\RDPCDD.sys
15:56:40.0375 1536 RDPCDD - ok
15:56:40.0484 1536 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS.1\system32\drivers\RDPWD.sys
15:56:40.0484 1536 RDPWD - ok
15:56:40.0562 1536 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS.1\system32\DRIVERS\redbook.sys
15:56:40.0562 1536 redbook - ok
15:56:40.0718 1536 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS.1\system32\DRIVERS\secdrv.sys
15:56:40.0718 1536 Secdrv - ok
15:56:40.0781 1536 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS.1\system32\DRIVERS\serenum.sys
15:56:40.0796 1536 serenum - ok
15:56:40.0828 1536 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS.1\system32\DRIVERS\serial.sys
15:56:40.0843 1536 Serial - ok
15:56:40.0875 1536 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS.1\system32\drivers\Sfloppy.sys
15:56:40.0875 1536 Sfloppy - ok
15:56:40.0921 1536 Simbad - ok
15:56:40.0953 1536 Sparrow - ok
15:56:41.0000 1536 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS.1\system32\drivers\splitter.sys
15:56:41.0015 1536 splitter - ok
15:56:41.0093 1536 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS.1\system32\DRIVERS\sr.sys
15:56:41.0093 1536 sr - ok
15:56:41.0187 1536 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS.1\system32\DRIVERS\srv.sys
15:56:41.0203 1536 Srv - ok
15:56:41.0265 1536 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS.1\system32\DRIVERS\swenum.sys
15:56:41.0265 1536 swenum - ok
15:56:41.0296 1536 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS.1\system32\drivers\swmidi.sys
15:56:41.0312 1536 swmidi - ok
15:56:41.0359 1536 symc810 - ok
15:56:41.0406 1536 symc8xx - ok
15:56:41.0437 1536 sym_hi - ok
15:56:41.0468 1536 sym_u3 - ok
15:56:41.0531 1536 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS.1\system32\drivers\sysaudio.sys
15:56:41.0531 1536 sysaudio - ok
15:56:41.0625 1536 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS.1\system32\DRIVERS\tcpip.sys
15:56:41.0640 1536 Tcpip - ok
15:56:41.0687 1536 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS.1\system32\drivers\TDPIPE.sys
15:56:41.0687 1536 TDPIPE - ok
15:56:41.0750 1536 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS.1\system32\drivers\TDTCP.sys
15:56:41.0750 1536 TDTCP - ok
15:56:41.0796 1536 TermDD (88155247177638048422893737429d9e) C:\WINDOWS.1\system32\DRIVERS\termdd.sys
15:56:41.0796 1536 TermDD - ok
15:56:41.0859 1536 TosIde - ok
15:56:41.0921 1536 TrueSight - ok
15:56:41.0984 1536 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS.1\system32\drivers\Udfs.sys
15:56:41.0984 1536 Udfs - ok
15:56:42.0031 1536 ultra - ok
15:56:42.0125 1536 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS.1\system32\DRIVERS\update.sys
15:56:42.0140 1536 Update - ok
15:56:42.0203 1536 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS.1\system32\DRIVERS\usbccgp.sys
15:56:42.0203 1536 usbccgp - ok
15:56:42.0250 1536 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS.1\system32\DRIVERS\usbehci.sys
15:56:42.0250 1536 usbehci - ok
15:56:42.0281 1536 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS.1\system32\DRIVERS\usbhub.sys
15:56:42.0296 1536 usbhub - ok
15:56:42.0328 1536 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS.1\system32\DRIVERS\usbprint.sys
15:56:42.0343 1536 usbprint - ok
15:56:42.0390 1536 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS.1\system32\DRIVERS\usbscan.sys
15:56:42.0390 1536 usbscan - ok
15:56:42.0468 1536 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS.1\system32\DRIVERS\USBSTOR.SYS
15:56:42.0468 1536 USBSTOR - ok
15:56:42.0500 1536 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS.1\system32\DRIVERS\usbuhci.sys
15:56:42.0500 1536 usbuhci - ok
15:56:42.0546 1536 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS.1\System32\drivers\vga.sys
15:56:42.0546 1536 VgaSave - ok
15:56:42.0578 1536 ViaIde - ok
15:56:42.0625 1536 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS.1\system32\drivers\VolSnap.sys
15:56:42.0625 1536 VolSnap - ok
15:56:42.0687 1536 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS.1\system32\DRIVERS\wanarp.sys
15:56:42.0687 1536 Wanarp - ok
15:56:42.0718 1536 WDICA - ok
15:56:42.0781 1536 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS.1\system32\drivers\wdmaud.sys
15:56:42.0781 1536 wdmaud - ok
15:56:42.0984 1536 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS.1\system32\DRIVERS\WudfPf.sys
15:56:42.0984 1536 WudfPf - ok
15:56:43.0046 1536 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS.1\system32\DRIVERS\wudfrd.sys
15:56:43.0046 1536 WudfRd - ok
15:56:43.0125 1536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:56:43.0328 1536 \Device\Harddisk0\DR0 - ok
15:56:43.0343 1536 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
15:56:48.0937 1536 \Device\Harddisk1\DR2 - ok
15:56:48.0953 1536 Boot (0x1200) (a9a8f1a36c3b7cc9658b12d14e38eb78) \Device\Harddisk0\DR0\Partition0
15:56:48.0953 1536 \Device\Harddisk0\DR0\Partition0 - ok
15:56:48.0984 1536 Boot (0x1200) (afb4f0018d4c4de6f3a49834f78f52f5) \Device\Harddisk1\DR2\Partition0
15:56:48.0984 1536 \Device\Harddisk1\DR2\Partition0 - ok
15:56:49.0000 1536 ================================================== ==========
15:56:49.0000 1536 Scan finished
15:56:49.0000 1536 ================================================== ==========
15:56:49.0031 1528 Detected object count: 0
15:56:49.0031 1528 Actual detected object count: 0
Reply With Quote


  #92  
Old November 15th, 2011, 10:05 PM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
I apologize. I totally missed that code box. Now I see what you were referring to. I just followed the directions. Here is the report:
========== OTL ==========
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\~6DSS92c31Apgjkr moved successfully.
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\~6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\6DSS92c31Apgjk moved successfully.
C:\WINDOWS.1\002134_.tmp deleted successfully.
C:\WINDOWS.1\005233_.tmp deleted successfully.
C:\WINDOWS.1\SET3.tmp deleted successfully.
C:\WINDOWS.1\SET7.tmp deleted successfully.
C:\WINDOWS.1\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS.1\System32\PerfStringBackup.TMP deleted successfully.
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C84 0-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C84 0-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFA C-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 11152011_160557
Reply With Quote
  #93  
Old November 15th, 2011, 10:33 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
The Master boot record is niw clean. That's a very good thing.

[quote]If I go into regular windows and back up my documents, etc. to a flash drive, will it also copy any virus? [/code]

Before you attempt to go into Regular Windows, we need to be sure nothing is set to start from that user Profile which would reinfect you.

Please sign into Safe Mode with networking under your usual User profile and run Otl.exe to perform a scan from that location. A lot of startups don't start up in Safe Mode, but they do in Regular Windows mode.

If you have a virus present in a folder and you copy that folder, then the virus will be copied too, unless your Anti virus flags it. But things have to have a loading method to become active. Just the presence of a file in the type of folders you want to copy is not enough. So it depends in what's in there and if you run it manually. As an example, a bad screensaver or installer for a program.
Reply With Quote
  #94  
Old November 16th, 2011, 12:50 AM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
Ok. Logged into my regular profile in Safe Mode with Networking. Ran OTL.
Here is report:
OTL logfile created on: 11/15/2011 6:47:45 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\PACE\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.69 Mb Total Physical Memory | 259.47 Mb Available Physical Memory | 50.81% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 31.35 Gb Free Space | 28.05% Space Free | Partition Type: NTFS
Drive F: | 15.11 Gb Total Space | 15.10 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: YOUR-6DD291YKRY | User Name: PACE | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 18:46:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PACE\Desktop\OTL.exe
PRC - [2011/11/15 07:57:47 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 07:57:47 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/06/13 18:23:59 | 006,271,136 | ---- | M] () -- C:\WINDOWS.1\system32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS.1\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/01/21 03:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 03:03:42 | 000,822,416 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 01:05:14 | 000,184,656 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 00:06:02 | 000,116,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 00:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 00:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 00:05:12 | 000,497,376 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 00:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\CTAC32K.SYS -- (ctac32k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-162531612-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-162531612-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1715567821-162531612-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-162531612-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.1\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/15 07:57:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/15 07:57:50 | 000,000,000 | ---D | M]

[2010/08/15 17:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PACE\Application Data\Mozilla\Extensions
[2010/08/21 14:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PACE\Application Data\Mozilla\Firefox\Profiles\4j32c7s1.default\ext ensions
[2011/11/14 17:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 12:23:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/03 08:57:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/02 12:22:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS.1\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS.1\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS.1\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS.1\system32\spool\drivers\w32x86\3\hpzts b10.exe (HP)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.1\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS.1\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1715567821-162531612-839522115-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS.1\System32\Macromed\Flash\FlashUtil10s_ Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-162531612-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1715567821-162531612-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1282397115765 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{55116150-CC70-47E9-9269-25F7B51AA89F}: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS.1\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.1\system32\userinit.exe) -C:\WINDOWS.1\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PACE\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PACE\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 18:46:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PACE\Desktop\OTL.exe
[2011/11/15 08:14:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS.1\PIF
[2011/11/15 08:07:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/14 17:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/13 10:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PACE\Desktop\RK_Quarantine
[2011/10/25 19:00:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\PACE\Recent
[2011/10/25 18:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PACE\Start Menu\Programs\System Restore
[2010/08/11 19:41:40 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS.1\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/11/15 18:49:57 | 000,000,424 | -H-- | M] () -- C:\WINDOWS.1\tasks\MP Scheduled Scan.job
[2011/11/15 18:46:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PACE\Desktop\OTL.exe
[2011/11/15 18:44:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat
[2011/11/15 07:59:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS.1\System32\d3d9caps.dat
[2011/11/14 17:24:35 | 000,002,206 | -H-- | M] () -- C:\WINDOWS.1\System32\wpa.dbl
[2011/11/13 10:25:02 | 004,481,358 | ---- | M] () -- C:\WINDOWS.1\{00000003-00000000-00000002-00001102-00000004-10071102}.CDF
[2011/10/25 18:41:08 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\PACE\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/25 18:37:59 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\PACE\Desktop\System Restore.lnk
[2011/10/24 18:16:46 | 000,031,048 | ---- | M] () -- C:\WINDOWS.1\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/10/24 18:16:46 | 000,031,048 | ---- | M] () -- C:\WINDOWS.1\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/10/24 18:16:46 | 000,031,008 | ---- | M] () -- C:\WINDOWS.1\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/10/24 18:16:46 | 000,031,008 | ---- | M] () -- C:\WINDOWS.1\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/10/24 18:16:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS.1\System32\settingsbkup.sfm
[2011/10/24 18:16:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS.1\System32\settings.sfm
[2011/10/24 18:16:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS.1\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/10/24 18:16:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS.1\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat

========== Files Created - No Company Name ==========

[2011/11/13 11:03:44 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\PACE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/13 11:03:43 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\PACE\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/13 11:03:43 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\PACE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/13 11:03:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\PACE\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/13 11:03:42 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Windows Messenger.lnk
[2011/11/13 11:03:40 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\MSN Explorer.lnk
[2011/11/13 11:03:39 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/13 11:03:28 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Apple Software Update.lnk
[2011/11/13 11:03:27 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/25 18:41:06 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\PACE\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/25 18:37:59 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\PACE\Desktop\System Restore.lnk
[2011/02/22 06:36:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS.1\System32\d3d9caps.dat
[2010/09/25 14:22:41 | 000,009,216 | -H-- | C] () -- C:\Documents and Settings\PACE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/21 08:41:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS.1\System32\secupd.dat
[2010/08/15 17:06:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS.1\nsreg.dat
[2010/08/15 16:51:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS.1\VPC32.INI
[2010/08/11 19:42:27 | 000,000,288 | ---- | C] () -- C:\WINDOWS.1\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2010/08/11 19:42:27 | 000,000,288 | ---- | C] () -- C:\WINDOWS.1\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2010/08/11 19:41:40 | 000,248,091 | R--- | C] () -- C:\WINDOWS.1\System32\ctsbas2w.dat
[2010/08/11 19:41:40 | 000,232,723 | R--- | C] () -- C:\WINDOWS.1\System32\ctstatic.dat
[2010/08/11 19:41:40 | 000,190,720 | R--- | C] () -- C:\WINDOWS.1\System32\ctdlang.dat
[2010/08/11 19:41:40 | 000,138,816 | R--- | C] () -- C:\WINDOWS.1\System32\ctbas2w.dat
[2010/08/11 19:41:40 | 000,053,674 | R--- | C] () -- C:\WINDOWS.1\System32\ctdaught.dat
[2010/08/11 19:41:08 | 000,066,980 | RH-- | C] () -- C:\WINDOWS.1\System32\Emu10kx.ini
[2010/08/11 19:41:08 | 000,000,029 | RH-- | C] () -- C:\WINDOWS.1\System32\ctzapxx.ini
[2010/08/11 19:20:24 | 000,007,251 | -H-- | C] () -- C:\WINDOWS.1\hpdj5700.ini
[2010/08/11 19:16:50 | 000,000,414 | -H-- | C] () -- C:\WINDOWS.1\hpbvspst.ini
[2010/08/11 19:10:13 | 000,000,382 | ---- | C] () -- C:\WINDOWS.1\ODBC.INI
[2010/08/11 19:00:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS.1\bootstat.dat
[2010/08/11 18:54:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS.1\System32\emptyregdb.dat
[2010/08/11 11:48:51 | 000,004,249 | ---- | C] () -- C:\WINDOWS.1\ODBCINST.INI
[2010/08/11 11:47:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS.1\System32\FNTCACHE.DAT
[2004/03/17 08:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS.1\hpfins_s04_main.dat
[2004/03/17 08:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS.1\hpfmdl_s04_main.dat
[2003/10/07 14:39:44 | 000,002,356 | ---- | C] () -- C:\WINDOWS.1\System32\OEMINFO.INI
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS.1\System32\mlang.dat
[2003/03/31 07:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS.1\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS.1\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS.1\System32\dssec.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS.1\System32\mib.bin
[2003/03/31 07:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS.1\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS.1\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS.1\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS.1\System32\noise.dat
[2003/02/11 07:58:50 | 000,126,976 | ---- | C] () -- C:\WINDOWS.1\System32\e1000msg.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS.1\System32\OUTLPERF.INI
[2003/01/06 03:42:28 | 000,224,644 | ---- | C] () -- C:\WINDOWS.1\System32\CTSBASW.DAT
[2003/01/06 03:42:28 | 000,110,820 | ---- | C] () -- C:\WINDOWS.1\System32\CTBASICW.DAT
[2002/11/04 21:05:50 | 000,184,320 | ---- | C] () -- C:\WINDOWS.1\PSCONV.EXE
[2002/09/15 23:42:48 | 000,005,515 | ---- | C] () -- C:\WINDOWS.1\System32\ENSDEF.INI
[2002/06/13 20:19:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS.1\System32\KILL.INI
[2002/02/07 09:29:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS.1\System32\oembios.bin
[2002/02/07 09:27:14 | 000,004,742 | ---- | C] () -- C:\WINDOWS.1\System32\oembios.dat
[2001/09/21 04:08:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS.1\System32\KILLAPPS.EXE
[2001/06/27 22:05:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS.1\System32\REGPLIB.EXE

< End of report >
Reply With Quote
  #95  
Old November 16th, 2011, 02:07 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Good.

Let's clean up a few things now in your usual profile, shown in this report. Run OTL.exe
Do not run a scan.
Copy the contents of the code box and paste them into the Custom scans/fixes box at the bottom. Then click the Run Fix button. When otl has finished, a log will open. Please post the contents of that log here.

Code:
:OTL

[2011/02/02 12:23:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/03 08:57:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/10/25 18:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PACE\Start Menu\Programs\System Restore
[2011/10/25 18:41:08 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\PACE\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/25 18:37:59 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\PACE\Desktop\System Restore.lnk
Reply With Quote
  #96  
Old November 16th, 2011, 02:24 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Then, while in Safe Mode with Networking in your usual profile. let's run one more tool to see if it finds any other leftovers. If combofix reboots you, allow the system to boot back into regular windows.

Download the latest version of Combofix.exe from here and save it to your Desktop.

Doubleclick on combofix.exe (Vista and Windows 7 Users, right click on combofix and then click on run as administrator) and the scan will start. Go ahead and install the Recovery Console if you are asked to do so (this doesnt apply to Vista or Windows 7). When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

NB Please disable your antivirus program as it may interfere with ComboFix's routines.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

------------

You may find that your computer is running more smoothly after this cleanup. Even if you no longer want to use it on a regular basis, having a spare system, if clean, can be helpful. What if you hadn't had your laptop during our work?
Reply With Quote
  #97  
Old November 16th, 2011, 02:50 PM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
Ok. Will do when I get home from work tonight. Keeping fingers crossed everything works smoothly!
Reply With Quote
  #98  
Old November 17th, 2011, 02:09 AM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Documents and Settings\PACE\Start Menu\Programs\System Restore folder moved successfully.
C:\Documents and Settings\PACE\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
C:\Documents and Settings\PACE\Desktop\System Restore.lnk moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 11162011_201053
Reply With Quote
  #99  
Old November 17th, 2011, 02:25 AM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
ComboFix Report:

ComboFix 11-11-16.02 - PACE 11/16/2011 20:17:31.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.231 [GMT -5:00]
Running from: c:\documents and settings\PACE\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\OLD934.tmp
c:\program files\Internet Explorer\OLD93A.tmp
c:\program files\Internet Explorer\SET361.tmp
c:\program files\Internet Explorer\SET362.tmp
c:\program files\Internet Explorer\SET3CF.tmp
c:\program files\Internet Explorer\SET3D0.tmp
c:\program files\Internet Explorer\SET4B.tmp
c:\program files\Internet Explorer\SET98.tmp
c:\program files\Internet Explorer\SET99.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 01:08 . 2011-11-17 01:08 56200 ----a-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{621055EF-53FD-400F-AA47-31337C103B9F}\offreg.dll
2011-11-15 13:14 . 2011-11-15 13:14 -------- d--h--w- c:\windows.1\PIF
2011-11-15 13:07 . 2011-11-15 13:07 -------- d-----w- C:\_OTL
2011-11-14 22:30 . 2011-11-14 22:30 -------- d-----w- c:\program files\ESET
2011-11-11 14:25 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{621055EF-53FD-400F-AA47-31337C103B9F}\mpengine.dll
2011-10-26 11:01 . 2011-10-26 11:04 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-10-07 03:48 . 2011-07-09 12:04 6668624 ----a-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows.1\system32\uiautomationcore.dll
2011-09-26 15:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows.1\system32\oleacc.dll
2011-09-26 15:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows.1\system32\oleaccrc.dll
2011-09-09 09:12 . 2003-03-31 12:00 599040 ----a-w- c:\windows.1\system32\crypt32.dll
2011-09-06 13:20 . 2003-03-31 12:00 1858944 ----a-w- c:\windows.1\system32\win32k.sys
2009-09-13 04:05 . 2009-09-13 04:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 04:06 . 2009-09-13 04:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 04:06 . 2009-09-13 04:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 04:06 . 2009-09-13 04:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 04:06 . 2009-09-13 04:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 04:07 . 2009-09-13 04:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 04:06 . 2009-09-13 04:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 04:06 . 2009-09-13 04:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 18:33 . 2009-08-14 18:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 04:06 . 2009-09-13 04:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows.1\System32\NvCpl.dll " [2003-06-13 4734976]
"nwiz"="nwiz.exe" [2003-06-13 323584]
"HPDJ Taskbar Utility"="c:\windows.1\System32\spool\drivers\w32x 86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"CTHelper"="CTHELPER.EXE" [2002-12-19 28672]
"AsioReg"="CTASIO.DLL" [2002-11-08 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows.1\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
S1 MpKsl1fee50b2;MpKsl1fee50b2;\??\c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E239A219-AA1D-4FC0-A5FD-6BA8308F716C}\MpKsl1fee50b2.sys --> c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E239A219-AA1D-4FC0-A5FD-6BA8308F716C}\MpKsl1fee50b2.sys [?]
S1 MpKsl41f76aae;MpKsl41f76aae;\??\c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7BF130F7-31FD-4300-983C-90249646037F}\MpKsl41f76aae.sys --> c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7BF130F7-31FD-4300-983C-90249646037F}\MpKsl41f76aae.sys [?]
S1 MpKsl812b047e;MpKsl812b047e;\??\c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9ECD28A4-C996-4735-A8E2-AB066F0EB32C}\MpKsl812b047e.sys --> c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9ECD28A4-C996-4735-A8E2-AB066F0EB32C}\MpKsl812b047e.sys [?]
S1 MpKslffbc0031;MpKslffbc0031;\??\c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4A47EC7-0921-4481-B776-BDF2BA2EC196}\MpKslffbc0031.sys --> c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4A47EC7-0921-4481-B776-BDF2BA2EC196}\MpKslffbc0031.sys [?]
S3 TrueSight;TrueSight;\??\c:\windows.1\system32\driv ers\TrueSight.sys --> c:\windows.1\system32\drivers\TrueSight.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-05 c:\windows.1\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-11-17 c:\windows.1\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
FF - ProfilePath - c:\documents and settings\PACE\Application Data\Mozilla\Firefox\Profiles\4j32c7s1.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
Completion time: 2011-11-16 20:27:17
ComboFix-quarantined-files.txt 2011-11-17 01:27
.
Pre-Run: 33,572,421,632 bytes free
Post-Run: 34,429,300,736 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S.1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Mic rosoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Mic rosoft Windows XP Home Edition" /fastdetect
.
- - End Of File - - 039C05F2756AD6794442E275924CAC2E
Reply With Quote
  #100  
Old November 17th, 2011, 02:27 AM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
I shut down. Am I good to go now??
Reply With Quote
  #101  
Old November 17th, 2011, 02:18 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Just about. Microsoft xsecurity essentials adds certain drivers when t updates. These are not needed and can really slow down your system. Let's remove them. But more will be created when the program updates itself.

Copy the contents of the code box to notepad.
Name the file out.batch
Save as Type: All files
Doubole click on out.bat to run it.

Code:
sc delete MpKsl1fee50b2
sc delete MpKsl41f76aae
sc delete MpKsl812b047e
sc delete MpKslffbc0031
Then boot into regular Windows Mode in your usual profile and uninstall the older java versions and update java as per the instuctions previously given.

Open the various folders on your start menu and be sure you can see the files inside. Open C:\windows.1 and be sure you can see the files inside. Let me know.

Did you want to try to repair Internet Explorer?
Reply With Quote
  #102  
Old November 17th, 2011, 02:29 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
If you want to see abut fixing Internet Explorer, oince back in Regular Windows, Go to control panel >Add or remove programs. Uninstall IE8.

Reboot.

Then go here to downoad the Internet Explorer 8 installer from Microsoft.
http://www.microsoft.com/download/en/details.aspx?id=43

Install IE 8 and reboot.
Reply With Quote
  #103  
Old November 18th, 2011, 01:31 AM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
When I go to Add/Remove programs, there are no programs at all showing up. If I go to Start and click on say Microsoft Office, the programs are there. My pictures and documents are there, my music is not (the music I downloaded from Amazon). I might as well fix IE but again, can't get any files under add/remove programs.
Reply With Quote
  #104  
Old November 18th, 2011, 01:38 AM
dmatt dmatt is offline
Member
 
Join Date: Nov 2011
Posts: 79
Also, under Start, some of my folders under All Programs, such as Microsoft Office, Quick time, Adobe Reader X are shaded. Startup under All Programs is empty. I can do the open, c:windows 1 and files show up.
Reply With Quote
  #105  
Old November 19th, 2011, 12:41 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Shaded files are files with the hidden attribute set. You have the show all files option selected, so you can see them, but the shading indicates they are hidden files.

For the empty add remove programs, here's a link to a Microsoft Fixit. Save it and then double click on it to run it.

http://go.microsoft.com/?linkid=9750246

Let me know if this resolves the issue.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:47 PM.